# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1383929694 -7200
# Node ID 1b30c2107e5b942abc989fa9b8ef830f41bc18e6
# Parent  320d6b68062bb45ee8489a12c7ec78db9c6fafaa
Add function for validating input with different definable conditions. Use
this functionality in register.inc.php. Define field sizes.

diff -r 320d6b68062b -r 1b30c2107e5b msite.inc.php
--- a/msite.inc.php	Fri Nov 08 12:08:16 2013 +0200
+++ b/msite.inc.php	Fri Nov 08 18:54:54 2013 +0200
@@ -6,10 +6,31 @@
 //
 require_once "msitegen.inc.php";
 
+// Define modes of party information display system
 define("SMODE_ROTATE", 1);
 define("SMODE_COMPO", 2);
 
 
+// Define sizes of database fields, see createdb.php
+// and also the places where input is validated.
+define("SET_LEN_USERNAME", 32);
+define("SET_LEN_GROUPS", 64);
+define("SET_LEN_ONELINER", 64);
+define("SET_LEN_EMAIL", 80);
+
+define("SET_LEN_NEWS_TITLE", 128);
+define("SET_LEN_NEWS_TEXT", 4096);
+define("SET_LEN_NEWS_AUTHOR", 64);
+
+define("SET_LEN_COMPO_NAME", 128);
+define("SET_LEN_COMPO_DESC", 4096);
+
+define("SET_LEN_ENTRY_NAME", 64);
+define("SET_LEN_ENTRY_AUTHOR", 64);
+define("SET_LEN_ENTRY_FILENAME", 256);
+define("SET_LEN_ENTRY_INFO", 256);
+
+
 //
 // Different voting modes
 //
diff -r 320d6b68062b -r 1b30c2107e5b msitegen.inc.php
--- a/msitegen.inc.php	Fri Nov 08 12:08:16 2013 +0200
+++ b/msitegen.inc.php	Fri Nov 08 18:54:54 2013 +0200
@@ -9,11 +9,19 @@
 $errorSet = FALSE;
 $errorMsg = "";
 
+// Value types
 define("VT_STR", 1);
 define("VT_INT", 2);
 define("VT_BOOL", 3);
 define("VT_TEXT", 4);
 
+// Validation check types
+define("CHK_TYPE", 1);
+define("CHK_ISLT", 2);
+define("CHK_ISGT", 3);
+define("CHK_ISEQ", 4);
+define("CHK_CUSTOM", 5);
+
 
 function stDebug($msg)
 {
@@ -206,15 +214,97 @@
 }
 
 
-function stChkDataItem($name)
+function stErrorStrF($msg, $data)
 {
-  return !isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1;
+  stError($msg);
+  return FALSE;
 }
 
 
-function stChkRequestItem($name)
+//
+// Check and validate one item from $_REQUEST[], based on
+// list of validation conditions. For example:
+//
+//  stChkRequestItem("name", FALSE,
+//    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
+//    array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."),
+//    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."));
+//
+function stChkRequestItem($name, &$sdata)
 {
-  return isset($_REQUEST[$name]);
+  if (!isset($_REQUEST[$name]))
+    return FALSE;
+
+  $data = trim($_REQUEST[$name]);
+  $slen = strlen($data);
+
+  if ($sdata !== FALSE)
+    $sdata = $data;
+
+  // Go through list of validation checks
+  $argc = func_num_args();
+  $argv = func_get_args();
+
+  for ($argn = 2; $argn < $argc; $argn++)
+  {
+    // Act according to check type
+    $check = $argv[$argn];
+    switch ($check[0])
+    {
+      case CHK_TYPE:
+        // Check type of the data
+        switch ($check[1])
+        {
+          case VT_STR:
+            if ($slen == 0)
+              return stErrorStrF($check[2], $data);
+            break;
+
+          case VT_INT:
+          case VT_BOOL:
+            if ($slen == 0 || !is_numeric($data))
+              return stErrorStrF($check[2], $data);
+            break;
+        }
+        break;
+
+      case CHK_ISLT:
+      case CHK_ISGT:
+      case CHK_ISEQ:
+        // Check length or value of the data
+        switch ($check[1])
+        {
+          case VT_STR:
+          case VT_TEXT:
+            // Strings get their length checked
+            if (($check[0] == CHK_ISLT && $slen >= $check[2]) ||
+                ($check[0] == CHK_ISGT && $slen <= $check[2]) ||
+                ($check[0] == CHK_ISEQ && $slen != $check[2]))
+                return stErrorStrF($check[3], $data);
+            break;
+
+          case VT_INT:
+          case VT_BOOL:
+            // Integer values checked against .. value
+            $sval = to_int($data);
+            if (($check[0] == CHK_ISLT && $sval >= $check[2]) ||
+                ($check[0] == CHK_ISGT && $sval <= $check[2]) ||
+                ($check[0] == CHK_ISEQ && $sval != $check[2]))
+                return stErrorStrF($check[3], $data);
+            break;
+        }
+        break;
+
+      case CHK_CUSTOM:
+        // Call a custom function (or closure)
+        $func = $check[1];
+        if (!is_callable($func) || !$func($data))
+          return stErrorStrF($check[2], $data);
+        break;
+    }
+  }
+
+  return TRUE;
 }
 
 
diff -r 320d6b68062b -r 1b30c2107e5b register.inc.php
--- a/register.inc.php	Fri Nov 08 12:08:16 2013 +0200
+++ b/register.inc.php	Fri Nov 08 18:54:54 2013 +0200
@@ -122,11 +122,11 @@
   stGetFormStart("register").
   " ".stGetFormHiddenInput("mode", "check")."\n".
   " ".stGetFormHiddenInput("hash", $botCheckHash)."\n".
-  " <table>\n";
-  stPrintFormTextInput("Handle:", "(elite)", 30, 30, "name");
-  stPrintFormTextInput("Group(s):", "(elite crew^supahmen)", 40, 64, "groups");
-  stPrintFormTextInput("E-mail:", "(to be informed of location etc)", 40, 64, "email");
-  stPrintFormTextInput("Oneliner:", "(whatever)", 64, 64, "oneliner");
+  " <table class=\"register\">\n";
+  stPrintFormTextInput("Handle:", "(elite)", 20, SET_LEN_USERNAME, "name");
+  stPrintFormTextInput("Group(s):", "(elite crew^supahmen)", 30, SET_LEN_GROUPS, "groups");
+  stPrintFormTextInput("E-mail:", "(to be informed of location etc)", 30, SET_LEN_EMAIL, "email");
+  stPrintFormTextInput("Oneliner:", "(whatever)", 30, SET_LEN_ONELINER, "oneliner");
   stPrintFormTextInput(hashToCheckStr($botCheckHash)." = ", "(I.Q. / robot check".
   //" [".hashToAnswer($botCheckHash)."]".
   ")", 20, 20, "botcheck", "autocomplete=\"off\"");
@@ -143,23 +143,31 @@
   //
   // Check the registrant's details
   //
-  if (stChkDataItem("name") || strlen(stGetRequestItem("name")) < 3)
-    stError("Handle / name not given, or too short.");
+  stChkRequestItem("name", FALSE,
+    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
+    array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."),
+    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."));
 
-  if (stChkDataItem("hash"))
-    stError("Invalid data.");
+  stChkRequestItem("groups", FALSE,
+    array(CHK_ISLT, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters."));
+
+  stChkRequestItem("oneliner", FALSE,
+    array(CHK_ISLT, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters."));
+
+  stChkRequestItem("hash", $hash,
+    array(CHK_GTEQ, VT_STR, 0, "Invalid data."));
+
 
   $email = stGetRequestItem("email");
-  if (stGetSetting("requireEMail"))
-  {
-    if (stChkDataItem("email") || strlen($email) < 4)
-      stError("E-mail address not given, or it is too short.");
-  }
+  if (stGetSetting("requireEMail") && strlen($email) < 4)
+    stError("E-mail address not given, or it is too short.");
 
   if (strlen($email) > 0 && (strpos($email, "@") === FALSE || strpos($email, ".") === FALSE))
     stError("E-mail address not in proper format.");
 
-  $hash = stGetRequestItem("hash");
+  if (strlen($email) > SET_LEN_EMAIL)
+    stError("E-mail address too long, max ".SET_LEN_EMAIL." characters.");
+
   $answer = stGetRequestItem("botcheck");
   if (hashToAnswer($hash) != intval($answer))
     stError("Incorrect answer to I.Q. / bot check.");
@@ -181,7 +189,7 @@
     {
       echo stGetSetting("registerPostText");
 
-      if (stChkDataItem("email"))
+      if (strlen($email) < 4)
         echo stGetSetting("registerPostNoEmail");
     }
     else