/system/classes/kohana/validate.php
PHP | 1084 lines | 525 code | 146 blank | 413 comment | 56 complexity | 5a7630a13911db1dcd7bd3d4bdff8d0b MD5 | raw file
- <?php defined('SYSPATH') or die('No direct script access.');
- /**
- * Array and variable validation.
- *
- * @package Kohana
- * @category Security
- * @author Kohana Team
- * @copyright (c) 2008-2009 Kohana Team
- * @license http://kohanaphp.com/license
- */
- class Kohana_Validate extends ArrayObject {
- /**
- * Creates a new Validation instance.
- *
- * @param array array to use for validation
- * @return object
- */
- public static function factory(array $array)
- {
- return new Validate($array);
- }
- /**
- * Checks if a field is not empty.
- *
- * @return boolean
- */
- public static function not_empty($value)
- {
- if (is_object($value) AND $value instanceof ArrayObject)
- {
- // Get the array from the ArrayObject
- $value = $value->getArrayCopy();
- }
- return ($value === '0' OR ! empty($value));
- }
- /**
- * Checks a field against a regular expression.
- *
- * @param string value
- * @param string regular expression to match (including delimiters)
- * @return boolean
- */
- public static function regex($value, $expression)
- {
- return (bool) preg_match($expression, (string) $value);
- }
- /**
- * Checks that a field is long enough.
- *
- * @param string value
- * @param integer minimum length required
- * @return boolean
- */
- public static function min_length($value, $length)
- {
- return UTF8::strlen($value) >= $length;
- }
- /**
- * Checks that a field is short enough.
- *
- * @param string value
- * @param integer maximum length required
- * @return boolean
- */
- public static function max_length($value, $length)
- {
- return UTF8::strlen($value) <= $length;
- }
- /**
- * Checks that a field is exactly the right length.
- *
- * @param string value
- * @param integer exact length required
- * @return boolean
- */
- public static function exact_length($value, $length)
- {
- return UTF8::strlen($value) === $length;
- }
- /**
- * Check an email address for correct format.
- *
- * @link http://www.iamcal.com/publish/articles/php/parsing_email/
- * @link http://www.w3.org/Protocols/rfc822/
- *
- * @param string email address
- * @param boolean strict RFC compatibility
- * @return boolean
- */
- public static function email($email, $strict = FALSE)
- {
- if ($strict === TRUE)
- {
- $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
- $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
- $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
- $pair = '\\x5c[\\x00-\\x7f]';
- $domain_literal = "\\x5b($dtext|$pair)*\\x5d";
- $quoted_string = "\\x22($qtext|$pair)*\\x22";
- $sub_domain = "($atom|$domain_literal)";
- $word = "($atom|$quoted_string)";
- $domain = "$sub_domain(\\x2e$sub_domain)*";
- $local_part = "$word(\\x2e$word)*";
- $expression = "/^$local_part\\x40$domain$/D";
- }
- else
- {
- $expression = '/^[-_a-z0-9\'+*$^&%=~!?{}]++(?:\.[-_a-z0-9\'+*$^&%=~!?{}]+)*+@(?:(?![-.])[-a-z0-9.]+(?<![-.])\.[a-z]{2,6}|\d{1,3}(?:\.\d{1,3}){3})(?::\d++)?$/iD';
- }
- return (bool) preg_match($expression, (string) $email);
- }
- /**
- * Validate the domain of an email address by checking if the domain has a
- * valid MX record.
- *
- * @link http://php.net/checkdnsrr not added to Windows until PHP 5.3.0
- *
- * @param string email address
- * @return boolean
- */
- public static function email_domain($email)
- {
- // Check if the email domain has a valid MX record
- return (bool) checkdnsrr(preg_replace('/^[^@]++@/', '', $email), 'MX');
- }
- /**
- * Validate a URL.
- *
- * @param string URL
- * @return boolean
- */
- public static function url($url)
- {
- return (bool) filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED);
- }
- /**
- * Validate an IP.
- *
- * @param string IP address
- * @param boolean allow private IP networks
- * @return boolean
- */
- public static function ip($ip, $allow_private = TRUE)
- {
- // Do not allow reserved addresses
- $flags = FILTER_FLAG_NO_RES_RANGE;
- if ($allow_private === FALSE)
- {
- // Do not allow private or reserved addresses
- $flags = $flags | FILTER_FLAG_NO_PRIV_RANGE;
- }
- return (bool) filter_var($ip, FILTER_VALIDATE_IP, $flags);
- }
- /**
- * Validates a credit card number using the Luhn (mod10) formula.
- *
- * @link http://en.wikipedia.org/wiki/Luhn_algorithm
- *
- * @param integer credit card number
- * @param string|array card type, or an array of card types
- * @return boolean
- */
- public static function credit_card($number, $type = NULL)
- {
- // Remove all non-digit characters from the number
- if (($number = preg_replace('/\D+/', '', $number)) === '')
- return FALSE;
- if ($type == NULL)
- {
- // Use the default type
- $type = 'default';
- }
- elseif (is_array($type))
- {
- foreach ($type as $t)
- {
- // Test each type for validity
- if (Validate::credit_card($number, $t))
- return TRUE;
- }
- return FALSE;
- }
- $cards = Kohana::config('credit_cards');
- // Check card type
- $type = strtolower($type);
- if ( ! isset($cards[$type]))
- return FALSE;
- // Check card number length
- $length = strlen($number);
- // Validate the card length by the card type
- if ( ! in_array($length, preg_split('/\D+/', $cards[$type]['length'])))
- return FALSE;
- // Check card number prefix
- if ( ! preg_match('/^'.$cards[$type]['prefix'].'/', $number))
- return FALSE;
- // No Luhn check required
- if ($cards[$type]['luhn'] == FALSE)
- return TRUE;
- // Checksum of the card number
- $checksum = 0;
- for ($i = $length - 1; $i >= 0; $i -= 2)
- {
- // Add up every 2nd digit, starting from the right
- $checksum += substr($number, $i, 1);
- }
- for ($i = $length - 2; $i >= 0; $i -= 2)
- {
- // Add up every 2nd digit doubled, starting from the right
- $double = substr($number, $i, 1) * 2;
- // Subtract 9 from the double where value is greater than 10
- $checksum += ($double >= 10) ? $double - 9 : $double;
- }
- // If the checksum is a multiple of 10, the number is valid
- return ($checksum % 10 === 0);
- }
- /**
- * Checks if a phone number is valid.
- *
- * @param string phone number to check
- * @return boolean
- */
- public static function phone($number, $lengths = NULL)
- {
- if ( ! is_array($lengths))
- {
- $lengths = array(7,10,11);
- }
- // Remove all non-digit characters from the number
- $number = preg_replace('/\D+/', '', $number);
- // Check if the number is within range
- return in_array(strlen($number), $lengths);
- }
- /**
- * Tests if a string is a valid date string.
- *
- * @param string date to check
- * @return boolean
- */
- public static function date($str)
- {
- return (strtotime($str) !== FALSE);
- }
- /**
- * Checks whether a string consists of alphabetical characters only.
- *
- * @param string input string
- * @param boolean trigger UTF-8 compatibility
- * @return boolean
- */
- public static function alpha($str, $utf8 = FALSE)
- {
- $str = (string) $str;
- if ($utf8 === TRUE)
- {
- return (bool) preg_match('/^\pL++$/uD', $str);
- }
- else
- {
- return ctype_alpha($str);
- }
- }
- /**
- * Checks whether a string consists of alphabetical characters and numbers only.
- *
- * @param string input string
- * @param boolean trigger UTF-8 compatibility
- * @return boolean
- */
- public static function alpha_numeric($str, $utf8 = FALSE)
- {
- if ($utf8 === TRUE)
- {
- return (bool) preg_match('/^[\pL\pN]++$/uD', $str);
- }
- else
- {
- return ctype_alnum($str);
- }
- }
- /**
- * Checks whether a string consists of alphabetical characters, numbers, underscores and dashes only.
- *
- * @param string input string
- * @param boolean trigger UTF-8 compatibility
- * @return boolean
- */
- public static function alpha_dash($str, $utf8 = FALSE)
- {
- if ($utf8 === TRUE)
- {
- $regex = '/^[-\pL\pN_]++$/uD';
- }
- else
- {
- $regex = '/^[-a-z0-9_]++$/iD';
- }
- return (bool) preg_match($regex, $str);
- }
- /**
- * Checks whether a string consists of digits only (no dots or dashes).
- *
- * @param string input string
- * @param boolean trigger UTF-8 compatibility
- * @return boolean
- */
- public static function digit($str, $utf8 = FALSE)
- {
- if ($utf8 === TRUE)
- {
- return (bool) preg_match('/^\pN++$/uD', $str);
- }
- else
- {
- return is_int($str) OR ctype_digit($str);
- }
- }
- /**
- * Checks whether a string is a valid number (negative and decimal numbers allowed).
- *
- * Uses {@link http://www.php.net/manual/en/function.localeconv.php locale conversion}
- * to allow decimal point to be locale specific.
- *
- * @param string input string
- * @return boolean
- */
- public static function numeric($str)
- {
- // Get the decimal point for the current locale
- list($decimal) = array_values(localeconv());
- return (bool) preg_match('/^-?[0-9'.$decimal.']++$/D', (string) $str);
- }
- /**
- * Tests if a number is within a range.
- *
- * @param string number to check
- * @param integer minimum value
- * @param integer maximum value
- * @return boolean
- */
- public static function range($number, $min, $max)
- {
- return ($number >= $min AND $number <= $max);
- }
- /**
- * Checks if a string is a proper decimal format. Optionally, a specific
- * number of digits can be checked too.
- *
- * @param string number to check
- * @param integer number of decimal places
- * @param integer number of digits
- * @return boolean
- */
- public static function decimal($str, $places = 2, $digits = NULL)
- {
- if ($digits > 0)
- {
- // Specific number of digits
- $digits = '{'.(int) $digits.'}';
- }
- else
- {
- // Any number of digits
- $digits = '+';
- }
- // Get the decimal point for the current locale
- list($decimal) = array_values(localeconv());
- return (bool) preg_match('/^[0-9]'.$digits.preg_quote($decimal).'[0-9]{'.(int) $places.'}$/D', $str);
- }
- /**
- * Checks if a string is a proper hexadecimal HTML color value. The validation
- * is quite flexible as it does not require an initial "#" and also allows for
- * the short notation using only three instead of six hexadecimal characters.
- *
- * @param string input string
- * @return boolean
- */
- public static function color($str)
- {
- return (bool) preg_match('/^#?+[0-9a-f]{3}(?:[0-9a-f]{3})?$/iD', $str);
- }
- // Field filters
- protected $_filters = array();
- // Field rules
- protected $_rules = array();
- // Field callbacks
- protected $_callbacks = array();
- // Field labels
- protected $_labels = array();
- // Rules that are executed even when the value is empty
- protected $_empty_rules = array('not_empty', 'matches');
- // Error list, field => rule
- protected $_errors = array();
- /**
- * Sets the unique "any field" key and creates an ArrayObject from the
- * passed array.
- *
- * @param array array to validate
- * @return void
- */
- public function __construct(array $array)
- {
- parent::__construct($array, ArrayObject::STD_PROP_LIST);
- }
- /**
- * Copies the current filter/rule/callback to a new array.
- *
- * $copy = $array->copy($new_data);
- *
- * @param array new data set
- * @return Validation
- * @since 3.0.5
- */
- public function copy(array $array)
- {
- // Create a copy of the current validation set
- $copy = clone $this;
- // Replace the data set
- $copy->exchangeArray($array);
- return $copy;
- }
- /**
- * Returns the array representation of the current object.
- *
- * @return array
- */
- public function as_array()
- {
- return $this->getArrayCopy();
- }
- /**
- * Sets or overwrites the label name for a field.
- *
- * @param string field name
- * @param string label
- * @return $this
- */
- public function label($field, $label)
- {
- // Set the label for this field
- $this->_labels[$field] = $label;
- return $this;
- }
- /**
- * Sets labels using an array.
- *
- * @param array list of field => label names
- * @return $this
- */
- public function labels(array $labels)
- {
- $this->_labels = $labels + $this->_labels;
- return $this;
- }
- /**
- * Overwrites or appends filters to a field. Each filter will be executed once.
- * All rules must be valid callbacks.
- *
- * // Run trim() on all fields
- * $validation->filter(TRUE, 'trim');
- *
- * @param string field name
- * @param mixed valid PHP callback
- * @param array extra parameters for the callback
- * @return $this
- */
- public function filter($field, $filter, array $params = NULL)
- {
- if ($field !== TRUE AND ! isset($this->_labels[$field]))
- {
- // Set the field label to the field name
- $this->_labels[$field] = preg_replace('/[^\pL]+/u', ' ', $field);
- }
- // Store the filter and params for this rule
- $this->_filters[$field][$filter] = (array) $params;
- return $this;
- }
- /**
- * Add filters using an array.
- *
- * @param string field name
- * @param array list of functions or static method name
- * @return $this
- */
- public function filters($field, array $filters)
- {
- foreach ($filters as $filter => $params)
- {
- $this->filter($field, $filter, $params);
- }
- return $this;
- }
- /**
- * Overwrites or appends rules to a field. Each rule will be executed once.
- * All rules must be string names of functions method names.
- *
- * // The "username" must not be empty and have a minimum length of 4
- * $validation->rule('username', 'not_empty')
- * ->rule('username', 'min_length', array(4));
- *
- * @param string field name
- * @param string function or static method name
- * @param array extra parameters for the callback
- * @return $this
- */
- public function rule($field, $rule, array $params = NULL)
- {
- if ($field !== TRUE AND ! isset($this->_labels[$field]))
- {
- // Set the field label to the field name
- $this->_labels[$field] = preg_replace('/[^\pL]+/u', ' ', $field);
- }
- // Store the rule and params for this rule
- $this->_rules[$field][$rule] = (array) $params;
- return $this;
- }
- /**
- * Add rules using an array.
- *
- * @param string field name
- * @param array list of functions or static method name
- * @return $this
- */
- public function rules($field, array $rules)
- {
- foreach ($rules as $rule => $params)
- {
- $this->rule($field, $rule, $params);
- }
- return $this;
- }
- /**
- * Adds a callback to a field. Each callback will be executed only once.
- * No extra parameters can be passed as the format for callbacks is
- * predefined as (Validate $array, $field, array $errors).
- *
- * // The "username" must be checked with a custom method
- * $validation->callback('username', array($this, 'check_username'));
- *
- * To add a callback to every field already set, use TRUE for the field name.
- *
- * @param string field name
- * @param mixed callback to add
- * @return $this
- */
- public function callback($field, $callback)
- {
- if ( ! isset($this->_callbacks[$field]))
- {
- // Create the list for this field
- $this->_callbacks[$field] = array();
- }
- if ($field !== TRUE AND ! isset($this->_labels[$field]))
- {
- // Set the field label to the field name
- $this->_labels[$field] = preg_replace('/[^\pL]+/u', ' ', $field);
- }
- if ( ! in_array($callback, $this->_callbacks[$field], TRUE))
- {
- // Store the callback
- $this->_callbacks[$field][] = $callback;
- }
- return $this;
- }
- /**
- * Add callbacks using an array.
- *
- * @param string field name
- * @param array list of callbacks
- * @return $this
- */
- public function callbacks($field, array $callbacks)
- {
- foreach ($callbacks as $callback)
- {
- $this->callback($field, $callback);
- }
- return $this;
- }
- /**
- * Executes all validation filters, rules, and callbacks. This should
- * typically be called within an if/else block.
- *
- * if ($validation->check())
- * {
- * // The data is valid, do something here
- * }
- *
- * @return boolean
- */
- public function check()
- {
- if (Kohana::$profiling === TRUE)
- {
- // Start a new benchmark
- $benchmark = Profiler::start('Validation', __FUNCTION__);
- }
- // New data set
- $data = $this->_errors = array();
- // Assume nothing has been submitted
- $submitted = FALSE;
- // Get a list of the expected fields
- $expected = array_keys($this->_labels);
- // Import the filters, rules, and callbacks locally
- $filters = $this->_filters;
- $rules = $this->_rules;
- $callbacks = $this->_callbacks;
- foreach ($expected as $field)
- {
- if (isset($this[$field]))
- {
- // Some data has been submitted, continue validation
- $submitted = TRUE;
- // Use the submitted value
- $data[$field] = $this[$field];
- }
- else
- {
- // No data exists for this field
- $data[$field] = NULL;
- }
- if (isset($filters[TRUE]))
- {
- if ( ! isset($filters[$field]))
- {
- // Initialize the filters for this field
- $filters[$field] = array();
- }
- // Append the filters
- $filters[$field] += $filters[TRUE];
- }
- if (isset($rules[TRUE]))
- {
- if ( ! isset($rules[$field]))
- {
- // Initialize the rules for this field
- $rules[$field] = array();
- }
- // Append the rules
- $rules[$field] += $rules[TRUE];
- }
- if (isset($callbacks[TRUE]))
- {
- if ( ! isset($callbacks[$field]))
- {
- // Initialize the callbacks for this field
- $callbacks[$field] = array();
- }
- // Append the callbacks
- $callbacks[$field] += $callbacks[TRUE];
- }
- }
- // Overload the current array with the new one
- $this->exchangeArray($data);
- if ($submitted === FALSE)
- {
- // Because no data was submitted, validation will not be forced
- return FALSE;
- }
- // Remove the filters, rules, and callbacks that apply to every field
- unset($filters[TRUE], $rules[TRUE], $callbacks[TRUE]);
- // Execute the filters
- foreach ($filters as $field => $set)
- {
- // Get the field value
- $value = $this[$field];
- foreach ($set as $filter => $params)
- {
- // Add the field value to the parameters
- array_unshift($params, $value);
- if (strpos($filter, '::') === FALSE)
- {
- // Use a function call
- $function = new ReflectionFunction($filter);
- // Call $function($this[$field], $param, ...) with Reflection
- $value = $function->invokeArgs($params);
- }
- else
- {
- // Split the class and method of the rule
- list($class, $method) = explode('::', $filter, 2);
- // Use a static method call
- $method = new ReflectionMethod($class, $method);
- // Call $Class::$method($this[$field], $param, ...) with Reflection
- $value = $method->invokeArgs(NULL, $params);
- }
- }
- // Set the filtered value
- $this[$field] = $value;
- }
- // Execute the rules
- foreach ($rules as $field => $set)
- {
- // Get the field value
- $value = $this[$field];
- foreach ($set as $rule => $params)
- {
- if ( ! in_array($rule, $this->_empty_rules) AND ! Validate::not_empty($value))
- {
- // Skip this rule for empty fields
- continue;
- }
- // Add the field value to the parameters
- array_unshift($params, $value);
- if (method_exists($this, $rule))
- {
- // Use a method in this object
- $method = new ReflectionMethod($this, $rule);
- if ($method->isStatic())
- {
- // Call static::$rule($this[$field], $param, ...) with Reflection
- $passed = $method->invokeArgs(NULL, $params);
- }
- else
- {
- // Do not use Reflection here, the method may be protected
- $passed = call_user_func_array(array($this, $rule), $params);
- }
- }
- elseif (strpos($rule, '::') === FALSE)
- {
- // Use a function call
- $function = new ReflectionFunction($rule);
- // Call $function($this[$field], $param, ...) with Reflection
- $passed = $function->invokeArgs($params);
- }
- else
- {
- // Split the class and method of the rule
- list($class, $method) = explode('::', $rule, 2);
- // Use a static method call
- $method = new ReflectionMethod($class, $method);
- // Call $Class::$method($this[$field], $param, ...) with Reflection
- $passed = $method->invokeArgs(NULL, $params);
- }
- if ($passed === FALSE)
- {
- // Remove the field name from the parameters
- array_shift($params);
- // Add the rule to the errors
- $this->error($field, $rule, $params);
- // This field has an error, stop executing rules
- break;
- }
- }
- }
- // Execute the callbacks
- foreach ($callbacks as $field => $set)
- {
- if (isset($this->_errors[$field]))
- {
- // Skip any field that already has an error
- continue;
- }
- foreach ($set as $callback)
- {
- if (is_string($callback) AND strpos($callback, '::') !== FALSE)
- {
- // Make the static callback into an array
- $callback = explode('::', $callback, 2);
- }
- if (is_array($callback))
- {
- // Separate the object and method
- list ($object, $method) = $callback;
- // Use a method in the given object
- $method = new ReflectionMethod($object, $method);
- if ( ! is_object($object))
- {
- // The object must be NULL for static calls
- $object = NULL;
- }
- // Call $object->$method($this, $field, $errors) with Reflection
- $method->invoke($object, $this, $field);
- }
- else
- {
- // Use a function call
- $function = new ReflectionFunction($callback);
- // Call $function($this, $field, $errors) with Reflection
- $function->invoke($this, $field);
- }
- if (isset($this->_errors[$field]))
- {
- // An error was added, stop processing callbacks
- break;
- }
- }
- }
- if (isset($benchmark))
- {
- // Stop benchmarking
- Profiler::stop($benchmark);
- }
- return empty($this->_errors);
- }
- /**
- * Add an error to a field.
- *
- * @param string field name
- * @param string error message
- * @return $this
- */
- public function error($field, $error, array $params = NULL)
- {
- $this->_errors[$field] = array($error, $params);
- return $this;
- }
- /**
- * Returns the error messages. If no file is specified, the error message
- * will be the name of the rule that failed. When a file is specified, the
- * message will be loaded from "field/rule", or if no rule-specific message
- * exists, "field/default" will be used. If neither is set, the returned
- * message will be "file/field/rule".
- *
- * By default all messages are translated using the default language.
- * A string can be used as the second parameter to specified the language
- * that the message was written in.
- *
- * // Get errors from messages/forms/login.php
- * $errors = $validate->errors('forms/login');
- *
- * @uses Kohana::message
- * @param string file to load error messages from
- * @param mixed translate the message
- * @return array
- */
- public function errors($file = NULL, $translate = TRUE)
- {
- if ($file === NULL)
- {
- // Return the error list
- return $this->_errors;
- }
- // Create a new message list
- $messages = array();
- foreach ($this->_errors as $field => $set)
- {
- list($error, $params) = $set;
- // Get the label for this field
- $label = $this->_labels[$field];
- if ($translate)
- {
- // Translate the label
- $label = __($label);
- }
- // Start the translation values list
- $values = array(':field' => $label);
- if ($params)
- {
- // Value passed to the callback
- $values[':value'] = array_shift($params);
- if (is_array($values[':value']))
- {
- // All values must be strings
- $values[':value'] = implode(', ', Arr::flatten($values[':value']));
- }
- foreach ($params as $key => $value)
- {
- if (is_array($value))
- {
- // All values must be strings
- $value = implode(', ', Arr::flatten($value));
- }
- // Check if a label for this parameter exists
- if (isset($this->_labels[$value]))
- {
- $value = $this->_labels[$value];
- if ($translate)
- {
- // Translate the label
- $value = __($value);
- }
- }
- // Add each parameter as a numbered value, starting from 1
- $values[':param'.($key + 1)] = $value;
- }
- }
- else
- {
- // No value is present
- $values[':value'] = NULL;
- }
- if ($message = Kohana::message($file, "{$field}.{$error}"))
- {
- // Found a message for this field and error
- }
- elseif ($message = Kohana::message($file, "{$field}.default"))
- {
- // Found a default message for this field
- }
- elseif ($message = Kohana::message($file, $error))
- {
- // Found a default message for this error
- }
- elseif ($message = Kohana::message('validate', $error))
- {
- // Found a default message for this error
- }
- else
- {
- // No message exists, display the path expected
- $message = "{$file}.{$field}.{$error}";
- }
- if ($translate == TRUE)
- {
- if (is_string($translate))
- {
- // Translate the message using specified language
- $message = __($message, $values, $translate);
- }
- else
- {
- // Translate the message using the default language
- $message = __($message, $values);
- }
- }
- else
- {
- // Do not translate, just replace the values
- $message = strtr($message, $values);
- }
- // Set the message for this field
- $messages[$field] = $message;
- }
- return $messages;
- }
- /**
- * Checks if a field matches the value of another field.
- *
- * @param string field value
- * @param string field name to match
- * @return boolean
- */
- protected function matches($value, $match)
- {
- return ($value === $this[$match]);
- }
- } // End Validation