Mercurial > hg > fapweb
diff msite.inc.php @ 207:e31c42a9b574
Slowly work on input validation.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sun, 17 Nov 2013 19:26:46 +0200 |
parents | 77d33161f8be |
children | b236b4d8d7a9 |
line wrap: on
line diff
--- a/msite.inc.php Sun Nov 17 19:07:08 2013 +0200 +++ b/msite.inc.php Sun Nov 17 19:26:46 2013 +0200 @@ -244,4 +244,42 @@ } +function stCheckRequestUserData($admin) +{ + if (!stChkRequestItem("name", $fake, + array(CHK_ISGT, VT_STR, 0, "Handle / name not given."), + array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters.") + )) return FALSE; + + if (!stChkRequestItem("groups", $fake, + array(CHK_ISLT, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters.") + )) return FALSE; + + if (!stChkRequestItem("oneliner", $fake, + array(CHK_ISLT, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters.") + )) return FALSE; + + $email = stGetRequestItem("email"); + if (!$admin && stGetSetting("requireEMail") && strlen($email) < 4) + { + stError("E-mail address not given, or it is too short."); + return FALSE; + } + + if (strlen($email) > 0 && (strpos($email, "@") === FALSE || strpos($email, ".") === FALSE)) + { + stError("E-mail address not in proper format."); + return FALSE; + } + + if (strlen($email) > SET_LEN_EMAIL) + { + stError("E-mail address too long, max ".SET_LEN_EMAIL." characters."); + return FALSE; + } + + return TRUE; +} + + ?> \ No newline at end of file