909 lines
27 KiB
PHP
909 lines
27 KiB
PHP
<?php
|
|
// version 2.02
|
|
/*
|
|
-----------------------------------------------------------------------------
|
|
- File Name:
|
|
- WAFV_Scripts_PHP.php
|
|
-
|
|
- Description:
|
|
- Shared functions for WA Form Validations - Server Side PHP
|
|
-
|
|
- This file contains proprietary and confidential information from WebAssist.com
|
|
- corporation. Any unauthorized reuse, reproduction, or modification without
|
|
- the prior written consent of WebAssist.com is strictly prohibited.
|
|
-
|
|
- Copyright 2004 WebAssist.com Corporation. All rights reserved.
|
|
-----------------------------------------------------------------------------
|
|
*/
|
|
function SaveFormToSession($theErrors, $valPage) {
|
|
$postVars = "";
|
|
$formVars = array_keys($_POST);
|
|
$loopInde = 0;
|
|
foreach ($formVars as $theKey) {
|
|
if (is_array($_POST[$theKey])) {
|
|
$toAdd = "";
|
|
for ($x=0; $x < count($_POST[$theKey]); $x++) {
|
|
if ($x != 0) {
|
|
$toAdd .= "&";
|
|
}
|
|
if(get_magic_quotes_gpc()){
|
|
$toAdd .= "WAVT_".($theKey)."[".$x."]=".( stripslashes( $_POST[$theKey][$x]) );
|
|
}
|
|
else{
|
|
$toAdd .= "WAVT_".($theKey)."[".$x."]=".($_POST[$theKey][$x]);
|
|
}
|
|
}
|
|
}
|
|
else{
|
|
if(get_magic_quotes_gpc()){
|
|
$toAdd = "WAVT_".($theKey)."=".( stripslashes( $_POST[$theKey] ) );
|
|
}
|
|
else{
|
|
$toAdd = "WAVT_".($theKey)."=".($_POST[$theKey]);
|
|
}
|
|
}
|
|
if ($loopInde != 0) {
|
|
$postVars .= "&";
|
|
}
|
|
$postVars .= $toAdd;
|
|
$loopInde++;
|
|
}
|
|
$postVars .= "&WAVT_".$valPage."_Errors=".substr($theErrors,1);
|
|
$_SESSION['WAVT_'.$valPage."_Errors"] = $postVars;
|
|
}
|
|
|
|
function PostResult($thePage, $theErrors, $valPage, $appendParams = true) {
|
|
$thePostURL = "";
|
|
SaveFormToSession($theErrors, $valPage);
|
|
if (isset($_GET["plugin_file"])) return;
|
|
$thePostURL .= $thePage;
|
|
$urlParams = "";
|
|
$schema = $_SERVER['SERVER_PORT'] == '443' ? 'https' : 'http';
|
|
$host = strlen($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:$_SERVER['SERVER_NAME'];
|
|
|
|
if (strpos($thePostURL,"://") === false) {
|
|
if (strpos($thePage,"/") !== 0) {
|
|
$thePostURL = substr($_SERVER["REQUEST_URI"],0,strrpos($_SERVER["REQUEST_URI"],"/")+1) . $thePostURL;
|
|
}
|
|
if (strpos($thePostURL,"?") !== false) {
|
|
$urlParams = substr($thePostURL,strpos($thePostURL,"?"));
|
|
$thePostURL = substr($thePostURL,0,strpos($thePostURL,"?"));
|
|
}
|
|
$thePostURL = $schema."://".str_replace("%2F","/",$host.rawurlencode($thePostURL)).$urlParams;
|
|
}
|
|
while (!(strpos($thePostURL,"/../") === false)) {
|
|
$thePostURL = substr($thePostURL, 0, strrpos(substr($thePostURL,0,strpos($thePostURL,"/../")),"/")+1).substr($thePostURL,strpos($thePostURL,"/../")+4);
|
|
}
|
|
|
|
if (strpos($thePage,"#") === false && $appendParams && isset($_SERVER['QUERY_STRING']) && ($_SERVER['QUERY_STRING'] != '')) {
|
|
if (strpos($thePostURL,"?") !== false) {
|
|
$thePostURL.= "&" . ($_SERVER['QUERY_STRING']);
|
|
} else {
|
|
$thePostURL.= "?" . ($_SERVER['QUERY_STRING']);
|
|
}
|
|
}
|
|
$thePostURL = str_replace("%23","#",$thePostURL);
|
|
header("Location: ". $thePostURL);
|
|
exit;
|
|
}
|
|
|
|
function WAtrimIt($theString,$leaveLeft,$leaveRight) {
|
|
if (!isset($leaveLeft) || $leaveLeft == 0) {
|
|
$theString = ltrim($theString);
|
|
}
|
|
if (!isset($leaveRight) || $leaveRight == 0) {
|
|
$theString = rtrim($theString);
|
|
}
|
|
return $theString;
|
|
}
|
|
|
|
function WAValidateAN($value,$allowUpper,$allowLower,$allowNumbers,$allowSpace,$extraChars,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$charGood = false;
|
|
$nextChar = substr($value,$x,1);
|
|
$charCode = ord(substr($value,$x,1));
|
|
if ($allowLower) {
|
|
if ($charCode >= 97 && $charCode <= 122) {
|
|
$charGood = true;
|
|
}
|
|
}
|
|
if ($allowUpper) {
|
|
if ($charCode >= 65 && $charCode <= 90) {
|
|
$charGood = true;
|
|
}
|
|
}
|
|
if ($allowNumbers) {
|
|
if ($charCode >= 48 && $charCode <= 57) {
|
|
$charGood = true;
|
|
}
|
|
}
|
|
if ($allowSpace) {
|
|
if ($nextChar == " ") {
|
|
$charGood = true;
|
|
}
|
|
}
|
|
if ($extraChars != "") {
|
|
if (strpos(str_replace(""",'"',$extraChars),$nextChar) !== false) {
|
|
$charGood = true;
|
|
}
|
|
}
|
|
if (!$charGood) {
|
|
$isValid = false;
|
|
$x = strlen($value);
|
|
}
|
|
}
|
|
if ($required && $value == "") $isValid = false;
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateCC($value,$allow,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$accepted = "\r\n\t.- ";
|
|
if (!(!$required && $value == "")) {
|
|
$stripVal = "";
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$charGood = false;
|
|
$nextChar = substr($value,$x,1);
|
|
$charCode = ord($nextChar);
|
|
if ($charCode >= 48 AND $charCode <= 57) {
|
|
$stripVal .= $nextChar;
|
|
} else {
|
|
if (strpos($accepted,$nextChar)==0) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if (strlen($stripVal) < 13)
|
|
$isValid = false;
|
|
if ($isValid) {
|
|
if ($allow != "") {
|
|
$isValid = false;
|
|
$allow = explode(":",$allow);
|
|
foreach ($allow as $aStr) {
|
|
if ($aStr != "" && strpos($stripVal, $aStr) === 0) {
|
|
$isValid = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($isValid) {
|
|
$isValid = WA_isCreditCard($stripVal);
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WA_isCreditCard($st) {
|
|
if ($st == 0)
|
|
return (false);
|
|
if (strlen($st) > 19)
|
|
return (false);
|
|
$sum = 0; $mul = 1; $l = strlen($st);
|
|
for ($i = 0; $i < $l; $i++) {
|
|
$digit = substr($st, $l-$i-1, 1);
|
|
$tproduct = $digit*$mul;
|
|
if ($tproduct >= 10)
|
|
$sum += ($tproduct % 10) + 1;
|
|
else
|
|
$sum += $tproduct;
|
|
if ($mul == 1)
|
|
$mul++;
|
|
else
|
|
$mul--;
|
|
}
|
|
if (($sum % 10) == 0)
|
|
return (true);
|
|
else
|
|
return (false);
|
|
}
|
|
|
|
function WAValidateDT($value,$doDate,$dateFormatStr,$dateMin,$dateMax,$doTime,$timeFormatStr,$timeMin,$timeMax,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$Now = getdate();
|
|
$Today = mktime(0, 0, 0, date("n"), date("j"), date("Y"));
|
|
if (!(!$required && $value=="")) {
|
|
if ($value=="") {
|
|
$isValid = false;
|
|
}
|
|
if ($doDate) {
|
|
if ($dateFormatStr != "") {
|
|
if (preg_match("/".$dateFormatStr."/i", $value)==0) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if ($isValid) {
|
|
$dateVar = WAGetDateFormat($value, $dateFormatStr);
|
|
if (strtotime($dateVar) === 0 || $dateVar == -1 || is_numeric($value) || ((strpos($value, "/") == strrpos($value, "/") && strpos($value, "/") != false)) || ((strpos($value, "-") == strrpos($value, "-") && strpos($value, "-") != false)))
|
|
$isValid = false;
|
|
if ($dateMin != "") {
|
|
$compareDay = WAGetDateFormat($dateMin, $dateFormatStr);
|
|
if ($compareDay == -1) {
|
|
eval("\$compareDay = ".str_replace(""",'"',$dateMin));
|
|
}
|
|
if ($dateVar < $compareDay)
|
|
$isValid = false;
|
|
}
|
|
if ($dateMax != "") {
|
|
$compareDay = WAGetDateFormat($dateMax, $dateFormatStr);
|
|
if ($compareDay == -1) {
|
|
eval("\$compareDay = ".str_replace(""",'"',$dateMax));
|
|
}
|
|
if ($dateVar > $compareDay)
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if ($doTime) {
|
|
$isValid = WAValidateTheTime($doTime, $timeFormatStr, $value, $isValid, $timeMin, $timeMax);
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateTheTime($doTime, $timeFormatStr, $value, $isValid, $timeMin, $timeMax) {
|
|
if ($doTime) {
|
|
if ($timeFormatStr != "") {
|
|
if (preg_match("/".$timeFormatStr."/i", $value)==0) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (strpos($value, ":")===false) {
|
|
$isValid = false;
|
|
}
|
|
if ($isValid) {
|
|
$dateVar = strtotime($value);
|
|
$fullYear = date("Y", $dateVar);
|
|
if ($dateVar == -1)
|
|
$dateVar = strtotime("1/1/1 ".$value);
|
|
if ($dateVar == -1)
|
|
$isValid = false;
|
|
if ($timeMin != "") {
|
|
$Today = strtotime("1/1/1 ".$timeMin);
|
|
if (!$Today == -1) {
|
|
$Today = eval(str_replace(""",'"',$timeMin));
|
|
}
|
|
$enterTime = (date("H", $dateVar)*360) + (date("i", $dateVar)*60) + date("s", $dateVar);
|
|
$minTime = (date("H", $Today)*360) + (date("i", $Today)*60) + date("s", $Today);
|
|
if ($enterTime < $minTime)
|
|
$isValid = false;
|
|
}
|
|
if ($timeMax != "") {
|
|
$Today = strtotime("1/1/1 ".$timeMax);
|
|
if ($Today == -1) {
|
|
$Today = eval(str_replace(""",'"',$timeMax));
|
|
}
|
|
$enterTime = ($dateVar["hours"]*360) + ($dateVar["minutes"]*60) + $dateVar["seconds"];
|
|
$minTime = ($Today["hours"]*360) + ($Today["minutes"]*60) + $Today["seconds"];
|
|
if ($enterTime > $minTime)
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
return $isValid;
|
|
}
|
|
|
|
|
|
function WAGetDateFormat($value, $dateFormat) {
|
|
$isUSServ = (date("n", strtotime("1/2/2006")) == 1);
|
|
$tValue = $value;
|
|
$isEuroDate = (($dateFormat && strpos($dateFormat, "[12]\\d|3[0-1]") < strpos($dateFormat, "1[0-2]|") && strpos($dateFormat, "\\w*") === false) || (!$isUSServ));
|
|
if (($isEuroDate && $isUSServ) || (!$isEuroDate && !$isUSServ)) {
|
|
$datePattn = "/(\\d*)[-\\.\\/](\\d*)[-\\.\\/](\d*)/";
|
|
preg_match($datePattn, $tValue, $tMatch);
|
|
if ($tMatch && sizeof($tMatch)) {
|
|
if ($isEuroDate) {
|
|
$value = $tMatch[2] . "/" . $tMatch[1] . "/" . $tMatch[3];
|
|
}
|
|
else {
|
|
$value = $tMatch[1] . "/" . $tMatch[2] . "/" . $tMatch[3];
|
|
}
|
|
if (strpos($tValue, " ") !== false) {
|
|
$value .= substr($tValue, strpos($tValue, " "));
|
|
}
|
|
}
|
|
}
|
|
return strtotime(preg_replace("/[\.-]/", "/", $value));
|
|
}
|
|
|
|
|
|
function WAValidateEM($value,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
if (!(!$required && $value == "")) {
|
|
$knownDomsPat = "/^(com|net|org|edu|int|mil|gov|arpa|biz|aero|name|coop|info|pro|museum|cat|\w{2,2})$/";
|
|
$emailPat = "/^(.+)@(.+)$/";
|
|
$accepted = "[^\s\(\)><@,;:\\\"\.\[\]]+";
|
|
$quotedUser = "(\"[^\"]*\")";
|
|
$ipDomainPat = "/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/";
|
|
$section = "(".$accepted."|".$quotedUser.")";
|
|
$userPat = "/^".$section."(\\.".$section.")*$/";
|
|
$domainPat = "/^".$accepted."(\\.".$accepted.")*$/";
|
|
$theMatch = preg_match($emailPat,$value,$MatchVal);
|
|
$acceptedPat = "/^" . $accepted . "$/";
|
|
$userName = "";
|
|
$domainName = "";
|
|
if (!$theMatch) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
$userName = $MatchVal[1];
|
|
$domainName = $MatchVal[2];
|
|
$domArr = explode(".",$domainName);
|
|
$IPArray = preg_match($ipDomainPat,$domainName,$ipMatch);
|
|
for ($x=0; $x < strlen($userName); $x++) {
|
|
if ((ord(substr($userName,$x,1)) > 127 && ord(substr($userName,$x,1)) < 192) || ord(substr($userName,$x,1)) > 255) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
for ($x=0; $x < strlen($domainName); $x++) {
|
|
if ((ord(substr($domainName,$x,1)) > 127 && ord(substr($domainName,$x,1)) < 192) || ord(substr($domainName,$x,1)) > 255) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (!preg_match($userPat,$userName)) {
|
|
$isValid = false;
|
|
}
|
|
if ($IPArray) {
|
|
for ($x=1; $x <= 4; $x++) {
|
|
if ($IPArray[x] > 255) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
for ($x=0; $x<sizeof($domArr); $x++) {
|
|
if (!preg_match($acceptedPat,$domArr[$x]) || strlen($domArr[$x]) == 0 || (strlen($domArr[$x]) < 2 && $x >= (sizeof($domArr)-2) && $x > 0)) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (count($domArr) < 2) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateEL($value,$minLength,$maxLength,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
if ($required && $value == "") $isValid = false;
|
|
if (!(!$required && $value == "")) {
|
|
if ((strlen($value) < $minLength) || (strlen($value) > $maxLength && $maxLength > 0)) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateFE($value,$extensions,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$extensions = str_replace(", ",",",$extensions);
|
|
$ExtensionArr = explode(",",$extensions);
|
|
if (!(!$required && $value == "")) {
|
|
$isValid = false;
|
|
if (strrpos($value,".") > 0) {
|
|
$value = substr($value, strrpos($value,"."));
|
|
foreach ($ExtensionArr as $extension) {
|
|
$extension = str_replace(" ","",$extension);
|
|
if (strtolower($value) == strtolower($extension)) {
|
|
$isValid = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateLE($value1,$value2,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
if ($value1 != $value2 || ($required && $value1 == "")) {
|
|
$isValid = false;
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateNM($value,$minLength,$maxLength,$allowDecimals,$punctuationMarks,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$theCheck = (11/10);
|
|
$trueDecimal = substr($theCheck,1,1);
|
|
if (!$punctuationMarks) {
|
|
if ($trueDecimal == ".") {
|
|
$punctuationMarks =",.";
|
|
} else {
|
|
$punctuationMarks =".,";
|
|
}
|
|
}
|
|
$theThousand = substr($punctuationMarks,0,1);
|
|
$theDecimal = substr($punctuationMarks,1,1);
|
|
$startVal = $value;
|
|
$decimalIndex = strlen($value);
|
|
if (strrpos($punctuationMarks, $trueDecimal)===false && strrpos($value, $trueDecimal) !== false) {
|
|
$isValid = false;
|
|
}
|
|
$tempValue = $value;
|
|
if ($theDecimal && strpos($value, $theDecimal) !== false) {
|
|
if (strpos($value, $theDecimal) != strrpos($value, $theDecimal)) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
$decimalIndex = strpos($value, $theDecimal);
|
|
$tempValue = substr($value, 0, $decimalIndex);
|
|
}
|
|
}
|
|
if ($theThousand && $isValid && strpos($tempValue, $theThousand) !== false) {
|
|
if (strpos($tempValue, $theThousand) > 3 || strpos($tempValue, $theThousand) == 0) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
$valArr = explode($theThousand,$tempValue);
|
|
for ($v=1; $v < sizeof($valArr); $v++) {
|
|
if (strlen($valArr[$v]) != 3) {
|
|
$isValid = false;
|
|
break;
|
|
}
|
|
}
|
|
$tempValue = implode("",$valArr);
|
|
}
|
|
}
|
|
if ($isValid && strpos($value, $theDecimal) !== false) {
|
|
$tempValue = $tempValue . substr($value, strpos($value, $theDecimal));
|
|
}
|
|
$value = $tempValue;
|
|
if ($isValid && $trueDecimal != $theDecimal && strpos($value, $theDecimal) !== false) {
|
|
$value = substr($value,0,strpos($value, $theDecimal)) . $trueDecimal . substr($value,strpos($value, $theDecimal)+1);
|
|
}
|
|
if ($isValid && !(!$required && $value=="")) {
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$theDigit = substr($value, $x, 1);
|
|
if (!is_numeric($theDigit) && $theDigit != " " && $theDigit != "," && $theDigit != "." && $theDigit != "-") {
|
|
$isValid = false;
|
|
break;
|
|
}
|
|
}
|
|
if ($value == "") {
|
|
$isValid = false;
|
|
}
|
|
if (!is_numeric($value)) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
if (($minLength !== "" && $minLength > $value) || ($maxLength !== "" && $maxLength < $value)) {
|
|
$isValid = false;
|
|
} else {
|
|
if ($allowDecimals !== "") {
|
|
$decCheck = strpos($startVal,$theDecimal);
|
|
$decCheck += $allowDecimals;
|
|
$decCheck += 2;
|
|
if (strpos($startVal,$theDecimal)!==false && ($decCheck <= strlen($startVal) || $allowDecimals === 0)) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidatePN($value,$areaCode,$international,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$allowed = "*() -./_+".Chr(10).Chr(8);
|
|
$newVal = "";
|
|
if (!(!$required AND $value == "")) {
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$z = substr($value,$x,1);
|
|
if (($z >= "0") && ($z <= "9")) {
|
|
$newVal = $newVal.$z;
|
|
} else {
|
|
if (strpos($allowed,$z) === false) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if ($international) {
|
|
if (strlen($newVal) < 5) {
|
|
$isValid = false;
|
|
}
|
|
} else {
|
|
if (strlen($newVal) == 11) {
|
|
if (substr($newVal,0,1) != "1") {
|
|
$isValid = false;
|
|
}
|
|
} else {
|
|
if ((strlen($newVal) != 10 && strlen($newVal) != 7) || (strlen($newVal)==7 && $areaCode)) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateRX($value,$regExStr,$required,$number) {
|
|
$value = $value;
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$regExStr = str_replace(""", '"', $regExStr);
|
|
if (!(!$required && $value=="")) {
|
|
$theMatch = preg_match($regExStr, $value);
|
|
if (!$theMatch) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateRQ($value,$trimWhite,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
if ($trimWhite) {
|
|
$value = WAtrimIt($value,0,0);
|
|
}
|
|
if (!isset($value) || $value === "") {
|
|
$isValid = false;
|
|
}
|
|
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateRT($value,$notAllowed,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$augValue = " ".strtolower($value)." ";
|
|
$tempVal = $augValue;
|
|
if (!(!$required && $value=="")) {
|
|
$notAllowed = explode(", ", $notAllowed);
|
|
foreach ($notAllowed AS $x) {
|
|
if ($x != "") {
|
|
$notAllowedInfo = explode("|", $x);
|
|
$notAllowedInfo[0] = str_replace (""", "\"", $notAllowedInfo[0]);
|
|
$notAllowedInfo[1] = str_replace (""", "\"", $notAllowedInfo[1]);
|
|
if (!(strpos($tempVal, strtolower($notAllowedInfo[0]))===false)) {
|
|
$isValid = false;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($required && $value=="")
|
|
$isValid = false;
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateSS($value,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$allowed = "*() -./_\n\r+";
|
|
if (!(!$required && $value=="")) {
|
|
$newVal = "";
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$z = substr($value, $x, 1);
|
|
if (($z >= "0") && ($z <= "9")) {
|
|
$newVal .= $z;
|
|
}
|
|
else {
|
|
if (strpos($allowed, $z) < 0) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if (strlen($newVal) != 9) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateUnique($connName,$conn,$db,$tableName,$keyCol,$keyType,$keyValue,$filterCol,$filterType,$filterValue,$required,$number) {
|
|
$WAFV_ErrorMessage = ( ($required) ? WAValidateRQ($filterValue, true, $number) : "" );
|
|
if (!$WAFV_ErrorMessage) {
|
|
$isValid = true;
|
|
$WA_UniqueWhere = Validations_generateWhereClause(array($filterCol, $keyCol), array($filterType, $keyType), array($filterValue, $keyValue), array("=", "<>"));
|
|
$WA_UniqueSQL = "SELECT `".$keyCol."` FROM `".$tableName."` WHERE ".$WA_UniqueWhere->sqlWhereClause;
|
|
if (is_object($conn) && get_class($conn) == "mysqli") {
|
|
$WA_UniqueRS = mysqli_query($conn, $WA_UniqueSQL) or die(mysqli_error());
|
|
if ($WA_UniqueRS->num_rows > 0) {
|
|
$isValid = false;
|
|
}
|
|
} else {
|
|
mysql_select_db($db, $conn);
|
|
$WA_UniqueRS = mysql_query($WA_UniqueSQL, $conn) or die(mysql_error());
|
|
$WA_UniqueRows = mysql_num_rows($WA_UniqueRS);
|
|
if ($WA_UniqueRows) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
if (!function_exists("Validations_generateWhereClause")) {
|
|
class Validations_WhereClause {
|
|
var $sqlWhereClause;
|
|
function __construct($sqlWhereClause = "") {
|
|
$this->sqlWhereClause = $sqlWhereClause;
|
|
}
|
|
}
|
|
function Validations_generateWhereClause($fieldNameList, $columnTypeList, $fieldValueList, $comparisonList)
|
|
{
|
|
$obj = new Validations_WhereClause();
|
|
for ($i = 0; $i < sizeof($fieldNameList); $i++) {
|
|
$formVal = $fieldValueList[$i];
|
|
$WA_typesArray = explode(",", $columnTypeList[$i]);
|
|
$delim = ($WA_typesArray[0] != "none") ? $WA_typesArray[0] : "";
|
|
$altVal = ($WA_typesArray[1] != "none") ? $WA_typesArray[1] : "";
|
|
$emptyVal = ($WA_typesArray[2] != "none") ? $WA_typesArray[2] : "";
|
|
if ($formVal == "" || $formVal == "undefined") {
|
|
$formVal = $emptyVal;
|
|
} else {
|
|
if ($altVal != "") {
|
|
$formVal = $altVal;
|
|
} else if ($delim == "'") { // escape quotes
|
|
$formVal = "'".((!(preg_match("/(^|[^\\\\])'/", $formVal))) ? $formVal : addslashes($formVal));
|
|
if ($comparisonList[$i] == " LIKE ") $formVal .= "%";;
|
|
$formVal .= "'";
|
|
} else if ($delim == "") {
|
|
//numeric
|
|
if (is_numeric($formVal)) {
|
|
$formVal = "".floatval($formVal);
|
|
}
|
|
else {
|
|
$formVal = "0";
|
|
}
|
|
} else {
|
|
$formVal = $delim.Validations_clearOutSQLKeywords($formVal).$delim;
|
|
}
|
|
}
|
|
if (!($delim == "" && strpos($formVal,"()")>0)) {
|
|
if ($formVal == "NULL") {
|
|
$obj->sqlWhereClause .= (($i != 0) ? " AND " : "")."`". Validations_cleanUpColumnName($fieldNameList[$i])."`"." IS " .(($comparisonList[$i] == '<>')?"NOT ":"") .$formVal;
|
|
}
|
|
else {
|
|
$obj->sqlWhereClause .= (($i != 0) ? " AND " : "")."`". Validations_cleanUpColumnName($fieldNameList[$i])."`".Validations_cleanUpEquality($comparisonList[$i]).$formVal;
|
|
}
|
|
}
|
|
}
|
|
return $obj;
|
|
}
|
|
|
|
function Validations_cleanUpColumnName($colName) {
|
|
if (strpos($colName, ";") !== false) {
|
|
$colName = substr($colName, 0, strpos($colName, ";"));
|
|
}
|
|
if (strpos($colName, "(") !== false) {
|
|
$colName = substr($colName, 0, strpos($colName, "("));
|
|
}
|
|
if (strpos($colName, "=") !== false) {
|
|
$colName = substr($colName, 0, strpos($colName, "="));
|
|
}
|
|
return $colName;
|
|
}
|
|
|
|
function Validations_cleanUpEquality($tEquality) {
|
|
if (preg_replace('/^\\s*|\\s*$/', "", $tEquality) != "=") {
|
|
return Validations_cleanUpColumnName($tEquality);
|
|
}
|
|
return $tEquality;
|
|
}
|
|
|
|
function Validations_clearOutSQLKeywords($tString) {
|
|
if (strpos(strtolower($tString), "select") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "drop") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "alter") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "create") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "update") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "insert") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "delete") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "'") !== false) {
|
|
return "";
|
|
}
|
|
if (strpos(strtolower($tString), "#") !== false) {
|
|
return "";
|
|
}
|
|
return $tString;
|
|
}
|
|
|
|
}
|
|
|
|
function WAValidateUR($value,$force,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$valURL = $value;
|
|
if (!strpos($valURL, "://")===false) {
|
|
$valURL = substr($valURL, strpos($valURL, "://")+3);
|
|
}
|
|
if (strpos($valURL, "?")>0) {
|
|
$valURL = substr($valURL, 0,strpos($valURL, "?"));
|
|
}
|
|
if (!(!$required && preg_replace("/\s/", "", $valURL)=="")) {
|
|
if (strtolower($force) == "none") {
|
|
if (strpos($value, "://")!==false)
|
|
$isValid = false;
|
|
}
|
|
if (strpos($value, "?") != strrpos($value, "?") || !strpos($value, " ") === false) {
|
|
$isValid = false;
|
|
}
|
|
if ($isValid) {
|
|
if (!strpos($valURL, ";") === false || !strpos($valURL, "&") === false || !strpos($valURL, "=") === false || !strpos($valURL, ",") === false) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
if (strtolower($force) != "false" && strtolower($force) != "none" && $isValid) {
|
|
$force = preg_replace("/\\s*,\\s*/", ",", $force);
|
|
$force = explode(",", $force);
|
|
$isValid = false;
|
|
foreach ($force as $x) {
|
|
if (strpos(strtolower($value), strtolower($x))===0) {
|
|
$isValid = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
if ($isValid && strpos($valURL, ".") < 1)
|
|
$isValid = false;
|
|
if ($isValid) {
|
|
$tDomain = $valURL;
|
|
if (strpos($tDomain, ":") !== false) {
|
|
$tDomain = substr($tDomain, 0, strpos($tDomain, ":"));
|
|
$tPort = substr($valURL, strlen($tDomain)+1);
|
|
if (strpos($tDomain, "/") !== false) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
if (strpos($tPort, "/") !== false) {
|
|
$tPort = substr($tPort, 0, strpos($tPort, "/"));
|
|
}
|
|
if (!is_numeric($tPort) && $tPort !== "") {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
if ($isValid && strpos($tDomain, "/") !== false) {
|
|
$tDomain = substr($tDomain, 0, strpos($tDomain, "/"));
|
|
}
|
|
if ($isValid) {
|
|
$tDomainA = explode(".", $tDomain);
|
|
if (sizeof($tDomainA) < 2) {
|
|
$isValid = false;
|
|
}
|
|
else {
|
|
$ipMatch = "/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/";
|
|
if (preg_match($ipMatch,$tDomain)) {
|
|
if ($tDomainA[0] > 255 || $tDomainA[1] > 255 || $tDomainA[2] > 255 || $tDomainA[3] > 255) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
else {
|
|
if (strlen($tDomainA[sizeof($tDomainA)-1]) < 2 || strlen($tDomainA[sizeof($tDomainA)-2]) < 2) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if ($isValid && $required && preg_replace("/\s/", "", $valURL)=="")
|
|
$isValid = false;
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
|
|
function WAValidateZC($value,$us5,$us9,$can6,$uk,$required,$number) {
|
|
$WAFV_ErrorMessage = "";
|
|
$isValid = true;
|
|
$allowed = "() -.\n\r";
|
|
$charVal = "";
|
|
if (!(!$required && $value=="")) {
|
|
$newVal = "";
|
|
$hasLetters = false;
|
|
for ($x=0; $x < strlen($value); $x++) {
|
|
$z = substr($value, $x, 1);
|
|
if (($z >= "0") && ($z <= "9")) {
|
|
$newVal .= $z;
|
|
$charVal .= "N";
|
|
}
|
|
else if (($uk || $can6) && ((($z >= "a") && ($z <= "z")) || (($z >= "A") && ($z <= "Z")))) {
|
|
$charVal .= "A";
|
|
$hasLetters = true;
|
|
}
|
|
else if (strpos($allowed, $z) < 0 || $x == 0 || $x == strlen($value)-1) {
|
|
$isValid = false;
|
|
}
|
|
}
|
|
$acceptPattern = ",";
|
|
if ($us5) {
|
|
$acceptPattern .= "NNNNN,";
|
|
}
|
|
if ($us9) {
|
|
$acceptPattern .= "NNNNNNNNN,";
|
|
}
|
|
if ($uk) {
|
|
$acceptPattern .= "ANNAA,ANNNAA,AANNAA,AANNNAA,ANANAA,AANANAA,";
|
|
}
|
|
if ($can6) {
|
|
$acceptPattern .= "ANANAN,";
|
|
}
|
|
if (strpos($acceptPattern,",".$charVal.",") === false)
|
|
$isValid = false;
|
|
if ($isValid && !$hasLetters && ($us5 || $us9)) {
|
|
if ($us5) {
|
|
$isValid = preg_match('/^\d{5}$/', $value);
|
|
}
|
|
if ($us9 && (($us5 && !$isValid) || !$us5)) {
|
|
$isValid = (preg_match('/^\d{5}[-\. ]\d{4}$/', $value) || preg_match('/^\d{9}$/', $value));
|
|
}
|
|
}
|
|
}
|
|
if (!$isValid) {
|
|
$WAFV_ErrorMessage .= ",".$number;
|
|
}
|
|
return $WAFV_ErrorMessage;
|
|
}
|
|
?>
|