diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/form/CreateThreadForm.php | 45 | ||||
| -rw-r--r-- | includes/form/Form.php | 45 | ||||
| -rw-r--r-- | includes/form/RegisterForm.php | 56 | ||||
| -rw-r--r-- | includes/form/SignInForm.php | 32 | ||||
| -rwxr-xr-x | includes/model/User.php | 17 |
5 files changed, 187 insertions, 8 deletions
diff --git a/includes/form/CreateThreadForm.php b/includes/form/CreateThreadForm.php new file mode 100644 index 0000000..3774f6a --- /dev/null +++ b/includes/form/CreateThreadForm.php @@ -0,0 +1,45 @@ +<?php + +include_once './includes/form/Form.php'; + +class CreateThreadForm extends Form +{ + public function validate_post_content($post_content): ?string + { + $result = null; + + if (empty($post_content)) { + $this->report_error("Post content cannot be empty"); + } else { + $result = filter_var($post_content, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_thread_subject($thread_subject): ?string + { + $result = null; + + if (empty($thread_subject)) { + $this->report_error("Thread subject cannot be empty"); + } else { + $result = filter_var($thread_subject, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_thread_category($thread_category): ?int + { + $result = null; + + if (empty($thread_category)) { + $this->report_error("Invalid thread category"); + } else { + $result = filter_var($thread_category, FILTER_SANITIZE_NUMBER_INT); + } + + return $result; + } +}
\ No newline at end of file diff --git a/includes/form/Form.php b/includes/form/Form.php new file mode 100644 index 0000000..3f1bd62 --- /dev/null +++ b/includes/form/Form.php @@ -0,0 +1,45 @@ +<?php + +abstract class Form +{ + private $errors = array(); + private $success = true; + + protected function report_error($error_string) + { + $this->errors[] = $error_string; + $this->success = false; + } + + public function success(): bool + { + return $this->success; + } + + public function html_error_list(): string + { + if ($this->success) + return ""; + + if (count($this->errors) > 1) { + $result = '<ul>'; + foreach ($this->errors as $err) { + $result .= '<li>' . $err . '</li>'; + } + $result .= '</ul>'; + return $result; + } else { + return $this->errors[0]; + } + } + + public function on_success(Closure $param) + { + if ($this->success()) { + $param(); + } else { + echo '<p>Please check the following problems:</p>'; + trigger_error($this->html_error_list()); + } + } +}
\ No newline at end of file diff --git a/includes/form/RegisterForm.php b/includes/form/RegisterForm.php new file mode 100644 index 0000000..4967048 --- /dev/null +++ b/includes/form/RegisterForm.php @@ -0,0 +1,56 @@ +<?php + +include_once './includes/form/Form.php'; +include_once './includes/model/User.php'; + +class RegisterForm extends Form +{ + const USERNAME_REGEX = "/^[a-zA-Z0-9_]*$/"; + const PASSWORD_REGEX = "/^[a-zA-Z0-9\W]*$/"; + + public function validate_username($username): ?string + { + $result = null; + + if (empty($username)) { + $this->report_error("You must provide a username."); + } else { + $result = filter_var($username, FILTER_SANITIZE_STRING); + + if (!preg_match(self::USERNAME_REGEX, $result)) { + $this->report_error("Username can only contain letters, numbers and underscores."); + } + + if (strlen($result) > 30) { + $this->report_error("Your username must be 30 characters or less."); + } + + if (User::username_exists($result)) { + $this->report_error("The username '" . $result . "' has already been taken by another user."); + } + } + return $result; + } + + public function validate_password($password, $password_check): ?string + { + $result = null; + + if (empty($password)) { + $this->report_error("You must provide a password."); + } else { + $result = filter_var($password, FILTER_SANITIZE_STRING); + $pass_check = filter_var($password_check, FILTER_SANITIZE_STRING); + + if (preg_match(self::PASSWORD_REGEX, $result) === false) { + $this->report_error("Password contains invalid characters!"); + } + + if ($result !== $pass_check) { + $this->report_error("The two passwords do not match."); + } + } + + return $result; + } +} diff --git a/includes/form/SignInForm.php b/includes/form/SignInForm.php new file mode 100644 index 0000000..3735029 --- /dev/null +++ b/includes/form/SignInForm.php @@ -0,0 +1,32 @@ +<?php + +include_once './includes/form/Form.php'; + +class SignInForm extends Form +{ + public function validate_username($username): ?string + { + $result = null; + + if (empty($username)) { + $this->report_error('Please provide a username.'); + } else { + $result = filter_var($username, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_password($password): ?string + { + $result = null; + + if (empty($password)) { + $this->report_error('Please provide a password.'); + } else { + $result = filter_var($password, FILTER_SANITIZE_STRING); + } + + return $result; + } +}
\ No newline at end of file diff --git a/includes/model/User.php b/includes/model/User.php index ba475c7..785b847 100755 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -56,9 +56,10 @@ class User return $this->has_value;
}
- public static function register(string $username, string $pass_hash)
+ public static function register(string $username, string $password)
{
$sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);";
+ $pass_hash = password_hash($password, PASSWORD_DEFAULT);
Database::get()->query($sql, "ss", $username, $pass_hash);
}
@@ -92,12 +93,12 @@ class User return $threads;
}
-}
-function username_exists(string $username): bool
-{
- $sql = "SELECT * FROM users WHERE user_name = ?;";
- $result = Database::get()->query($sql, "s", $username);
+ public static function username_exists(string $username): bool
+ {
+ $sql = "SELECT * FROM users WHERE user_name = ?;";
+ $result = Database::get()->query($sql, "s", $username);
- return !empty($result);
-}
\ No newline at end of file + return !empty($result);
+ }
+}
|