Newbie Spellweaver
- Joined
- Nov 3, 2011
- Messages
- 70
- Reaction score
- 6
Greetings,
I am developing a new Web Engine and I wanted to release a php class from the Engine for `input validation`, in my opinion you need to be an average to expert in php in order to understand this class. This class can be used for any website. It is a very good security layer to valid any input coming from the client and anyone can use it, even newbie php developers/coders. It might need some work but I hope you like it.
Feel free to ask any question
//input.class.php
//input validation example
//another example (password)
I am developing a new Web Engine and I wanted to release a php class from the Engine for `input validation`, in my opinion you need to be an average to expert in php in order to understand this class. This class can be used for any website. It is a very good security layer to valid any input coming from the client and anyone can use it, even newbie php developers/coders. It might need some work but I hope you like it.
Feel free to ask any question
//input.class.php
PHP:
<?php
class input {
//Every input should include: name, some features like type and the data itself
private $_inputs = array( );
private $_number = 0;
private $_errors = array( );
function __construct(array $inputs = NULL)
{
$this->_inputs = (is_array($inputs)) ? $inputs : array( );
}
public function addError($name, $type, $message)
{
$this->_errors[$name] = array('type' => $type, 'message' => $message);
}
public function addInput($input)
{
if($input['name'] && is_array($input)) {
$this->_inputs[$input['name']] = $input;
$this->_number++;
return true;
} else {
return false;
}
}
public function addInputs($inputs)
{
if(!is_array($inputs)) return false;
for($i = 0; $i < count($inputs); $i++) {
if($inputs[$i]['name']) {
$this->_inputs[$inputs[$i]['name']] = $inputs[$i];
$this->_number++;
} else {
return false;
break;
}
}
}
private function dataType($type)
{
$regex = false;
switch($type)
{
case 'CHAR':
$regex = '^[a-zA-Z]+$';
break;
case 'NAME':
$regex = '^[a-zA-Z0-9]+$';
break;
case 'PASSWORD':
$regex = '^[a-zA-Z0-9\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]+$';
break;
case 'EMAIL':
$regex = '^[[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}]$';
break;
case 'URL':
$regex = '^[(http|https|ftp)\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9\-\._\?\,\'/\\\+&%\$#\=~])*[^\.\,\)\(\s]]$';
break;
case 'IP':
$regex = '^[(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1]{1}[0-9]{2}|[1-9]{1}[0-9]{1}|[0-9])]$';
break;
case 'INT':
$regex = '^[0-9]+$';
break;
case 'FLOAT':
$regex = '^[[-+]?\d*\.?\d]*$';
break;
}
return $regex;
}
private function dataType_var($type)
{
switch($type){
case 'BOOLEAN':
$type = FILTER_VALIDATE_BOOLEAN;
break;
case 'EMAIL':
$type = FILTER_VALIDATE_EMAIL;
break;
case 'FLOAT':
$type = FILTER_VALIDATE_FLOAT;
break;
case 'INT':
$type = FILTER_VALIDATE_INT;
break;
case 'IP':
$type = FILTER_VALIDATE_IP;
break;
case 'REGEXP':
$type = FILTER_VALIDATE_REGEXP;
break;
case 'URL':
$type = FILTER_VALIDATE_URL;
break;
case 'BOOLEAN_S':
$type = FILTER_SANITIZE_BOOLEAN;
break;
case 'EMAIL_S':
$type = FILTER_SANITIZE_EMAIL;
break;
case 'FLOAT_S':
$type = FILTER_SANITIZE_FLOAT;
break;
case 'INT_S':
$type = FILTER_SANITIZE_INT;
break;
case 'IP_S':
$type = FILTER_SANITIZE_IP;
break;
case 'REGEXP_S':
$type = FILTER_SANITIZE_REGEXP;
break;
case 'URL_S':
$type = FILTER_SANITIZE_URL;
break;
}
return $type;
}
private function pregMatch($data, $type)
{
return (preg_match("/". $type ."/", $data)) ? 1 : 0;
}
private function filterVar($data, $type)
{
return (filter_var($data, $type)) ? 1 : 0;
}
private function isEmpty($data)
{
return (strlen(trim($data)) == 0 || trim($data) == null || trim($data) == '' || empty($data) === true) ? 1 : 0;
}
private function dataLength($data, $min, $max)
{
$error = false;
if(strlen($data) < $min) {
$error = 'toShort';
} else if(strlen($data) > $max) {
$error = 'toLong';
}
return $error;
}
private function dataStrength($data, $strongLen)
{
$score = 0;
if (strlen($data) >= $strongLen) {
$score = 1;
}
if (preg_match("/[a-z]/", $data) && preg_match("/[A-Z]/", $data)) {
$score++;
}
if (preg_match("/[0-9]/", $data)) {
$score++;
}
if (preg_match("/.[!,@,#,$,%,^,&,*,?,_,~,-,?,(,)]/", $data)) {
$score++;
}
return $score;
}
private function filterData($data, $type, $replace)
{
if($replace === true){
$type = str_replace('^[', '[^', $type);
$type = str_replace(']+$', ']', $type);
$type = str_replace(']$', ']', $type);
}
return preg_replace('/'. $type .'/', '', $data);
}
private function render()
{
return (count($this->_errors) != 0) ? $this->_errors : false;
}
public function validation()
{
if(!is_array($this->_inputs)) return false;
$inputs = $this->_inputs;
foreach($inputs as $name => $input) {
foreach($input as $key => $value) {
switch($key) {
case 'type':
if(array_key_exists('length', $input) && $input['length']['empty'] && empty($input['data'])) {
} else {
if ($value == 'EMAIL') {
if (!$this->filterVar($input['data'], $this->dataType_var($value))) {
$this->addError('dataType', 'default', 'invalid');
}
} else {
if (!$this->pregMatch($input['data'], $this->dataType($value))) {
$this->addError('dataType', 'default', 'invalid');
}
}
}
break;
case 'length':
$min = (array_key_exists('min', $value)) ? $value['min'] : 0;
$max = (array_key_exists('max', $value)) ? $value['max'] : 0;
if(!$value['empty'] && $this->isEmpty($input['data'])) {
$this->addError('emptyData', 'default', 'empty');
} else if($this->dataLength($input['data'], $min, $max) !== false) {
$this->addError('dataLength', 'default', $this->dataLength($input['data'], $min, $max));
}
break;
case 'strength':
$array = array("very weak", "weak", "medium", "strong", "very strong");
$minLength = ($value['minLength']) ? $value['minLength'] : 0;
$minStrength = ($value['minStrength']) ? $value['minStrength'] : 0;
if($this->dataStrength($input['data'], $minLength) < $minStrength) {
$curr = $array[$this->dataStrength($input['data'], $minLength)];
$allowed = $array[$minStrength];
$message = 'The '. $input['name'] .' is '. $curr .', it must be '. $allowed .'.';
$this->addError('dataStrength', 'default', $message);
}
break;
default:
break;
}
}
//$inputs[$name]['data'] = $this->filterData($inputs[$name]['data'], $this->dataType($inputs[$name]['type']), true);
}
return ($this->render() !== false) ? $this->render() : true;
}
}
//input validation example
PHP:
<?php
//Input validation system
require_once('input.class.php');
$input = new input();
$username = array(
'name' => 'username',
'type' => 'NAME',
'length' => array(
'empty' => false,
'min' => 4,
'max' => 10
),
'data' => 'WebDeveloper'
);
$input->addInput($username);
$errors = $input->validation();
echo (is_array($errors) && !empty($errors)) ? '<pre>'. print_r($errors, true) .'</pre>' : 'Input is valid.';
//another example (password)
PHP:
<?php
//Input validation system
require_once('input.class.php');
$input = new input();
$password = array(
'name' => 'password',
'type' => 'PASSWORD',
'length' => array(
'empty' => false,
'min' => 6,
'max' => 18
),
'strength' => array(
'minLength' => 6,
'minStrength' => 3,
),
'data' => 'Qweasd123'
);
$input->addInput($password);
$errors = $input->validation();
echo (is_array($errors) && !empty($errors)) ? '<pre>'. print_r($errors, true) .'</pre>' : 'Input is valid.';