From 04d30cfe16e11140c8efb22afd61f2386c35cd87 Mon Sep 17 00:00:00 2001
From: cflip <36554078+cflip@users.noreply.github.com>
Date: Tue, 20 Jul 2021 17:25:03 -0600
Subject: Handle input validation in abstract Form class

---
 includes/form/CreateThreadForm.php | 45 ++++++++++++++++++++++++++++++
 includes/form/Form.php             | 45 ++++++++++++++++++++++++++++++
 includes/form/RegisterForm.php     | 56 ++++++++++++++++++++++++++++++++++++++
 includes/form/SignInForm.php       | 32 ++++++++++++++++++++++
 4 files changed, 178 insertions(+)
 create mode 100644 includes/form/CreateThreadForm.php
 create mode 100644 includes/form/Form.php
 create mode 100644 includes/form/RegisterForm.php
 create mode 100644 includes/form/SignInForm.php

(limited to 'includes/form')

diff --git a/includes/form/CreateThreadForm.php b/includes/form/CreateThreadForm.php
new file mode 100644
index 0000000..3774f6a
--- /dev/null
+++ b/includes/form/CreateThreadForm.php
@@ -0,0 +1,45 @@
+<?php
+
+include_once './includes/form/Form.php';
+
+class CreateThreadForm extends Form
+{
+	public function validate_post_content($post_content): ?string
+	{
+		$result = null;
+
+		if (empty($post_content)) {
+			$this->report_error("Post content cannot be empty");
+		} else {
+			$result = filter_var($post_content, FILTER_SANITIZE_STRING);
+		}
+
+		return $result;
+	}
+
+	public function validate_thread_subject($thread_subject): ?string
+	{
+		$result = null;
+
+		if (empty($thread_subject)) {
+			$this->report_error("Thread subject cannot be empty");
+		} else {
+			$result = filter_var($thread_subject, FILTER_SANITIZE_STRING);
+		}
+
+		return $result;
+	}
+
+	public function validate_thread_category($thread_category): ?int
+	{
+		$result = null;
+
+		if (empty($thread_category)) {
+			$this->report_error("Invalid thread category");
+		} else {
+			$result = filter_var($thread_category, FILTER_SANITIZE_NUMBER_INT);
+		}
+
+		return $result;
+	}
+}
\ No newline at end of file
diff --git a/includes/form/Form.php b/includes/form/Form.php
new file mode 100644
index 0000000..3f1bd62
--- /dev/null
+++ b/includes/form/Form.php
@@ -0,0 +1,45 @@
+<?php
+
+abstract class Form
+{
+	private $errors = array();
+	private $success = true;
+
+	protected function report_error($error_string)
+	{
+		$this->errors[] = $error_string;
+		$this->success = false;
+	}
+
+	public function success(): bool
+	{
+		return $this->success;
+	}
+
+	public function html_error_list(): string
+	{
+		if ($this->success)
+			return "";
+
+		if (count($this->errors) > 1) {
+			$result = '<ul>';
+			foreach ($this->errors as $err) {
+				$result .= '<li>' . $err . '</li>';
+			}
+			$result .= '</ul>';
+			return $result;
+		} else {
+			return $this->errors[0];
+		}
+	}
+
+	public function on_success(Closure $param)
+	{
+		if ($this->success()) {
+			$param();
+	    } else {
+			echo '<p>Please check the following problems:</p>';
+			trigger_error($this->html_error_list());
+		}
+	}
+}
\ No newline at end of file
diff --git a/includes/form/RegisterForm.php b/includes/form/RegisterForm.php
new file mode 100644
index 0000000..4967048
--- /dev/null
+++ b/includes/form/RegisterForm.php
@@ -0,0 +1,56 @@
+<?php
+
+include_once './includes/form/Form.php';
+include_once './includes/model/User.php';
+
+class RegisterForm extends Form
+{
+	const USERNAME_REGEX = "/^[a-zA-Z0-9_]*$/";
+	const PASSWORD_REGEX = "/^[a-zA-Z0-9\W]*$/";
+
+    public function validate_username($username): ?string
+    {
+		$result = null;
+
+    	if (empty($username)) {
+			$this->report_error("You must provide a username.");
+		} else {
+			$result = filter_var($username, FILTER_SANITIZE_STRING);
+
+			if (!preg_match(self::USERNAME_REGEX, $result)) {
+				$this->report_error("Username can only contain letters, numbers and underscores.");
+			}
+
+			if (strlen($result) > 30) {
+				$this->report_error("Your username must be 30 characters or less.");
+			}
+
+			if (User::username_exists($result)) {
+				$this->report_error("The username '" . $result . "' has already been taken by another user.");
+			}
+		}
+    	return $result;
+    }
+
+    public function validate_password($password, $password_check): ?string
+    {
+		$result = null;
+
+    	if (empty($password)) {
+			$this->report_error("You must provide a password.");
+		} else {
+			$result = filter_var($password, FILTER_SANITIZE_STRING);
+			$pass_check = filter_var($password_check, FILTER_SANITIZE_STRING);
+
+			if (preg_match(self::PASSWORD_REGEX, $result) === false) {
+				$this->report_error("Password contains invalid characters!");
+			}
+
+			if ($result !== $pass_check) {
+				$this->report_error("The two passwords do not match.");
+			}
+		}
+
+    	return $result;
+    }
+}
diff --git a/includes/form/SignInForm.php b/includes/form/SignInForm.php
new file mode 100644
index 0000000..3735029
--- /dev/null
+++ b/includes/form/SignInForm.php
@@ -0,0 +1,32 @@
+<?php
+
+include_once './includes/form/Form.php';
+
+class SignInForm extends Form
+{
+	public function validate_username($username): ?string
+	{
+		$result = null;
+
+		if (empty($username)) {
+			$this->report_error('Please provide a username.');
+		} else {
+			$result = filter_var($username, FILTER_SANITIZE_STRING);
+		}
+
+		return $result;
+	}
+
+	public function validate_password($password): ?string
+	{
+		$result = null;
+
+		if (empty($password)) {
+			$this->report_error('Please provide a password.');
+		} else {
+			$result = filter_var($password, FILTER_SANITIZE_STRING);
+		}
+
+		return $result;
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3