1 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
\r
5 * An open source application development framework for PHP 4.3.2 or newer
\r
7 * @package CodeIgniter
\r
8 * @author ExpressionEngine Dev Team
\r
9 * @copyright Copyright (c) 2008, EllisLab, Inc.
\r
10 * @license http://codeigniter.com/user_guide/license.html
\r
11 * @link http://codeigniter.com
\r
12 * @since Version 1.0
\r
16 // ------------------------------------------------------------------------
\r
21 * @package CodeIgniter
\r
22 * @subpackage Libraries
\r
23 * @category Validation
\r
24 * @author ExpressionEngine Dev Team
\r
25 * @link http://codeigniter.com/user_guide/libraries/validation.html
\r
27 class CI_Validation {
\r
30 var $error_string = '';
\r
31 var $_error_array = array();
\r
32 var $_rules = array();
\r
33 var $_fields = array();
\r
34 var $_error_messages = array();
\r
35 var $_current_field = '';
\r
36 var $_safe_form_data = FALSE;
\r
37 var $_error_prefix = '<p>';
\r
38 var $_error_suffix = '</p>';
\r
46 function CI_Validation()
\r
48 $this->CI =& get_instance();
\r
50 if (function_exists('mb_internal_encoding'))
\r
52 mb_internal_encoding($this->CI->config->item('charset'));
\r
55 log_message('debug', "Validation Class Initialized");
\r
58 // --------------------------------------------------------------------
\r
63 * This function takes an array of field names as input
\r
64 * and generates class variables with the same name, which will
\r
65 * either be blank or contain the $_POST value corresponding to it
\r
72 function set_fields($data = '', $field = '')
\r
76 if (count($this->_fields) == 0)
\r
83 if ( ! is_array($data))
\r
85 $data = array($data => $field);
\r
88 if (count($data) > 0)
\r
90 $this->_fields = $data;
\r
94 foreach($this->_fields as $key => $val)
\r
96 $this->$key = ( ! isset($_POST[$key])) ? '' : $this->prep_for_form($_POST[$key]);
\r
98 $error = $key.'_error';
\r
99 if ( ! isset($this->$error))
\r
101 $this->$error = '';
\r
106 // --------------------------------------------------------------------
\r
111 * This function takes an array of field names and validation
\r
112 * rules as input ad simply stores is for use later.
\r
119 function set_rules($data, $rules = '')
\r
121 if ( ! is_array($data))
\r
126 $data = array($data => $rules);
\r
129 foreach ($data as $key => $val)
\r
131 $this->_rules[$key] = $val;
\r
135 // --------------------------------------------------------------------
\r
138 * Set Error Message
\r
140 * Lets users set their own error messages on the fly. Note: The key
\r
141 * name has to match the function name that it corresponds to.
\r
148 function set_message($lang, $val = '')
\r
150 if ( ! is_array($lang))
\r
152 $lang = array($lang => $val);
\r
155 $this->_error_messages = array_merge($this->_error_messages, $lang);
\r
158 // --------------------------------------------------------------------
\r
161 * Set The Error Delimiter
\r
163 * Permits a prefix/suffix to be added to each error message
\r
170 function set_error_delimiters($prefix = '<p>', $suffix = '</p>')
\r
172 $this->_error_prefix = $prefix;
\r
173 $this->_error_suffix = $suffix;
\r
176 // --------------------------------------------------------------------
\r
179 * Run the Validator
\r
181 * This function does all the work.
\r
188 // Do we even have any data to process? Mm?
\r
189 if (count($_POST) == 0 OR count($this->_rules) == 0)
\r
194 // Load the language file containing error messages
\r
195 $this->CI->lang->load('validation');
\r
197 // Cycle through the rules and test for errors
\r
198 foreach ($this->_rules as $field => $rules)
\r
200 //Explode out the rules!
\r
201 $ex = explode('|', $rules);
\r
203 // Is the field required? If not, if the field is blank we'll move on to the next test
\r
204 if ( ! in_array('required', $ex, TRUE))
\r
206 if ( ! isset($_POST[$field]) OR $_POST[$field] == '')
\r
213 * Are we dealing with an "isset" rule?
\r
215 * Before going further, we'll see if one of the rules
\r
216 * is to check whether the item is set (typically this
\r
217 * applies only to checkboxes). If so, we'll
\r
218 * test for it here since there's not reason to go
\r
221 if ( ! isset($_POST[$field]))
\r
223 if (in_array('isset', $ex, TRUE) OR in_array('required', $ex))
\r
225 if ( ! isset($this->_error_messages['isset']))
\r
227 if (FALSE === ($line = $this->CI->lang->line('isset')))
\r
229 $line = 'The field was not set';
\r
234 $line = $this->_error_messages['isset'];
\r
237 // Build the error message
\r
238 $mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
\r
239 $message = sprintf($line, $mfield);
\r
241 // Set the error variable. Example: $this->username_error
\r
242 $error = $field.'_error';
\r
243 $this->$error = $this->_error_prefix.$message.$this->_error_suffix;
\r
244 $this->_error_array[] = $message;
\r
251 * Set the current field
\r
253 * The various prepping functions need to know the
\r
254 * current field name so they can do this:
\r
256 * $_POST[$this->_current_field] == 'bla bla';
\r
258 $this->_current_field = $field;
\r
260 // Cycle through the rules!
\r
261 foreach ($ex As $rule)
\r
263 // Is the rule a callback?
\r
265 if (substr($rule, 0, 9) == 'callback_')
\r
267 $rule = substr($rule, 9);
\r
271 // Strip the parameter (if exists) from the rule
\r
272 // Rules can contain a parameter: max_length[5]
\r
274 if (preg_match("/(.*?)\[(.*?)\]/", $rule, $match))
\r
277 $param = $match[2];
\r
280 // Call the function that corresponds to the rule
\r
281 if ($callback === TRUE)
\r
283 if ( ! method_exists($this->CI, $rule))
\r
288 $result = $this->CI->$rule($_POST[$field], $param);
\r
290 // If the field isn't required and we just processed a callback we'll move on...
\r
291 if ( ! in_array('required', $ex, TRUE) AND $result !== FALSE)
\r
299 if ( ! method_exists($this, $rule))
\r
302 * Run the native PHP function if called for
\r
304 * If our own wrapper function doesn't exist we see
\r
305 * if a native PHP function does. Users can use
\r
306 * any native PHP function call that has one param.
\r
308 if (function_exists($rule))
\r
310 $_POST[$field] = $rule($_POST[$field]);
\r
311 $this->$field = $_POST[$field];
\r
317 $result = $this->$rule($_POST[$field], $param);
\r
320 // Did the rule test negatively? If so, grab the error.
\r
321 if ($result === FALSE)
\r
323 if ( ! isset($this->_error_messages[$rule]))
\r
325 if (FALSE === ($line = $this->CI->lang->line($rule)))
\r
327 $line = 'Unable to access an error message corresponding to your field name.';
\r
332 $line = $this->_error_messages[$rule];
\r
335 // Build the error message
\r
336 $mfield = ( ! isset($this->_fields[$field])) ? $field : $this->_fields[$field];
\r
337 $mparam = ( ! isset($this->_fields[$param])) ? $param : $this->_fields[$param];
\r
338 $message = sprintf($line, $mfield, $mparam);
\r
340 // Set the error variable. Example: $this->username_error
\r
341 $error = $field.'_error';
\r
342 $this->$error = $this->_error_prefix.$message.$this->_error_suffix;
\r
344 // Add the error to the error array
\r
345 $this->_error_array[] = $message;
\r
352 $total_errors = count($this->_error_array);
\r
355 * Recompile the class variables
\r
357 * If any prepping functions were called the $_POST data
\r
358 * might now be different then the corresponding class
\r
359 * variables so we'll set them anew.
\r
361 if ($total_errors > 0)
\r
363 $this->_safe_form_data = TRUE;
\r
366 $this->set_fields();
\r
368 // Did we end up with any errors?
\r
369 if ($total_errors == 0)
\r
374 // Generate the error string
\r
375 foreach ($this->_error_array as $val)
\r
377 $this->error_string .= $this->_error_prefix.$val.$this->_error_suffix."\n";
\r
383 // --------------------------------------------------------------------
\r
392 function required($str)
\r
394 if ( ! is_array($str))
\r
396 return (trim($str) == '') ? FALSE : TRUE;
\r
400 return ( ! empty($str));
\r
404 // --------------------------------------------------------------------
\r
407 * Match one field to another
\r
414 function matches($str, $field)
\r
416 if ( ! isset($_POST[$field]))
\r
421 return ($str !== $_POST[$field]) ? FALSE : TRUE;
\r
424 // --------------------------------------------------------------------
\r
434 function min_length($str, $val)
\r
436 if (preg_match("/[^0-9]/", $val))
\r
441 if (function_exists('mb_strlen'))
\r
443 return (mb_strlen($str) < $val) ? FALSE : TRUE;
\r
446 return (strlen($str) < $val) ? FALSE : TRUE;
\r
449 // --------------------------------------------------------------------
\r
459 function max_length($str, $val)
\r
461 if (preg_match("/[^0-9]/", $val))
\r
466 if (function_exists('mb_strlen'))
\r
468 return (mb_strlen($str) > $val) ? FALSE : TRUE;
\r
471 return (strlen($str) > $val) ? FALSE : TRUE;
\r
474 // --------------------------------------------------------------------
\r
484 function exact_length($str, $val)
\r
486 if (preg_match("/[^0-9]/", $val))
\r
491 if (function_exists('mb_strlen'))
\r
493 return (mb_strlen($str) != $val) ? FALSE : TRUE;
\r
496 return (strlen($str) != $val) ? FALSE : TRUE;
\r
499 // --------------------------------------------------------------------
\r
508 function valid_email($str)
\r
510 return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
\r
513 // --------------------------------------------------------------------
\r
522 function valid_emails($str)
\r
524 if (strpos($str, ',') === FALSE)
\r
526 return $this->valid_email(trim($str));
\r
529 foreach(explode(',', $str) as $email)
\r
531 if (trim($email) != '' && $this->valid_email(trim($email)) === FALSE)
\r
540 // --------------------------------------------------------------------
\r
543 * Validate IP Address
\r
549 function valid_ip($ip)
\r
551 return $this->CI->input->valid_ip($ip);
\r
554 // --------------------------------------------------------------------
\r
563 function alpha($str)
\r
565 return ( ! preg_match("/^([a-z])+$/i", $str)) ? FALSE : TRUE;
\r
568 // --------------------------------------------------------------------
\r
577 function alpha_numeric($str)
\r
579 return ( ! preg_match("/^([a-z0-9])+$/i", $str)) ? FALSE : TRUE;
\r
582 // --------------------------------------------------------------------
\r
585 * Alpha-numeric with underscores and dashes
\r
591 function alpha_dash($str)
\r
593 return ( ! preg_match("/^([-a-z0-9_-])+$/i", $str)) ? FALSE : TRUE;
\r
596 // --------------------------------------------------------------------
\r
605 function numeric($str)
\r
607 return (bool)preg_match( '/^[\-+]?[0-9]*\.?[0-9]+$/', $str);
\r
611 // --------------------------------------------------------------------
\r
620 function is_numeric($str)
\r
622 return ( ! is_numeric($str)) ? FALSE : TRUE;
\r
625 // --------------------------------------------------------------------
\r
634 function integer($str)
\r
636 return (bool)preg_match( '/^[\-+]?[0-9]+$/', $str);
\r
639 // --------------------------------------------------------------------
\r
642 * Is a Natural number (0,1,2,3, etc.)
\r
648 function is_natural($str)
\r
650 return (bool)preg_match( '/^[0-9]+$/', $str);
\r
653 // --------------------------------------------------------------------
\r
656 * Is a Natural number, but not a zero (1,2,3, etc.)
\r
662 function is_natural_no_zero($str)
\r
664 if ( ! preg_match( '/^[0-9]+$/', $str))
\r
677 // --------------------------------------------------------------------
\r
682 * Tests a string for characters outside of the Base64 alphabet
\r
683 * as defined by RFC 2045 http://www.faqs.org/rfcs/rfc2045
\r
689 function valid_base64($str)
\r
691 return (bool) ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str);
\r
694 // --------------------------------------------------------------------
\r
699 * Enables pull-down lists to be set to the value the user
\r
700 * selected in the event of an error
\r
707 function set_select($field = '', $value = '')
\r
709 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
\r
714 if ($_POST[$field] == $value)
\r
716 return ' selected="selected"';
\r
720 // --------------------------------------------------------------------
\r
725 * Enables radio buttons to be set to the value the user
\r
726 * selected in the event of an error
\r
733 function set_radio($field = '', $value = '')
\r
735 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
\r
740 if ($_POST[$field] == $value)
\r
742 return ' checked="checked"';
\r
746 // --------------------------------------------------------------------
\r
751 * Enables checkboxes to be set to the value the user
\r
752 * selected in the event of an error
\r
759 function set_checkbox($field = '', $value = '')
\r
761 if ($field == '' OR $value == '' OR ! isset($_POST[$field]))
\r
766 if ($_POST[$field] == $value)
\r
768 return ' checked="checked"';
\r
772 // --------------------------------------------------------------------
\r
775 * Prep data for form
\r
777 * This function allows HTML to be safely shown in a form.
\r
778 * Special characters are converted.
\r
784 function prep_for_form($data = '')
\r
786 if (is_array($data))
\r
788 foreach ($data as $key => $val)
\r
790 $data[$key] = $this->prep_for_form($val);
\r
796 if ($this->_safe_form_data == FALSE OR $data == '')
\r
801 return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data));
\r
804 // --------------------------------------------------------------------
\r
813 function prep_url($str = '')
\r
815 if ($str == 'http://' OR $str == '')
\r
817 $_POST[$this->_current_field] = '';
\r
821 if (substr($str, 0, 7) != 'http://' && substr($str, 0, 8) != 'https://')
\r
823 $str = 'http://'.$str;
\r
826 $_POST[$this->_current_field] = $str;
\r
829 // --------------------------------------------------------------------
\r
838 function strip_image_tags($str)
\r
840 $_POST[$this->_current_field] = $this->CI->input->strip_image_tags($str);
\r
843 // --------------------------------------------------------------------
\r
852 function xss_clean($str)
\r
854 $_POST[$this->_current_field] = $this->CI->input->xss_clean($str);
\r
857 // --------------------------------------------------------------------
\r
860 * Convert PHP tags to entities
\r
866 function encode_php_tags($str)
\r
868 $_POST[$this->_current_field] = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str);
\r
872 // END Validation Class
\r
874 /* End of file Validation.php */
\r
875 /* Location: ./system/libraries/Validation.php */