From ec1b70f47e2161cf98bf0cad3d57368d2ca762dc Mon Sep 17 00:00:00 2001 From: Rick Ellis Date: Tue, 26 Aug 2008 19:21:27 +0000 Subject: --- system/libraries/Form_validation.php | 1220 ++++++++++++++++++++++++++++++++++ 1 file changed, 1220 insertions(+) create mode 100644 system/libraries/Form_validation.php (limited to 'system/libraries/Form_validation.php') diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php new file mode 100644 index 000000000..fd0c22ec1 --- /dev/null +++ b/system/libraries/Form_validation.php @@ -0,0 +1,1220 @@ +'; + var $_error_suffix = '

'; + var $error_string = ''; + var $_safe_form_data = FALSE; + + + /** + * Constructor + * + */ + function CI_Form_validation($rules = array()) + { + $this->CI =& get_instance(); + + // Validation rules can be stored in a config file. + $this->_config_rules = $rules; + + // Automatically load the form helper + $this->CI->load->helper('form'); + + log_message('debug', "Validation Class Initialized"); + } + + // -------------------------------------------------------------------- + + /** + * Set Rules + * + * This function takes an array of field names and validation + * rules as input, validates the info, and stores it + * + * @access public + * @param mixed + * @param string + * @return void + */ + function set_rules($field, $label = '', $rules = '') + { + // No reason to set rules if we have no POST data + if (count($_POST) == 0) + { + return; + } + + // If an array was passed via the first parameter instead of indidual string + // values we cycle through it and recursively call this function. + if (is_array($field)) + { + foreach ($field as $row) + { + // Houston, we have a problem... + if ( ! isset($row['field']) OR ! isset($row['rules'])) + { + continue; + } + + // If the field label wasn't passed we use the field name + $label = ( ! isset($row['label'])) ? $row['field'] : $row['label']; + + // Here we go! + $this->set_rules($row['field'], $label, $row['rules']); + } + return; + } + + // No rules or fields? Nothing to do... + if ( ! is_string($field) OR ! is_string($rules) OR $field == '' OR $rules == '') + { + return; + } + + // If the field label wasn't passed we use the field name + $label = ($label == '') ? $field : $label; + + // Is the field name an array? We test for the existence of a bracket "[" in + // the field name to determine this. If it is an array, we break it apart + // into its components so that we can fetch the corresponding POST data later + if (strpos($field, '[') !== FALSE AND preg_match_all('/\[(.*?)\]/', $field, $matches)) + { + // Note: Due to a bug in current() that affects some versions + // of PHP we can not pass function call directly into it + $x = explode('[', $field); + $indexes[] = current($x); + + for ($i = 0; $i < count($matches['0']); $i++) + { + if ($matches['1'][$i] != '') + { + $indexes[] = $matches['1'][$i]; + } + } + + $is_array = TRUE; + } + else + { + $indexes = array(); + $is_array = FALSE; + } + + // Build our master array + $this->_field_data[$field] = array( + 'field' => $field, + 'label' => $label, + 'rules' => $rules, + 'is_array' => $is_array, + 'keys' => $indexes, + 'postdata' => NULL, + 'error' => '' + ); + } + + // -------------------------------------------------------------------- + + /** + * Set Error Message + * + * Lets users set their own error messages on the fly. Note: The key + * name has to match the function name that it corresponds to. + * + * @access public + * @param string + * @param string + * @return string + */ + function set_message($lang, $val = '') + { + if ( ! is_array($lang)) + { + $lang = array($lang => $val); + } + + $this->_error_messages = array_merge($this->_error_messages, $lang); + } + + // -------------------------------------------------------------------- + + /** + * Set The Error Delimiter + * + * Permits a prefix/suffix to be added to each error message + * + * @access public + * @param string + * @param string + * @return void + */ + function set_error_delimiters($prefix = '

', $suffix = '

') + { + $this->_error_prefix = $prefix; + $this->_error_suffix = $suffix; + } + + // -------------------------------------------------------------------- + + /** + * Get Error Message + * + * Gets the error message associated with a particular field + * + * @access public + * @param string the field name + * @return void + */ + function error($field = '', $prefix = '', $suffix = '') + { + if ( ! isset($this->_field_data[$field]['error'])) + { + return ''; + } + + if ($prefix == '') + { + $prefix = $this->_error_prefix; + } + + if ($suffix == '') + { + $suffix = $this->_error_suffix; + } + + return $prefix.$this->_field_data[$field]['error'].$suffix; + } + + // -------------------------------------------------------------------- + + /** + * Error String + * + * Returns the error messages as a string, wrapped in the error delimiters + * + * @access public + * @param string + * @param string + * @return str + */ + function error_string($prefix = '', $suffix = '') + { + // No errrors, validation passes! + if (count($this->_error_array) === 0) + { + return ''; + } + + if ($prefix == '') + { + $prefix = $this->_error_prefix; + } + + if ($suffix == '') + { + $suffix = $this->_error_suffix; + } + + // Generate the error string + $str = ''; + foreach ($this->_error_array as $val) + { + $str .= $prefix.$val.$suffix."\n"; + } + + return $str; + } + + // -------------------------------------------------------------------- + + /** + * Run the Validator + * + * This function does all the work. + * + * @access public + * @return bool + */ + function run($group = '') + { + // Do we even have any data to process? Mm? + if (count($_POST) == 0) + { + return FALSE; + } + + // Does the _field_data array containing the validation rules exist? + // If not, we look to see if they were assigned via a config file + if (count($this->_field_data) == 0) + { + // No validation rules? We're done... + if (count($this->_config_rules) == 0) + { + return FALSE; + } + + // Is there a validation rule for the particular URI being accessed? + $uri = ($group == '') ? trim($this->CI->uri->ruri_string(), '/') : $group; + + if ($uri != '' AND isset($this->_config_rules[$uri])) + { + $this->set_rules($this->_config_rules[$uri]); + } + else + { + $this->set_rules($this->_config_rules); + } + + // We're we able to set the rules correctly? + if (count($this->_field_data) == 0) + { + log_message('debug', "Unable to find validation rules"); + return FALSE; + } + } + + // Load the language file containing error messages + $this->CI->lang->load('form_validation'); + + // Cycle through the rules for each field, match the + // corresponding $_POST item and test for errors + foreach ($this->_field_data as $field => $row) + { + // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. + // Depending on whether the field name is an array or a string will determine where we get it from. + + if ($row['is_array'] == TRUE) + { + $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); + } + else + { + if (isset($_POST[$field])) + { + $this->_field_data[$field]['postdata'] = $_POST[$field]; + } + } + + $this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']); + } + + // Did we end up with any errors? + $total_errors = count($this->_error_array); + + if ($total_errors > 0) + { + $this->_safe_form_data = TRUE; + } + + // Now we need to re-set the POST data with the new, processed data + $this->_reset_post_array(); + + // No errors, validation passes! + if ($total_errors == 0) + { + return TRUE; + } + + // Validation fails + return FALSE; + } + + // -------------------------------------------------------------------- + + /** + * Traverse a multidimensional $_POST array index until the data is found + * + * @access private + * @param array + * @param array + * @param integer + * @return mixed + */ + function _reduce_array($array, $keys, $i = 0) + { + if (is_array($array)) + { + if (isset($keys[$i])) + { + if (isset($array[$keys[$i]])) + { + $array = $this->_reduce_array($array[$keys[$i]], $keys, ($i+1)); + } + else + { + return NULL; + } + } + else + { + return $array; + } + } + + return $array; + } + + // -------------------------------------------------------------------- + + /** + * Re-populate the _POST array with our finalized and processed data + * + * @access private + * @return null + */ + function _reset_post_array() + { + foreach ($this->_field_data as $field => $row) + { + if ( ! is_null($row['postdata'])) + { + if ($row['is_array'] == FALSE) + { + if (isset($_POST[$row['field']])) + { + $_POST[$row['field']] = $this->prep_for_form($row['postdata']); + } + } + else + { + $post = '$_POST["'; + + if (count($row['keys']) == 1) + { + $post .= current($row['keys']); + $post .= '"]'; + } + else + { + $i = 0; + foreach ($row['keys'] as $val) + { + if ($i == 0) + { + $post .= $val.'"]'; + $i++; + continue; + } + + $post .= '["'.$val.'"]'; + } + } + + if (is_array($row['postdata'])) + { + $array = array(); + foreach ($row['postdata'] as $k => $v) + { + $array[$k] = $this->prep_for_form($v); + } + + $post .= ' = $array;'; + } + else + { + $post .= ' = "'.$this->prep_for_form($row['postdata']).'";'; + } + + eval($post); + } + } + } + } + + // -------------------------------------------------------------------- + + /** + * Executes the Validation routines + * + * @access private + * @param array + * @param array + * @param mixed + * @param integer + * @return mixed + */ + function _execute($row, $rules, $postdata = NULL, $cycles = 0) + { + // If the $_POST data is an array we will run a recursive call + if (is_array($postdata)) + { + foreach ($postdata as $key => $val) + { + $this->_execute($row, $rules, $val, $cycles); + $cycles++; + } + + return; + } + + // -------------------------------------------------------------------- + + // If the field is blank, but NOT required, no further tests are necessary + if ( ! in_array('required', $rules, TRUE) AND is_null($postdata)) + { + return; + } + + // -------------------------------------------------------------------- + + // Isset Test. Typically this rule will only apply to checkboxes. + if (is_null($postdata)) + { + if (in_array('isset', $rules, TRUE) OR in_array('required', $rules)) + { + if ( ! isset($this->_error_messages['isset'])) + { + if (FALSE === ($line = $this->CI->lang->line('isset'))) + { + $line = 'The field was not set'; + } + } + else + { + $line = $this->_error_messages['isset']; + } + + // Build the error message + $message = sprintf($line, $row['label']); + + // Save the error message + $this->_field_data[$row['field']]['error'] = $message; + + if ( ! isset($this->_error_array[$row['field']])) + { + $this->_error_array[$row['field']] = $message; + } + } + + return; + } + + // -------------------------------------------------------------------- + + // Cycle through each rule and run it + foreach ($rules As $rule) + { + $_in_array = FALSE; + + // We set the $postdata variable with the current data in our master array so that + // each cycle of the loop is dealing with the processed data from the last cycle + if ($row['is_array'] == TRUE AND is_array($this->_field_data[$row['field']]['postdata'])) + { + // We shouldn't need this safety, but just in case there isn't an array index + // associated with this cycle we'll bail out + if ( ! isset($this->_field_data[$row['field']]['postdata'][$cycles])) + { + continue; + } + + $postdata = $this->_field_data[$row['field']]['postdata'][$cycles]; + $_in_array = TRUE; + } + else + { + $postdata = $this->_field_data[$row['field']]['postdata']; + } + + // -------------------------------------------------------------------- + + // Is the rule a callback? + $callback = FALSE; + if (substr($rule, 0, 9) == 'callback_') + { + $rule = substr($rule, 9); + $callback = TRUE; + } + + // Strip the parameter (if exists) from the rule + // Rules can contain a parameter: max_length[5] + $param = FALSE; + if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match)) + { + $rule = $match[1]; + $param = $match[2]; + } + + // Call the function that corresponds to the rule + if ($callback === TRUE) + { + if ( ! method_exists($this->CI, $rule)) + { + continue; + } + + // Run the function and grab the result + $result = $this->CI->$rule($postdata, $param); + + // Re-assign the result to the master data array + if ($_in_array == TRUE) + { + $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; + } + else + { + $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; + } + + // If the field isn't required and we just processed a callback we'll move on... + if ( ! in_array('required', $rules, TRUE) AND $result !== FALSE) + { + return; + } + } + else + { + if ( ! method_exists($this, $rule)) + { + /* + * Run the native PHP function if called for + * + * If our own wrapper function doesn't exist we see + * if a native PHP function does. Users can use + * any native PHP function call that has one param. + */ + if (function_exists($rule)) + { + $result = $rule($postdata); + + if ($_in_array == TRUE) + { + $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; + } + else + { + $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; + } + } + + continue; + } + + $result = $this->$rule($postdata, $param); + + if ($_in_array == TRUE) + { + $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; + } + else + { + $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; + } + } + + // Did the rule test negatively? If so, grab the error. + if ($result === FALSE) + { + if ( ! isset($this->_error_messages[$rule])) + { + if (FALSE === ($line = $this->CI->lang->line($rule))) + { + $line = 'Unable to access an error message corresponding to your field name.'; + } + } + else + { + $line = $this->_error_messages[$rule]; + } + + // Build the error message + $message = sprintf($line, $row['label'], $param); + + // Save the error message + $this->_field_data[$row['field']]['error'] = $message; + + if ( ! isset($this->_error_array[$row['field']])) + { + $this->_error_array[$row['field']] = $message; + } + + return; + } + } + } + + // -------------------------------------------------------------------- + + /** + * Get the value from a form + * + * Permits you to repopulate a form field with the value it was submitted + * with, or, if that value doesn't exist, with the default + * + * @access public + * @param string the field name + * @param string + * @return void + */ + function set_value($field = '', $default = '') + { + if ( ! isset($this->_field_data[$field])) + { + return $default; + } + + return $this->_field_data[$field]['postdata']; + } + + // -------------------------------------------------------------------- + + /** + * Set Select + * + * Enables pull-down lists to be set to the value the user + * selected in the event of an error + * + * @access public + * @param string + * @param string + * @return string + */ + function set_select($field = '', $value = '', $default = FALSE) + { + if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) + { + if ($default === TRUE AND count($this->_field_data) === 0) + { + return ' selected="selected"'; + } + return ''; + } + + $field = $this->_field_data[$field]['postdata']; + + if (is_array($field)) + { + if ( ! in_array($value, $field, TRUE)) + { + return ''; + } + } + else + { + if (($field == '' OR $value == '') OR ($field != $value)) + { + return ''; + } + } + + return ' selected="selected"'; + } + + // -------------------------------------------------------------------- + + /** + * Set Radio + * + * Enables radio buttons to be set to the value the user + * selected in the event of an error + * + * @access public + * @param string + * @param string + * @return string + */ + function set_radio($field = '', $value = '', $default = FALSE) + { + if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) + { + if ($default === TRUE AND count($this->_field_data) === 0) + { + return ' checked="checked"'; + } + return ''; + } + + $field = $this->_field_data[$field]['postdata']; + + if (is_array($field)) + { + if ( ! in_array($value, $field, TRUE)) + { + return ''; + } + } + else + { + if (($field == '' OR $value == '') OR ($field != $value)) + { + return ''; + } + } + + return ' checked="checked"'; + } + + // -------------------------------------------------------------------- + + /** + * Set Checkbox + * + * Enables checkboxes to be set to the value the user + * selected in the event of an error + * + * @access public + * @param string + * @param string + * @return string + */ + function set_checkbox($field = '', $value = '', $default = FALSE) + { + if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) + { + if ($default === TRUE AND count($this->_field_data) === 0) + { + return ' checked="checked"'; + } + return ''; + } + + $field = $this->_field_data[$field]['postdata']; + + if (is_array($field)) + { + if ( ! in_array($value, $field, TRUE)) + { + return ''; + } + } + else + { + if (($field == '' OR $value == '') OR ($field != $value)) + { + return ''; + } + } + + return ' checked="checked"'; + } + + // -------------------------------------------------------------------- + + /** + * Required + * + * @access public + * @param string + * @return bool + */ + function required($str) + { + if ( ! is_array($str)) + { + return (trim($str) == '') ? FALSE : TRUE; + } + else + { + return ( ! empty($str)); + } + } + + // -------------------------------------------------------------------- + + /** + * Match one field to another + * + * @access public + * @param string + * @param field + * @return bool + */ + function matches($str, $field) + { + if ( ! isset($_POST[$field])) + { + return FALSE; + } + + $field = $_POST[$field]; + + return ($str !== $field) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Minimum Length + * + * @access public + * @param string + * @param value + * @return bool + */ + function min_length($str, $val) + { + if (preg_match("/[^0-9]/", $val)) + { + return FALSE; + } + + return (strlen($str) < $val) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Max Length + * + * @access public + * @param string + * @param value + * @return bool + */ + function max_length($str, $val) + { + if (preg_match("/[^0-9]/", $val)) + { + return FALSE; + } + + return (strlen($str) > $val) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Exact Length + * + * @access public + * @param string + * @param value + * @return bool + */ + function exact_length($str, $val) + { + if (preg_match("/[^0-9]/", $val)) + { + return FALSE; + } + + return (strlen($str) != $val) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Valid Email + * + * @access public + * @param string + * @return bool + */ + function valid_email($str) + { + return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Valid Emails + * + * @access public + * @param string + * @return bool + */ + function valid_emails($str) + { + if (strpos($str, ',') === FALSE) + { + return $this->valid_email(trim($str)); + } + + foreach(explode(',', $str) as $email) + { + if (trim($email) != '' && $this->valid_email(trim($email)) === FALSE) + { + return FALSE; + } + } + + return TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Validate IP Address + * + * @access public + * @param string + * @return string + */ + function valid_ip($ip) + { + return $this->CI->input->valid_ip($ip); + } + + // -------------------------------------------------------------------- + + /** + * Alpha + * + * @access public + * @param string + * @return bool + */ + function alpha($str) + { + return ( ! preg_match("/^([a-z])+$/i", $str)) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Alpha-numeric + * + * @access public + * @param string + * @return bool + */ + function alpha_numeric($str) + { + return ( ! preg_match("/^([a-z0-9])+$/i", $str)) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Alpha-numeric with underscores and dashes + * + * @access public + * @param string + * @return bool + */ + function alpha_dash($str) + { + return ( ! preg_match("/^([-a-z0-9_-])+$/i", $str)) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Numeric + * + * @access public + * @param string + * @return bool + */ + function numeric($str) + { + return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str); + + } + + // -------------------------------------------------------------------- + + /** + * Is Numeric + * + * @access public + * @param string + * @return bool + */ + function is_numeric($str) + { + return ( ! is_numeric($str)) ? FALSE : TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Integer + * + * @access public + * @param string + * @return bool + */ + function integer($str) + { + return (bool)preg_match( '/^[\-+]?[0-9]+$/', $str); + } + + // -------------------------------------------------------------------- + + /** + * Is a Natural number (0,1,2,3, etc.) + * + * @access public + * @param string + * @return bool + */ + function is_natural($str) + { + return (bool)preg_match( '/^[0-9]+$/', $str); + } + + // -------------------------------------------------------------------- + + /** + * Is a Natural number, but not a zero (1,2,3, etc.) + * + * @access public + * @param string + * @return bool + */ + function is_natural_no_zero($str) + { + if ( ! preg_match( '/^[0-9]+$/', $str)) + { + return FALSE; + } + + if ($str == 0) + { + return FALSE; + } + + return TRUE; + } + + // -------------------------------------------------------------------- + + /** + * Valid Base64 + * + * Tests a string for characters outside of the Base64 alphabet + * as defined by RFC 2045 http://www.faqs.org/rfcs/rfc2045 + * + * @access public + * @param string + * @return bool + */ + function valid_base64($str) + { + return (bool) ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str); + } + + // -------------------------------------------------------------------- + + /** + * Prep data for form + * + * This function allows HTML to be safely shown in a form. + * Special characters are converted. + * + * @access public + * @param string + * @return string + */ + function prep_for_form($data = '') + { + if (is_array($data)) + { + foreach ($data as $key => $val) + { + $data[$key] = $this->prep_for_form($val); + } + + return $data; + } + + if ($this->_safe_form_data == FALSE OR $data === '') + { + return $data; + } + + return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data)); + } + + // -------------------------------------------------------------------- + + /** + * Prep URL + * + * @access public + * @param string + * @return string + */ + function prep_url($str = '') + { + if ($str == 'http://' OR $str == '') + { + return ''; + } + + if (substr($str, 0, 7) != 'http://' && substr($str, 0, 8) != 'https://') + { + $str = 'http://'.$str; + } + + return $str; + } + + // -------------------------------------------------------------------- + + /** + * Strip Image Tags + * + * @access public + * @param string + * @return string + */ + function strip_image_tags($str) + { + return $this->CI->input->strip_image_tags($str); + } + + // -------------------------------------------------------------------- + + /** + * XSS Clean + * + * @access public + * @param string + * @return string + */ + function xss_clean($str) + { + return $this->CI->input->xss_clean($str); + } + + // -------------------------------------------------------------------- + + /** + * Convert PHP tags to entities + * + * @access public + * @param string + * @return string + */ + function encode_php_tags($str) + { + return str_replace(array(''), array('<?php', '<?PHP', '<?', '?>'), $str); + } + +} +// END Form Validation Class + +/* End of file Form_validation.php */ +/* Location: ./system/libraries/Form_validation.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b