github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-20 21:33:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactored Validate class (#646)

Browse source 
* Refactored Validate class

* Fixed undefined variables

* Moved check for empty
This commit is contained in:
Roman Kelesidis 2023-03-20 17:08:34 +07:00 committed by GitHub
commit 8cbe09027a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 35 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/admin_disallow.php
View file

@ -21,7 +21,7 @@ if (isset($_POST['add_name'])) {
if ($disallowed_user == '') { if ($disallowed_user == '') {
bb_die($lang['FIELDS_EMPTY']); bb_die($lang['FIELDS_EMPTY']);
} }
if (\TorrentPier\Legacy\Validate::username($disallowed_user)) { if (\TorrentPier\Validate::username($disallowed_user)) {
$message = $lang['DISALLOWED_ALREADY']; $message = $lang['DISALLOWED_ALREADY'];
} else { } else {
$sql = 'INSERT INTO ' . BB_DISALLOW . " (disallow_username) VALUES('" . DB()->escape($disallowed_user) . "')"; $sql = 'INSERT INTO ' . BB_DISALLOW . " (disallow_username) VALUES('" . DB()->escape($disallowed_user) . "')";

4
library/ajax/edit_user_profile.php
View file

@ -26,7 +26,7 @@ $value = $this->request['value'] = (string)(isset($this->request['value'])) ? $t
switch ($field) { switch ($field) {
case 'username': case 'username':
$value = clean_username($value); $value = clean_username($value);
if ($err = \TorrentPier\Legacy\Validate::username($value)) { if ($err = \TorrentPier\Validate::username($value)) {
$this->ajax_die(strip_tags($err)); $this->ajax_die(strip_tags($err));
} }
$this->response['new_value'] = $this->request['value']; $this->response['new_value'] = $this->request['value'];
@ -34,7 +34,7 @@ switch ($field) {
case 'user_email': case 'user_email':
$value = htmlCHR($value); $value = htmlCHR($value);
if ($err = \TorrentPier\Legacy\Validate::email($value)) { if ($err = \TorrentPier\Validate::email($value)) {
$this->ajax_die($err); $this->ajax_die($err);
} }
$this->response['new_value'] = $this->request['value']; $this->response['new_value'] = $this->request['value'];

10
library/ajax/user_register.php
View file

@ -20,9 +20,7 @@ switch ($mode) {
case 'check_name': case 'check_name':
$username = clean_username($this->request['username']); $username = clean_username($this->request['username']);
if (empty($username)) { if ($err = \TorrentPier\Validate::username($username)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_A_NAME'] . '</span>';
} elseif ($err = \TorrentPier\Legacy\Validate::username($username)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>'; $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>';
} }
break; break;
@ -30,9 +28,7 @@ switch ($mode) {
case 'check_email': case 'check_email':
$email = (string)$this->request['email']; $email = (string)$this->request['email'];
if (empty($email)) { if ($err = \TorrentPier\Validate::email($email)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_E_MAIL'] . '</span>';
} elseif ($err = \TorrentPier\Legacy\Validate::email($email)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>'; $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>';
} }
break; break;
@ -41,7 +37,7 @@ switch ($mode) {
$pass = (string)$this->request['pass']; $pass = (string)$this->request['pass'];
$pass_confirm = (string)$this->request['pass_confirm']; $pass_confirm = (string)$this->request['pass_confirm'];
if ($err = \TorrentPier\Legacy\Validate::password($pass, $pass_confirm)) { if ($err = \TorrentPier\Validate::password($pass, $pass_confirm)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>'; $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>';
} else { } else {
$text = (IS_GUEST) ? $lang['CHOOSE_PASS_REG_OK'] : $lang['CHOOSE_PASS_OK']; $text = (IS_GUEST) ? $lang['CHOOSE_PASS_REG_OK'] : $lang['CHOOSE_PASS_OK'];

8
library/includes/ucp/register.php
View file

@ -180,7 +180,7 @@ foreach ($profile_fields as $field => $can_edit) {
$username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username']; $username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username'];
if ($submit) { if ($submit) {
$err = \TorrentPier\Legacy\Validate::username($username); $err = \TorrentPier\Validate::username($username);
if (!$errors and $err && $mode == 'register') { if (!$errors and $err && $mode == 'register') {
$errors[] = $err; $errors[] = $err;
} }
@ -204,7 +204,7 @@ foreach ($profile_fields as $field => $can_edit) {
// пароль для гостя и при смене пароля юзером // пароль для гостя и при смене пароля юзером
if (!empty($new_pass)) { if (!empty($new_pass)) {
if ($err = \TorrentPier\Legacy\Validate::password($new_pass, $cfm_pass)) { if ($err = \TorrentPier\Validate::password($new_pass, $cfm_pass)) {
$errors[] = $err; $errors[] = $err;
} }
@ -236,7 +236,7 @@ foreach ($profile_fields as $field => $can_edit) {
if (empty($email)) { if (empty($email)) {
$errors[] = $lang['CHOOSE_E_MAIL']; $errors[] = $lang['CHOOSE_E_MAIL'];
} }
if (!$errors and $err = \TorrentPier\Legacy\Validate::email($email)) { if (!$errors and $err = \TorrentPier\Validate::email($email)) {
$errors[] = $err; $errors[] = $err;
} }
$db_data['user_email'] = $email; $db_data['user_email'] = $email;
@ -246,7 +246,7 @@ foreach ($profile_fields as $field => $can_edit) {
if (!$cur_pass_valid) { if (!$cur_pass_valid) {
$errors[] = $lang['CONFIRM_PASSWORD_EXPLAIN']; $errors[] = $lang['CONFIRM_PASSWORD_EXPLAIN'];
} }
if (!$errors and $err = \TorrentPier\Legacy\Validate::email($email)) { if (!$errors and $err = \TorrentPier\Validate::email($email)) {
$errors[] = $err; $errors[] = $err;
} }
if ($bb_cfg['reg_email_activation']) { if ($bb_cfg['reg_email_activation']) {

1
src/Legacy/Post.php
View file

@ -11,6 +11,7 @@ namespace TorrentPier\Legacy;
use TorrentPier\Emailer; use TorrentPier\Emailer;
use TorrentPier\Legacy\Admin\Common; use TorrentPier\Legacy\Admin\Common;
use TorrentPier\Validate;
/** /**
* Class Post * Class Post

36
src/Legacy/Validate.php → src/Validate.php
View file

@ -7,7 +7,7 @@
* @license https://github.com/torrentpier/torrentpier/blob/master/LICENSE MIT License * @license https://github.com/torrentpier/torrentpier/blob/master/LICENSE MIT License
*/ */
namespace TorrentPier\Legacy; namespace TorrentPier;
use Egulias\EmailValidator\EmailValidator; use Egulias\EmailValidator\EmailValidator;
use Egulias\EmailValidator\Validation\DNSCheckValidation; use Egulias\EmailValidator\Validation\DNSCheckValidation;
@ -18,7 +18,7 @@ use Egulias\EmailValidator\Validation\Extra\SpoofCheckValidation;
/** /**
* Class Validate * Class Validate
* @package TorrentPier\Legacy * @package TorrentPier
*/ */
class Validate class Validate
{ {
@ -30,12 +30,17 @@ class Validate
* *
* @return bool|string * @return bool|string
*/ */
public static function username($username, $check_ban_and_taken = true) public static function username(string $username, bool $check_ban_and_taken = true)
{ {
global $user, $lang; global $user, $lang;
static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\#\-\'.:+ '; static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\#\-\'.:+ ';
// Check for empty
if (empty($username)) {
return $lang['CHOOSE_A_NAME'];
}
$username = str_compact($username); $username = str_compact($username);
$username = clean_username($username); $username = clean_username($username);
@ -61,17 +66,16 @@ class Validate
} }
} }
if ($check_ban_and_taken) { if ($check_ban_and_taken) {
// Занято // Check taken
$username_sql = DB()->escape($username); $username_sql = DB()->escape($username);
if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '$username_sql' LIMIT 1")) { if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '$username_sql' LIMIT 1")) {
if ((!IS_GUEST && $row['username'] != $user->name) || IS_GUEST) { if ((!IS_GUEST && $row['username'] != $user->name) || IS_GUEST) {
return $lang['USERNAME_TAKEN']; return $lang['USERNAME_TAKEN'];
} }
} }
// Запрещено
$banned_names = [];
// Check banned
$banned_names = [];
foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) { foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) {
$banned_names[] = str_replace('\*', '.*?', preg_quote($row['disallow_username'], '#u')); $banned_names[] = str_replace('\*', '.*?', preg_quote($row['disallow_username'], '#u'));
} }
@ -93,13 +97,21 @@ class Validate
* *
* @return bool|string * @return bool|string
*/ */
public static function email($email, $check_ban_and_taken = true) public static function email(string $email, bool $check_ban_and_taken = true)
{ {
global $lang, $userdata, $bb_cfg; global $lang, $userdata, $bb_cfg;
if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) { // Check for empty
if (empty($email)) {
return $lang['CHOOSE_E_MAIL'];
}
// Basic email validate
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return $lang['EMAIL_INVALID']; return $lang['EMAIL_INVALID'];
} }
// Check max length
if (\strlen($email) > USEREMAIL_MAX_LENGTH) { if (\strlen($email) > USEREMAIL_MAX_LENGTH) {
return $lang['EMAIL_TOO_LONG']; return $lang['EMAIL_TOO_LONG'];
} }
@ -121,8 +133,8 @@ class Validate
} }
if ($check_ban_and_taken) { if ($check_ban_and_taken) {
// Check banned
$banned_emails = []; $banned_emails = [];
foreach (DB()->fetch_rowset("SELECT ban_email FROM " . BB_BANLIST . " ORDER BY NULL") as $row) { foreach (DB()->fetch_rowset("SELECT ban_email FROM " . BB_BANLIST . " ORDER BY NULL") as $row) {
$banned_emails[] = str_replace('\*', '.*?', preg_quote($row['ban_email'], '#')); $banned_emails[] = str_replace('\*', '.*?', preg_quote($row['ban_email'], '#'));
} }
@ -132,8 +144,8 @@ class Validate
} }
} }
// Check taken
$email_sql = DB()->escape($email); $email_sql = DB()->escape($email);
if ($row = DB()->fetch_row("SELECT `user_email` FROM " . BB_USERS . " WHERE user_email = '$email_sql' LIMIT 1")) { if ($row = DB()->fetch_row("SELECT `user_email` FROM " . BB_USERS . " WHERE user_email = '$email_sql' LIMIT 1")) {
if ($row['user_email'] == $userdata['user_email']) { if ($row['user_email'] == $userdata['user_email']) {
return false; return false;
@ -159,7 +171,7 @@ class Validate
global $lang; global $lang;
// Check for empty // Check for empty
if (empty($pass) || empty($pass_confirm)) { if (empty($password) || empty($password_confirm)) {
return $lang['CHOOSE_PASS']; return $lang['CHOOSE_PASS'];
} }