<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 4.3.2 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team * @copyright Copyright (c) 2008, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 * @filesource */ // ------------------------------------------------------------------------ /** * Form Validation Class * * @package CodeIgniter * @subpackage Libraries * @category Validation * @author ExpressionEngine Dev Team * @link http://codeigniter.com/user_guide/libraries/form_validation.html */ class CI_Form_validation { var $CI; var $_field_data = array(); var $_config_rules = array(); var $_error_array = array(); var $_error_messages = array(); var $_error_prefix = '<p>'; var $_error_suffix = '</p>'; var $error_string = ''; var $_safe_form_data = FALSE; /** * Constructor * */ function CI_Form_validation($rules = array()) { $this->CI =& get_instance(); // Validation rules can be stored in a config file. $this->_config_rules = $rules; // Automatically load the form helper $this->CI->load->helper('form'); // Set the character encoding in MB. if (function_exists('mb_internal_encoding')) { mb_internal_encoding($this->CI->config->item('charset')); } log_message('debug', "Form Validation Class Initialized"); } // -------------------------------------------------------------------- /** * Set Rules * * This function takes an array of field names and validation * rules as input, validates the info, and stores it * * @access public * @param mixed * @param string * @return void */ function set_rules($field, $label = '', $rules = '') { // No reason to set rules if we have no POST data if (count($_POST) == 0) { return; } // If an array was passed via the first parameter instead of indidual string // values we cycle through it and recursively call this function. if (is_array($field)) { foreach ($field as $row) { // Houston, we have a problem... if ( ! isset($row['field']) OR ! isset($row['rules'])) { continue; } // If the field label wasn't passed we use the field name $label = ( ! isset($row['label'])) ? $row['field'] : $row['label']; // Here we go! $this->set_rules($row['field'], $label, $row['rules']); } return; } // No fields? Nothing to do... if ( ! is_string($field) OR ! is_string($rules) OR $field == '') { return; } // If the field label wasn't passed we use the field name $label = ($label == '') ? $field : $label; // Is the field name an array? We test for the existence of a bracket "[" in // the field name to determine this. If it is an array, we break it apart // into its components so that we can fetch the corresponding POST data later if (strpos($field, '[') !== FALSE AND preg_match_all('/\[(.*?)\]/', $field, $matches)) { // Note: Due to a bug in current() that affects some versions // of PHP we can not pass function call directly into it $x = explode('[', $field); $indexes[] = current($x); for ($i = 0; $i < count($matches['0']); $i++) { if ($matches['1'][$i] != '') { $indexes[] = $matches['1'][$i]; } } $is_array = TRUE; } else { $indexes = array(); $is_array = FALSE; } // Build our master array $this->_field_data[$field] = array( 'field' => $field, 'label' => $label, 'rules' => $rules, 'is_array' => $is_array, 'keys' => $indexes, 'postdata' => NULL, 'error' => '' ); } // -------------------------------------------------------------------- /** * Set Error Message * * Lets users set their own error messages on the fly. Note: The key * name has to match the function name that it corresponds to. * * @access public * @param string * @param string * @return string */ function set_message($lang, $val = '') { if ( ! is_array($lang)) { $lang = array($lang => $val); } $this->_error_messages = array_merge($this->_error_messages, $lang); } // -------------------------------------------------------------------- /** * Set The Error Delimiter * * Permits a prefix/suffix to be added to each error message * * @access public * @param string * @param string * @return void */ function set_error_delimiters($prefix = '<p>', $suffix = '</p>') { $this->_error_prefix = $prefix; $this->_error_suffix = $suffix; } // -------------------------------------------------------------------- /** * Get Error Message * * Gets the error message associated with a particular field * * @access public * @param string the field name * @return void */ function error($field = '', $prefix = '', $suffix = '') { if ( ! isset($this->_field_data[$field]['error']) OR $this->_field_data[$field]['error'] == '') { return ''; } if ($prefix == '') { $prefix = $this->_error_prefix; } if ($suffix == '') { $suffix = $this->_error_suffix; } return $prefix.$this->_field_data[$field]['error'].$suffix; } // -------------------------------------------------------------------- /** * Error String * * Returns the error messages as a string, wrapped in the error delimiters * * @access public * @param string * @param string * @return str */ function error_string($prefix = '', $suffix = '') { // No errrors, validation passes! if (count($this->_error_array) === 0) { return ''; } if ($prefix == '') { $prefix = $this->_error_prefix; } if ($suffix == '') { $suffix = $this->_error_suffix; } // Generate the error string $str = ''; foreach ($this->_error_array as $val) { if ($val != '') { $str .= $prefix.$val.$suffix."\n"; } } return $str; } // -------------------------------------------------------------------- /** * Run the Validator * * This function does all the work. * * @access public * @return bool */ function run($group = '') { // Do we even have any data to process? Mm? if (count($_POST) == 0) { return FALSE; } // Does the _field_data array containing the validation rules exist? // If not, we look to see if they were assigned via a config file if (count($this->_field_data) == 0) { // No validation rules? We're done... if (count($this->_config_rules) == 0) { return FALSE; } // Is there a validation rule for the particular URI being accessed? $uri = ($group == '') ? trim($this->CI->uri->ruri_string(), '/') : $group; if ($uri != '' AND isset($this->_config_rules[$uri])) { $this->set_rules($this->_config_rules[$uri]); } else { $this->set_rules($this->_config_rules); } // We're we able to set the rules correctly? if (count($this->_field_data) == 0) { log_message('debug', "Unable to find validation rules"); return FALSE; } } // Load the language file containing error messages $this->CI->lang->load('form_validation'); // Cycle through the rules for each field, match the // corresponding $_POST item and test for errors foreach ($this->_field_data as $field => $row) { // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. if ($row['is_array'] == TRUE) { $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); } else { if (isset($_POST[$field]) AND $_POST[$field] != "") { $this->_field_data[$field]['postdata'] = $_POST[$field]; } } $this->_execute($row, explode('|', $row['rules']), $this->_field_data[$field]['postdata']); } // Did we end up with any errors? $total_errors = count($this->_error_array); if ($total_errors > 0) { $this->_safe_form_data = TRUE; } // Now we need to re-set the POST data with the new, processed data $this->_reset_post_array(); // No errors, validation passes! if ($total_errors == 0) { return TRUE; } // Validation fails return FALSE; } // -------------------------------------------------------------------- /** * Traverse a multidimensional $_POST array index until the data is found * * @access private * @param array * @param array * @param integer * @return mixed */ function _reduce_array($array, $keys, $i = 0) { if (is_array($array)) { if (isset($keys[$i])) { if (isset($array[$keys[$i]])) { $array = $this->_reduce_array($array[$keys[$i]], $keys, ($i+1)); } else { return NULL; } } else { return $array; } } return $array; } // -------------------------------------------------------------------- /** * Re-populate the _POST array with our finalized and processed data * * @access private * @return null */ function _reset_post_array() { foreach ($this->_field_data as $field => $row) { if ( ! is_null($row['postdata'])) { if ($row['is_array'] == FALSE) { if (isset($_POST[$row['field']])) { $_POST[$row['field']] = $this->prep_for_form($row['postdata']); } } else { $post = '$_POST["'; if (count($row['keys']) == 1) { $post .= current($row['keys']); $post .= '"]'; } else { $i = 0; foreach ($row['keys'] as $val) { if ($i == 0) { $post .= $val.'"]'; $i++; continue; } $post .= '["'.$val.'"]'; } } if (is_array($row['postdata'])) { $array = array(); foreach ($row['postdata'] as $k => $v) { $array[$k] = $this->prep_for_form($v); } $post .= ' = $array;'; } else { $post .= ' = "'.$this->prep_for_form($row['postdata']).'";'; } eval($post); } } } } // -------------------------------------------------------------------- /** * Executes the Validation routines * * @access private * @param array * @param array * @param mixed * @param integer * @return mixed */ function _execute($row, $rules, $postdata = NULL, $cycles = 0) { // If the $_POST data is an array we will run a recursive call if (is_array($postdata)) { foreach ($postdata as $key => $val) { $this->_execute($row, $rules, $val, $cycles); $cycles++; } return; } // -------------------------------------------------------------------- // If the field is blank, but NOT required, no further tests are necessary $callback = FALSE; if ( ! in_array('required', $rules) AND is_null($postdata)) { // Before we bail out, does the rule contain a callback? if (preg_match("/(callback_\w+)/", implode(' ', $rules), $match)) { $callback = TRUE; $rules = (array('1' => $match[1])); } else { return; } } // -------------------------------------------------------------------- // Isset Test. Typically this rule will only apply to checkboxes. if (is_null($postdata) AND $callback == FALSE) { if (in_array('isset', $rules, TRUE) OR in_array('required', $rules)) { // Set the message type $type = (in_array('required', $rules)) ? 'required' : 'isset'; if ( ! isset($this->_error_messages[$type])) { if (FALSE === ($line = $this->CI->lang->line($type))) { $line = 'The field was not set'; } } else { $line = $this->_error_messages[$type]; } // Build the error message $message = sprintf($line, $this->_translate_fieldname($row['label'])); // Save the error message $this->_field_data[$row['field']]['error'] = $message; if ( ! isset($this->_error_array[$row['field']])) { $this->_error_array[$row['field']] = $message; } } return; } // -------------------------------------------------------------------- // Cycle through each rule and run it foreach ($rules As $rule) { $_in_array = FALSE; // We set the $postdata variable with the current data in our master array so that // each cycle of the loop is dealing with the processed data from the last cycle if ($row['is_array'] == TRUE AND is_array($this->_field_data[$row['field']]['postdata'])) { // We shouldn't need this safety, but just in case there isn't an array index // associated with this cycle we'll bail out if ( ! isset($this->_field_data[$row['field']]['postdata'][$cycles])) { continue; } $postdata = $this->_field_data[$row['field']]['postdata'][$cycles]; $_in_array = TRUE; } else { $postdata = $this->_field_data[$row['field']]['postdata']; } // -------------------------------------------------------------------- // Is the rule a callback? $callback = FALSE; if (substr($rule, 0, 9) == 'callback_') { $rule = substr($rule, 9); $callback = TRUE; } // Strip the parameter (if exists) from the rule // Rules can contain a parameter: max_length[5] $param = FALSE; if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match)) { $rule = $match[1]; $param = $match[2]; } // Call the function that corresponds to the rule if ($callback === TRUE) { if ( ! method_exists($this->CI, $rule)) { continue; } // Run the function and grab the result $result = $this->CI->$rule($postdata, $param); // Re-assign the result to the master data array if ($_in_array == TRUE) { $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; } else { $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; } // If the field isn't required and we just processed a callback we'll move on... if ( ! in_array('required', $rules, TRUE) AND $result !== FALSE) { return; } } else { if ( ! method_exists($this, $rule)) { // If our own wrapper function doesn't exist we see if a native PHP function does. // Users can use any native PHP function call that has one param. if (function_exists($rule)) { $result = $rule($postdata); if ($_in_array == TRUE) { $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; } else { $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; } } continue; } $result = $this->$rule($postdata, $param); if ($_in_array == TRUE) { $this->_field_data[$row['field']]['postdata'][$cycles] = (is_bool($result)) ? $postdata : $result; } else { $this->_field_data[$row['field']]['postdata'] = (is_bool($result)) ? $postdata : $result; } } // Did the rule test negatively? If so, grab the error. if ($result === FALSE) { if ( ! isset($this->_error_messages[$rule])) { if (FALSE === ($line = $this->CI->lang->line($rule))) { $line = 'Unable to access an error message corresponding to your field name.'; } } else { $line = $this->_error_messages[$rule]; } // Build the error message $message = sprintf($line, $this->_translate_fieldname($row['label']), $param); // Save the error message $this->_field_data[$row['field']]['error'] = $message; if ( ! isset($this->_error_array[$row['field']])) { $this->_error_array[$row['field']] = $message; } return; } } } // -------------------------------------------------------------------- /** * Translate a field name * * @access private * @param string the field name * @return string */ function _translate_fieldname($fieldname) { // Do we need to translate the field name? // We look for the prefix lang: to determine this if (substr($fieldname, 0, 5) == 'lang:') { // Grab the variable $line = substr($fieldname, 5); // Were we able to translate the field name? If not we use $line if (FALSE === ($fieldname = $this->CI->lang->line($line))) { return $line; } } return $fieldname; } // -------------------------------------------------------------------- /** * Get the value from a form * * Permits you to repopulate a form field with the value it was submitted * with, or, if that value doesn't exist, with the default * * @access public * @param string the field name * @param string * @return void */ function set_value($field = '', $default = '') { if ( ! isset($this->_field_data[$field])) { return $default; } return $this->_field_data[$field]['postdata']; } // -------------------------------------------------------------------- /** * Set Select * * Enables pull-down lists to be set to the value the user * selected in the event of an error * * @access public * @param string * @param string * @return string */ function set_select($field = '', $value = '', $default = FALSE) { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { if ($default === TRUE AND count($this->_field_data) === 0) { return ' selected="selected"'; } return ''; } $field = $this->_field_data[$field]['postdata']; if (is_array($field)) { if ( ! in_array($value, $field)) { return ''; } } else { if (($field == '' OR $value == '') OR ($field != $value)) { return ''; } } return ' selected="selected"'; } // -------------------------------------------------------------------- /** * Set Radio * * Enables radio buttons to be set to the value the user * selected in the event of an error * * @access public * @param string * @param string * @return string */ function set_radio($field = '', $value = '', $default = FALSE) { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { if ($default === TRUE AND count($this->_field_data) === 0) { return ' checked="checked"'; } return ''; } $field = $this->_field_data[$field]['postdata']; if (is_array($field)) { if ( ! in_array($value, $field)) { return ''; } } else { if (($field == '' OR $value == '') OR ($field != $value)) { return ''; } } return ' checked="checked"'; } // -------------------------------------------------------------------- /** * Set Checkbox * * Enables checkboxes to be set to the value the user * selected in the event of an error * * @access public * @param string * @param string * @return string */ function set_checkbox($field = '', $value = '', $default = FALSE) { if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) { if ($default === TRUE AND count($this->_field_data) === 0) { return ' checked="checked"'; } return ''; } $field = $this->_field_data[$field]['postdata']; if (is_array($field)) { if ( ! in_array($value, $field)) { return ''; } } else { if (($field == '' OR $value == '') OR ($field != $value)) { return ''; } } return ' checked="checked"'; } // -------------------------------------------------------------------- /** * Required * * @access public * @param string * @return bool */ function required($str) { if ( ! is_array($str)) { return (trim($str) == '') ? FALSE : TRUE; } else { return ( ! empty($str)); } } // -------------------------------------------------------------------- /** * Match one field to another * * @access public * @param string * @param field * @return bool */ function matches($str, $field) { if ( ! isset($_POST[$field])) { return FALSE; } $field = $_POST[$field]; return ($str !== $field) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Minimum Length * * @access public * @param string * @param value * @return bool */ function min_length($str, $val) { if (preg_match("/[^0-9]/", $val)) { return FALSE; } if (function_exists('mb_strlen')) { return (mb_strlen($str) < $val) ? FALSE : TRUE; } return (strlen($str) < $val) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Max Length * * @access public * @param string * @param value * @return bool */ function max_length($str, $val) { if (preg_match("/[^0-9]/", $val)) { return FALSE; } if (function_exists('mb_strlen')) { return (mb_strlen($str) > $val) ? FALSE : TRUE; } return (strlen($str) > $val) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Exact Length * * @access public * @param string * @param value * @return bool */ function exact_length($str, $val) { if (preg_match("/[^0-9]/", $val)) { return FALSE; } if (function_exists('mb_strlen')) { return (mb_strlen($str) != $val) ? FALSE : TRUE; } return (strlen($str) != $val) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Valid Email * * @access public * @param string * @return bool */ function valid_email($str) { return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Valid Emails * * @access public * @param string * @return bool */ function valid_emails($str) { if (strpos($str, ',') === FALSE) { return $this->valid_email(trim($str)); } foreach(explode(',', $str) as $email) { if (trim($email) != '' && $this->valid_email(trim($email)) === FALSE) { return FALSE; } } return TRUE; } // -------------------------------------------------------------------- /** * Validate IP Address * * @access public * @param string * @return string */ function valid_ip($ip) { return $this->CI->input->valid_ip($ip); } // -------------------------------------------------------------------- /** * Alpha * * @access public * @param string * @return bool */ function alpha($str) { return ( ! preg_match("/^([a-z])+$/i", $str)) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Alpha-numeric * * @access public * @param string * @return bool */ function alpha_numeric($str) { return ( ! preg_match("/^([a-z0-9])+$/i", $str)) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Alpha-numeric with underscores and dashes * * @access public * @param string * @return bool */ function alpha_dash($str) { return ( ! preg_match("/^([-a-z0-9_-])+$/i", $str)) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Numeric * * @access public * @param string * @return bool */ function numeric($str) { return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str); } // -------------------------------------------------------------------- /** * Is Numeric * * @access public * @param string * @return bool */ function is_numeric($str) { return ( ! is_numeric($str)) ? FALSE : TRUE; } // -------------------------------------------------------------------- /** * Integer * * @access public * @param string * @return bool */ function integer($str) { return (bool)preg_match( '/^[\-+]?[0-9]+$/', $str); } // -------------------------------------------------------------------- /** * Is a Natural number (0,1,2,3, etc.) * * @access public * @param string * @return bool */ function is_natural($str) { return (bool)preg_match( '/^[0-9]+$/', $str); } // -------------------------------------------------------------------- /** * Is a Natural number, but not a zero (1,2,3, etc.) * * @access public * @param string * @return bool */ function is_natural_no_zero($str) { if ( ! preg_match( '/^[0-9]+$/', $str)) { return FALSE; } if ($str == 0) { return FALSE; } return TRUE; } // -------------------------------------------------------------------- /** * Valid Base64 * * Tests a string for characters outside of the Base64 alphabet * as defined by RFC 2045 http://www.faqs.org/rfcs/rfc2045 * * @access public * @param string * @return bool */ function valid_base64($str) { return (bool) ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str); } // -------------------------------------------------------------------- /** * Prep data for form * * This function allows HTML to be safely shown in a form. * Special characters are converted. * * @access public * @param string * @return string */ function prep_for_form($data = '') { if (is_array($data)) { foreach ($data as $key => $val) { $data[$key] = $this->prep_for_form($val); } return $data; } if ($this->_safe_form_data == FALSE OR $data === '') { return $data; } return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data)); } // -------------------------------------------------------------------- /** * Prep URL * * @access public * @param string * @return string */ function prep_url($str = '') { if ($str == 'http://' OR $str == '') { return ''; } if (substr($str, 0, 7) != 'http://' && substr($str, 0, 8) != 'https://') { $str = 'http://'.$str; } return $str; } // -------------------------------------------------------------------- /** * Strip Image Tags * * @access public * @param string * @return string */ function strip_image_tags($str) { return $this->CI->input->strip_image_tags($str); } // -------------------------------------------------------------------- /** * XSS Clean * * @access public * @param string * @return string */ function xss_clean($str) { return $this->CI->input->xss_clean($str); } // -------------------------------------------------------------------- /** * Convert PHP tags to entities * * @access public * @param string * @return string */ function encode_php_tags($str) { return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); } } // END Form Validation Class /* End of file Form_validation.php */ /* Location: ./system/libraries/Form_validation.php */