From 04d30cfe16e11140c8efb22afd61f2386c35cd87 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Tue, 20 Jul 2021 17:25:03 -0600 Subject: Handle input validation in abstract Form class --- includes/form/CreateThreadForm.php | 45 ++++++++++++++++++++++++++++++ includes/form/Form.php | 45 ++++++++++++++++++++++++++++++ includes/form/RegisterForm.php | 56 ++++++++++++++++++++++++++++++++++++++ includes/form/SignInForm.php | 32 ++++++++++++++++++++++ includes/model/User.php | 17 ++++++------ 5 files changed, 187 insertions(+), 8 deletions(-) create mode 100644 includes/form/CreateThreadForm.php create mode 100644 includes/form/Form.php create mode 100644 includes/form/RegisterForm.php create mode 100644 includes/form/SignInForm.php (limited to 'includes') diff --git a/includes/form/CreateThreadForm.php b/includes/form/CreateThreadForm.php new file mode 100644 index 0000000..3774f6a --- /dev/null +++ b/includes/form/CreateThreadForm.php @@ -0,0 +1,45 @@ +report_error("Post content cannot be empty"); + } else { + $result = filter_var($post_content, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_thread_subject($thread_subject): ?string + { + $result = null; + + if (empty($thread_subject)) { + $this->report_error("Thread subject cannot be empty"); + } else { + $result = filter_var($thread_subject, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_thread_category($thread_category): ?int + { + $result = null; + + if (empty($thread_category)) { + $this->report_error("Invalid thread category"); + } else { + $result = filter_var($thread_category, FILTER_SANITIZE_NUMBER_INT); + } + + return $result; + } +} \ No newline at end of file diff --git a/includes/form/Form.php b/includes/form/Form.php new file mode 100644 index 0000000..3f1bd62 --- /dev/null +++ b/includes/form/Form.php @@ -0,0 +1,45 @@ +errors[] = $error_string; + $this->success = false; + } + + public function success(): bool + { + return $this->success; + } + + public function html_error_list(): string + { + if ($this->success) + return ""; + + if (count($this->errors) > 1) { + $result = ''; + return $result; + } else { + return $this->errors[0]; + } + } + + public function on_success(Closure $param) + { + if ($this->success()) { + $param(); + } else { + echo '

Please check the following problems:

'; + trigger_error($this->html_error_list()); + } + } +} \ No newline at end of file diff --git a/includes/form/RegisterForm.php b/includes/form/RegisterForm.php new file mode 100644 index 0000000..4967048 --- /dev/null +++ b/includes/form/RegisterForm.php @@ -0,0 +1,56 @@ +report_error("You must provide a username."); + } else { + $result = filter_var($username, FILTER_SANITIZE_STRING); + + if (!preg_match(self::USERNAME_REGEX, $result)) { + $this->report_error("Username can only contain letters, numbers and underscores."); + } + + if (strlen($result) > 30) { + $this->report_error("Your username must be 30 characters or less."); + } + + if (User::username_exists($result)) { + $this->report_error("The username '" . $result . "' has already been taken by another user."); + } + } + return $result; + } + + public function validate_password($password, $password_check): ?string + { + $result = null; + + if (empty($password)) { + $this->report_error("You must provide a password."); + } else { + $result = filter_var($password, FILTER_SANITIZE_STRING); + $pass_check = filter_var($password_check, FILTER_SANITIZE_STRING); + + if (preg_match(self::PASSWORD_REGEX, $result) === false) { + $this->report_error("Password contains invalid characters!"); + } + + if ($result !== $pass_check) { + $this->report_error("The two passwords do not match."); + } + } + + return $result; + } +} diff --git a/includes/form/SignInForm.php b/includes/form/SignInForm.php new file mode 100644 index 0000000..3735029 --- /dev/null +++ b/includes/form/SignInForm.php @@ -0,0 +1,32 @@ +report_error('Please provide a username.'); + } else { + $result = filter_var($username, FILTER_SANITIZE_STRING); + } + + return $result; + } + + public function validate_password($password): ?string + { + $result = null; + + if (empty($password)) { + $this->report_error('Please provide a password.'); + } else { + $result = filter_var($password, FILTER_SANITIZE_STRING); + } + + return $result; + } +} \ No newline at end of file diff --git a/includes/model/User.php b/includes/model/User.php index ba475c7..785b847 100755 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -56,9 +56,10 @@ class User return $this->has_value; } - public static function register(string $username, string $pass_hash) + public static function register(string $username, string $password) { $sql = "INSERT INTO users(user_name, user_pass, user_date, user_level) VALUES(?, ?, NOW(), 0);"; + $pass_hash = password_hash($password, PASSWORD_DEFAULT); Database::get()->query($sql, "ss", $username, $pass_hash); } @@ -92,12 +93,12 @@ class User return $threads; } -} -function username_exists(string $username): bool -{ - $sql = "SELECT * FROM users WHERE user_name = ?;"; - $result = Database::get()->query($sql, "s", $username); + public static function username_exists(string $username): bool + { + $sql = "SELECT * FROM users WHERE user_name = ?;"; + $result = Database::get()->query($sql, "s", $username); - return !empty($result); -} \ No newline at end of file + return !empty($result); + } +} -- cgit v1.2.3