Mercurial > hg > fapweb

diff msitegen.inc.php @ 184:1b30c2107e5b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add function for validating input with different definable conditions. Use this functionality in register.inc.php. Define field sizes.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 08 Nov 2013 18:54:54 +0200
parents a3f0f2a3551a
children 96ab189e5c03
line wrap: on
line diff
--- a/msitegen.inc.php	Fri Nov 08 12:08:16 2013 +0200
+++ b/msitegen.inc.php	Fri Nov 08 18:54:54 2013 +0200
@@ -9,11 +9,19 @@
 $errorSet = FALSE;
 $errorMsg = "";
 
+// Value types
 define("VT_STR", 1);
 define("VT_INT", 2);
 define("VT_BOOL", 3);
 define("VT_TEXT", 4);
 
+// Validation check types
+define("CHK_TYPE", 1);
+define("CHK_ISLT", 2);
+define("CHK_ISGT", 3);
+define("CHK_ISEQ", 4);
+define("CHK_CUSTOM", 5);
+
 
 function stDebug($msg)
 {
@@ -206,15 +214,97 @@
 }
 
 
-function stChkDataItem($name)
+function stErrorStrF($msg, $data)
 {
-  return !isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1;
+  stError($msg);
+  return FALSE;
 }
 
 
-function stChkRequestItem($name)
+//
+// Check and validate one item from $_REQUEST[], based on
+// list of validation conditions. For example:
+//
+//  stChkRequestItem("name", FALSE,
+//    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
+//    array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."),
+//    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."));
+//
+function stChkRequestItem($name, &$sdata)
 {
-  return isset($_REQUEST[$name]);
+  if (!isset($_REQUEST[$name]))
+    return FALSE;
+
+  $data = trim($_REQUEST[$name]);
+  $slen = strlen($data);
+
+  if ($sdata !== FALSE)
+    $sdata = $data;
+
+  // Go through list of validation checks
+  $argc = func_num_args();
+  $argv = func_get_args();
+
+  for ($argn = 2; $argn < $argc; $argn++)
+  {
+    // Act according to check type
+    $check = $argv[$argn];
+    switch ($check[0])
+    {
+      case CHK_TYPE:
+        // Check type of the data
+        switch ($check[1])
+        {
+          case VT_STR:
+            if ($slen == 0)
+              return stErrorStrF($check[2], $data);
+            break;
+
+          case VT_INT:
+          case VT_BOOL:
+            if ($slen == 0 || !is_numeric($data))
+              return stErrorStrF($check[2], $data);
+            break;
+        }
+        break;
+
+      case CHK_ISLT:
+      case CHK_ISGT:
+      case CHK_ISEQ:
+        // Check length or value of the data
+        switch ($check[1])
+        {
+          case VT_STR:
+          case VT_TEXT:
+            // Strings get their length checked
+            if (($check[0] == CHK_ISLT && $slen >= $check[2]) ||
+                ($check[0] == CHK_ISGT && $slen <= $check[2]) ||
+                ($check[0] == CHK_ISEQ && $slen != $check[2]))
+                return stErrorStrF($check[3], $data);
+            break;
+
+          case VT_INT:
+          case VT_BOOL:
+            // Integer values checked against .. value
+            $sval = to_int($data);
+            if (($check[0] == CHK_ISLT && $sval >= $check[2]) ||
+                ($check[0] == CHK_ISGT && $sval <= $check[2]) ||
+                ($check[0] == CHK_ISEQ && $sval != $check[2]))
+                return stErrorStrF($check[3], $data);
+            break;
+        }
+        break;
+
+      case CHK_CUSTOM:
+        // Call a custom function (or closure)
+        $func = $check[1];
+        if (!is_callable($func) || !$func($data))
+          return stErrorStrF($check[2], $data);
+        break;
+    }
+  }
+
+  return TRUE;
 }