Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / cdd2ab25d134c67447e1f1f63c28992f8d0a5b68 / . / system / libraries / Validation.php
blob: 162d362daaa37263ca047126cb27888c5ae8abda [file] [log] [blame]
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]1<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 4.3.2 or newer
6 *
7 * @package CodeIgniter
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]8 * @author ExpressionEngine Dev Team
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]9 * @copyright Copyright (c) 2006, EllisLab, Inc.
Derek Allardcdd2ab22008-01-23 00:05:38 +0000[diff] [blame^]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * Validation Class
20 *
21 * @package CodeIgniter
22 * @subpackage Libraries
23 * @category Validation
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]24 * @author ExpressionEngine Dev Team
Derek Allardcdd2ab22008-01-23 00:05:38 +0000[diff] [blame^]25 * @link http://codeigniter.com/user_guide/libraries/validation.html
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]26 */
27class CI_Validation {
28
29 var $CI;
30 var $error_string = '';
31 var $_error_array = array();
32 var $_rules = array();
33 var $_fields = array();
34 var $_error_messages = array();
35 var $_current_field = '';
36 var $_safe_form_data = FALSE;
37 var $_error_prefix = '<p>';
38 var $_error_suffix = '</p>';
39
40
41
42 /**
43 * Constructor
44 *
45 */
46 function CI_Validation()
47 {
48 $this->CI =& get_instance();
49 log_message('debug', "Validation Class Initialized");
50 }
51
52 // --------------------------------------------------------------------
53
54 /**
55 * Set Fields
56 *
57 * This function takes an array of field names as input
58 * and generates class variables with the same name, which will
59 * either be blank or contain the $_POST value corresponding to it
60 *
61 * @access public
62 * @param string
63 * @param string
64 * @return void
65 */
66 function set_fields($data = '', $field = '')
67 {
68 if ($data == '')
69 {
70 if (count($this->_fields) == 0)
71 {
72 return FALSE;
73 }
74 }
75 else
76 {
77 if ( ! is_array($data))
78 {
79 $data = array($data => $field);
80 }
81
82 if (count($data) > 0)
83 {
84 $this->_fields = $data;
85 }
86 }
87
88 foreach($this->_fields as $key => $val)
Derek Jones07edd4b2008-01-18 19:50:49 +0000[diff] [blame]89 {
90 $this->$key = ( ! isset($_POST[$key])) ? '' : $this->prep_for_form($_POST[$key]);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]91
92 $error = $key.'_error';
93 if ( ! isset($this->$error))
94 {
95 $this->$error = '';
96 }
97 }
98 }
99
100 // --------------------------------------------------------------------
101
102 /**
103 * Set Rules
104 *
105 * This function takes an array of field names and validation
106 * rules as input ad simply stores is for use later.
107 *
108 * @access public
109 * @param mixed
110 * @param string
111 * @return void
112 */
113 function set_rules($data, $rules = '')
114 {
115 if ( ! is_array($data))
116 {
117 if ($rules == '')
118 return;
119
120 $data[$data] = $rules;
121 }
122
123 foreach ($data as $key => $val)
124 {
125 $this->_rules[$key] = $val;
126 }
127 }
128
129 // --------------------------------------------------------------------
130
131 /**
132 * Set Error Message
133 *
134 * Lets users set their own error messages on the fly. Note: The key
135 * name has to match the function name that it corresponds to.
136 *
137 * @access public
138 * @param string
139 * @param string
140 * @return string
141 */
142 function set_message($lang, $val = '')
143 {
144 if ( ! is_array($lang))
145 {
146 $lang = array($lang => $val);
147 }
148
149 $this->_error_messages = array_merge($this->_error_messages, $lang);
150 }
151
152 // --------------------------------------------------------------------
153
154 /**
155 * Set The Error Delimiter
156 *
157 * Permits a prefix/suffix to be added to each error message
158 *
159 * @access public
160 * @param string
161 * @param string
162 * @return void
163 */
164 function set_error_delimiters($prefix = '<p>', $suffix = '</p>')
165 {
166 $this->_error_prefix = $prefix;
167 $this->_error_suffix = $suffix;
168 }
169
170 // --------------------------------------------------------------------
171
172 /**
173 * Run the Validator
174 *
175 * This function does all the work.
176 *
177 * @access public
178 * @return bool
179 */
180 function run()
181 {
182 // Do we even have any data to process? Mm?
183 if (count($_POST) == 0 OR count($this->_rules) == 0)
184 {
185 return FALSE;
186 }
187
188 // Load the language file containing error messages
189 $this->CI->lang->load('validation');
190
191 // Cycle through the rules and test for errors
192 foreach ($this->_rules as $field => $rules)
193 {
194 //Explode out the rules!
195 $ex = explode('|', $rules);
196
Rick Ellisa1b05a12007-04-27 21:20:38 +0000[diff] [blame]197 // Is the field required? If not, if the field is blank we'll move on to the next test
Derek Allard3f9e5572007-10-16 13:10:02 +0000[diff] [blame]198 if ( ! in_array('required', $ex, TRUE))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]199 {
200 if ( ! isset($_POST[$field]) OR $_POST[$field] == '')
201 {
202 continue;
203 }
204 }
205
206 /*
207 * Are we dealing with an "isset" rule?
208 *
209 * Before going further, we'll see if one of the rules
210 * is to check whether the item is set (typically this
211 * applies only to checkboxes). If so, we'll
212 * test for it here since there's not reason to go
213 * further
214 */
215 if ( ! isset($_POST[$field]))
216 {
217 if (in_array('isset', $ex, TRUE) OR in_array('required', $ex))
218 {
219 if ( ! isset($this->_error_messages['isset']))
220 {
221 if (FALSE === ($line = $this->CI->lang->line('isset')))
222 {
223 $line = 'The field was not set';
224 }
225 }
226 else
227 {
228 $line = $this->_error_messages['isset'];
229 }
230
Derek Allard9805f612007-12-31 16:02:32 +0000[diff] [blame]231 // Build the error message
232 $mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
233 $message = sprintf($line, $mfield);
234
235 // Set the error variable. Example: $this->username_error
236 $error = $field.'_error';
237 $this->$error = $this->_error_prefix.$message.$this->_error_suffix;
238 $this->_error_array[] = $message;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]239 }
240
241 continue;
242 }
243
244 /*
245 * Set the current field
246 *
247 * The various prepping functions need to know the
248 * current field name so they can do this:
249 *
250 * $_POST[$this->_current_field] == 'bla bla';
251 */
252 $this->_current_field = $field;
253
254 // Cycle through the rules!
255 foreach ($ex As $rule)
256 {
257 // Is the rule a callback?
258 $callback = FALSE;
259 if (substr($rule, 0, 9) == 'callback_')
260 {
261 $rule = substr($rule, 9);
262 $callback = TRUE;
263 }
264
265 // Strip the parameter (if exists) from the rule
266 // Rules can contain a parameter: max_length[5]
267 $param = FALSE;
268 if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match))
269 {
270 $rule = $match[1];
271 $param = $match[2];
272 }
273
274 // Call the function that corresponds to the rule
275 if ($callback === TRUE)
276 {
277 if ( ! method_exists($this->CI, $rule))
278 {
279 continue;
280 }
281
282 $result = $this->CI->$rule($_POST[$field], $param);
283
284 // If the field isn't required and we just processed a callback we'll move on...
285 if ( ! in_array('required', $ex, TRUE) AND $result !== FALSE)
286 {
287 continue 2;
288 }
289
290 }
291 else
292 {
293 if ( ! method_exists($this, $rule))
294 {
295 /*
296 * Run the native PHP function if called for
297 *
298 * If our own wrapper function doesn't exist we see
299 * if a native PHP function does. Users can use
300 * any native PHP function call that has one param.
301 */
302 if (function_exists($rule))
303 {
304 $_POST[$field] = $rule($_POST[$field]);
305 $this->$field = $_POST[$field];
306 }
307
308 continue;
309 }
310
311 $result = $this->$rule($_POST[$field], $param);
312 }
313
314 // Did the rule test negatively? If so, grab the error.
315 if ($result === FALSE)
316 {
317 if ( ! isset($this->_error_messages[$rule]))
318 {
319 if (FALSE === ($line = $this->CI->lang->line($rule)))
320 {
321 $line = 'Unable to access an error message corresponding to your field name.';
322 }
323 }
324 else
325 {
Derek Allard89bf50f2007-08-14 02:39:04 +0000[diff] [blame]326 $line = $this->_error_messages[$rule];
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]327 }
328
329 // Build the error message
330 $mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
331 $mparam = ( ! isset($this->_fields[$param])) ? $param : $this->_fields[$param];
332 $message = sprintf($line, $mfield, $mparam);
333
334 // Set the error variable. Example: $this->username_error
335 $error = $field.'_error';
336 $this->$error = $this->_error_prefix.$message.$this->_error_suffix;
337
338 // Add the error to the error array
339 $this->_error_array[] = $message;
340 continue 2;
341 }
342 }
343
344 }
345
346 $total_errors = count($this->_error_array);
347
348 /*
349 * Recompile the class variables
350 *
351 * If any prepping functions were called the $_POST data
352 * might now be different then the corresponding class
353 * variables so we'll set them anew.
354 */
355 if ($total_errors > 0)
356 {
357 $this->_safe_form_data = TRUE;
358 }
359
360 $this->set_fields();
361
362 // Did we end up with any errors?
363 if ($total_errors == 0)
364 {
365 return TRUE;
366 }
367
368 // Generate the error string
369 foreach ($this->_error_array as $val)
370 {
371 $this->error_string .= $this->_error_prefix.$val.$this->_error_suffix."\n";
372 }
373
374 return FALSE;
375 }
376
377 // --------------------------------------------------------------------
378
379 /**
380 * Required
381 *
382 * @access public
383 * @param string
384 * @return bool
385 */
386 function required($str)
387 {
388 if ( ! is_array($str))
389 {
390 return (trim($str) == '') ? FALSE : TRUE;
391 }
392 else
393 {
394 return ( ! empty($str));
395 }
396 }
397
398 // --------------------------------------------------------------------
399
400 /**
401 * Match one field to another
402 *
403 * @access public
404 * @param string
405 * @return bool
406 */
407 function matches($str, $field)
408 {
409 if ( ! isset($_POST[$field]))
410 {
411 return FALSE;
412 }
413
414 return ($str !== $_POST[$field]) ? FALSE : TRUE;
415 }
416
417 // --------------------------------------------------------------------
418
419 /**
420 * Minimum Length
421 *
422 * @access public
423 * @param string
424 * @return bool
425 */
426 function min_length($str, $val)
427 {
Rick Ellis001e2562007-06-13 22:01:30 +0000[diff] [blame]428 if (preg_match("/[^0-9]/", $val))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]429 {
430 return FALSE;
431 }
432
433 return (strlen($str) < $val) ? FALSE : TRUE;
434 }
435
436 // --------------------------------------------------------------------
437
438 /**
439 * Max Length
440 *
441 * @access public
442 * @param string
443 * @return bool
444 */
445 function max_length($str, $val)
446 {
Rick Ellis001e2562007-06-13 22:01:30 +0000[diff] [blame]447 if (preg_match("/[^0-9]/", $val))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]448 {
449 return FALSE;
450 }
451
452 return (strlen($str) > $val) ? FALSE : TRUE;
453 }
454
455 // --------------------------------------------------------------------
456
457 /**
458 * Exact Length
459 *
460 * @access public
461 * @param string
462 * @return bool
463 */
464 function exact_length($str, $val)
465 {
Rick Ellis001e2562007-06-13 22:01:30 +0000[diff] [blame]466 if (preg_match("/[^0-9]/", $val))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]467 {
468 return FALSE;
469 }
470
471 return (strlen($str) != $val) ? FALSE : TRUE;
472 }
473
474 // --------------------------------------------------------------------
475
476 /**
477 * Valid Email
478 *
479 * @access public
480 * @param string
481 * @return bool
482 */
483 function valid_email($str)
484 {
485 return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
486 }
487
488 // --------------------------------------------------------------------
489
490 /**
491 * Validate IP Address
492 *
493 * @access public
494 * @param string
495 * @return string
496 */
497 function valid_ip($ip)
498 {
Derek Allard53a9c3f2007-09-18 19:18:53 +0000[diff] [blame]499 return $this->CI->input->valid_ip($ip);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]500 }
501
502 // --------------------------------------------------------------------
503
504 /**
505 * Alpha
506 *
507 * @access public
508 * @param string
509 * @return bool
510 */
511 function alpha($str)
512 {
Rick Ellis1adf1db2007-06-11 04:46:57 +0000[diff] [blame]513 return ( ! preg_match("/^([a-z])+$/i", $str)) ? FALSE : TRUE;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]514 }
515
516 // --------------------------------------------------------------------
517
518 /**
519 * Alpha-numeric
520 *
521 * @access public
522 * @param string
523 * @return bool
524 */
525 function alpha_numeric($str)
526 {
Rick Ellis8de97ff2007-06-11 04:38:47 +0000[diff] [blame]527 return ( ! preg_match("/^([a-z0-9])+$/i", $str)) ? FALSE : TRUE;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]528 }
529
530 // --------------------------------------------------------------------
531
532 /**
533 * Alpha-numeric with underscores and dashes
534 *
535 * @access public
536 * @param string
537 * @return bool
538 */
539 function alpha_dash($str)
540 {
541 return ( ! preg_match("/^([-a-z0-9_-])+$/i", $str)) ? FALSE : TRUE;
542 }
543
544 // --------------------------------------------------------------------
545
546 /**
547 * Numeric
548 *
549 * @access public
Derek Allard22cd38b2008-01-22 19:45:03 +0000[diff] [blame]550 * @param string
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]551 * @return bool
552 */
553 function numeric($str)
554 {
Derek Allard20460a62008-01-22 19:40:05 +0000[diff] [blame]555 return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str);
556
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]557 }
558
559 // --------------------------------------------------------------------
560
561 /**
Derek Allard12f9cc82008-01-22 07:21:32 +0000[diff] [blame]562 * Integer
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]563 *
564 * @access public
565 * @param string
566 * @return bool
567 */
Derek Allard12f9cc82008-01-22 07:21:32 +0000[diff] [blame]568 function integer($str)
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]569 {
Derek Allard20460a62008-01-22 19:40:05 +0000[diff] [blame]570 return (bool)preg_match( '/^[\-+]?[0-9]+$/', $str);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]571 }
572
573 // --------------------------------------------------------------------
574
575 /**
576 * Set Select
577 *
578 * Enables pull-down lists to be set to the value the user
579 * selected in the event of an error
580 *
581 * @access public
582 * @param string
583 * @param string
584 * @return string
585 */
586 function set_select($field = '', $value = '')
587 {
588 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
589 {
590 return '';
591 }
592
593 if ($_POST[$field] == $value)
594 {
595 return ' selected="selected"';
596 }
597 }
598
599 // --------------------------------------------------------------------
600
601 /**
602 * Set Radio
603 *
604 * Enables radio buttons to be set to the value the user
605 * selected in the event of an error
606 *
607 * @access public
608 * @param string
609 * @param string
610 * @return string
611 */
612 function set_radio($field = '', $value = '')
613 {
614 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
615 {
616 return '';
617 }
618
619 if ($_POST[$field] == $value)
620 {
621 return ' checked="checked"';
622 }
623 }
624
625 // --------------------------------------------------------------------
626
627 /**
628 * Set Checkbox
629 *
630 * Enables checkboxes to be set to the value the user
631 * selected in the event of an error
632 *
633 * @access public
634 * @param string
635 * @param string
636 * @return string
637 */
638 function set_checkbox($field = '', $value = '')
639 {
640 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
641 {
642 return '';
643 }
644
645 if ($_POST[$field] == $value)
646 {
647 return ' checked="checked"';
648 }
649 }
650
651 // --------------------------------------------------------------------
652
653 /**
654 * Prep data for form
655 *
656 * This function allows HTML to be safely shown in a form.
657 * Special characters are converted.
658 *
659 * @access public
660 * @param string
661 * @return string
662 */
Derek Jones07edd4b2008-01-18 19:50:49 +0000[diff] [blame]663 function prep_for_form($data = '')
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]664 {
Derek Jones07edd4b2008-01-18 19:50:49 +0000[diff] [blame]665 if (is_array($data))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]666 {
Derek Jones07edd4b2008-01-18 19:50:49 +0000[diff] [blame]667 foreach ($data as $key => $val)
668 {
669 $data[$key] = $this->prep_for_form($val);
670 }
671 }
672
673 if ($this->_safe_form_data == FALSE OR $data == '')
674 {
675 return $data;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]676 }
677
Derek Jones07edd4b2008-01-18 19:50:49 +0000[diff] [blame]678 return str_replace(array("'", '"', '<', '>'), array("&#39;", "&quot;", '&lt;', '&gt;'), stripslashes($data));
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]679 }
680
681 // --------------------------------------------------------------------
682
683 /**
684 * Prep URL
685 *
686 * @access public
687 * @param string
688 * @return string
689 */
690 function prep_url($str = '')
691 {
692 if ($str == 'http://' OR $str == '')
693 {
694 $_POST[$this->_current_field] = '';
695 return;
696 }
697
698 if (substr($str, 0, 7) != 'http://' && substr($str, 0, 8) != 'https://')
699 {
700 $str = 'http://'.$str;
701 }
702
703 $_POST[$this->_current_field] = $str;
704 }
705
706 // --------------------------------------------------------------------
707
708 /**
709 * Strip Image Tags
710 *
711 * @access public
712 * @param string
713 * @return string
714 */
715 function strip_image_tags($str)
716 {
717 $_POST[$this->_current_field] = $this->input->strip_image_tags($str);
718 }
719
720 // --------------------------------------------------------------------
721
722 /**
723 * XSS Clean
724 *
725 * @access public
726 * @param string
727 * @return string
728 */
729 function xss_clean($str)
730 {
731 $_POST[$this->_current_field] = $this->CI->input->xss_clean($str);
732 }
733
734 // --------------------------------------------------------------------
735
736 /**
737 * Convert PHP tags to entities
738 *
739 * @access public
740 * @param string
741 * @return string
742 */
743 function encode_php_tags($str)
744 {
745 $_POST[$this->_current_field] = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
746 }
747
748}
749// END Validation Class
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]750?>