Location: PHPKode > projects > Phpexhibition > exhibition_rev212/admin/inc/validate_inc.php
<?php

// eXhibition - A PHP/MySQL Art Publishing System
// copyright (c) 2006 sketchdude

// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

// validation functions

// filter $_GET[] and $_POST[] requests
function gp_filter($req) {
  if(get_magic_quotes_gpc()) {
    $req = stripslashes($req);
  }

  if(function_exists("mysql_real_escape_string")) {
    $req = mysql_real_escape_string($req);
  }
  else {
    $req = addslashes($req);
  }

  return $req;
}

// clean up string input for entry into database
function clean_string($string, $maxlength) {
  $string = trim(strip_tags(substr($string, 0, $maxlength)));
  return $string;
}

// query the database to ensure a field is unique
function is_unique($field, $dbtable, $postfield) {
  global $errors;
  $query = "SELECT $field FROM $dbtable WHERE $field = '$postfield'";
  $result = mysql_query($query);
  if (!$result) {
    return false;
  }
  else {
    if (mysql_num_rows($result) > 0) {
      $same = mysql_fetch_array($result);
      if (!empty($same[$field]) && $same[$field] == $postfield) {
        $errors[$field]['unique'] = '<p class="errors">' . $field . ' must be unique. "' . $same[$field] . '" is already being used.</p>' . "\n";
        return $errors;
      }
      else {
        return false;
      }
    }
    else {
      return false;
    }
  }
}

// check the format of an email address
function format_email($email) {
  global $errors;
  $pattern = "/" .
             "^[a-z0-9_-]+" .        // valid chars (at least once)
             "(\.[a-z0-9_-]+)*" .    // dot valid chars (0-n times)
             "@" .
             "[a-z0-9][a-z0-9-]*" .  // valid chars (at least once)
             "(\.[a-z0-9-]+)*" .     // dot valid chars (0-n times)
             "\.([a-z]{2,6})$" .     // dot valid chars
             "/i";                   // case insensitive
  if (!preg_match($pattern, $email)) {
    $errors['email']['format'] = '<p class="errors">Invalid format for email address.</p>' . "\n";
    return $errors;
  }
  return false;
}

// enforce minimum and maximum lengths before updating database
function length($fieldname, $fieldvalue, $minimum, $maximum) {
  global $errors;
  if (strlen($fieldvalue) < $minimum || strlen($fieldvalue) > $maximum) {
    $errors[$fieldname]['length'] = '<p class="errors">' . $fieldname . ' must be between ' . $minimum . ' and ' . $maximum . ' characters.</p>' . "\n";
    return $errors;
  }
  return false;
}

// enforce minimum length only before updating database
function any_length($fieldname, $fieldvalue, $minimum) {
  global $errors;
  if (strlen($fieldvalue) < $minimum) {
    $errors[$fieldname]['length'] = '<p class="errors">' . $fieldname . ' must be at least ' . $minimum . ' characters long.</p>' . "\n";
    return $errors;
  }
  return false;
}

// debug function
function var_dump_pre($mixed=null) {
  echo '<pre>';
  var_dump($mixed);
  echo '</pre>';
  return null;
}

function validate_configuration() {
  global $errors;
  $errors = array();
  // The following silent checks will correct errors with no input required from the user
  $_SESSION['title']       = clean_string($_SESSION['title'], 55);
  $_SESSION['description'] = clean_string($_SESSION['description'], 255);
  $_SESSION['keywords']    = clean_string($_SESSION['keywords'], 255);

  // The following routines will throw an error back to the user for correction
  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  // Description must be between 0 and 255 chars long (error check)
  length('description', $_SESSION['description'], 0, 255);

  // Keywords must be between 0 and 255 chars long (error check)
  length('keywords', $_SESSION['keywords'], 0, 255);

  return $errors;
}

function validate_gallery() {
  global $errors;
  $errors = array();
  // The following silent checks will correct errors with no input required from the user
  $_SESSION['category_id']       = clean_string($_SESSION['category_id'], 11);
  $_SESSION['title']             = clean_string($_SESSION['title'], 55);
  $_SESSION['gallery_name']      = clean_string($_SESSION['gallery_name'], 75);
  $_SESSION['display']           = clean_string($_SESSION['display'], 4);
  $_SESSION['art_per_page']      = clean_string($_SESSION['art_per_page'], 2);
  $_SESSION['art_per_row']       = clean_string($_SESSION['art_per_row'], 2);
  $_SESSION['thumbnail_max']     = clean_string($_SESSION['thumbnail_max'], 3);
  $_SESSION['new_gallery_icon']  = clean_string($_SESSION['new_gallery_icon'], 7);
  $_SESSION['gallery_icon']      = clean_string($_SESSION['gallery_icon'], 155);
  $_SESSION['priority']          = clean_string($_SESSION['priority'], 5);
  $_SESSION['rss_feed']          = clean_string($_SESSION['rss_feed'], 7);
  $_SESSION['description']       = clean_string($_SESSION['description'], 255);
  $_SESSION['keywords']          = clean_string($_SESSION['keywords'], 255);
  // Display must say 'show' or 'hide'. Default is 'show'. (silent check)
  if (!$_SESSION['display'] == 'show' || !$_SESSION['display'] == 'hide') {
    // enforce the default
    $_SESSION['display'] = 'show';
  }

  // Rss Feed must say 'enable' or 'disable'. Default is 'disable'. (silent check)
  if (!$_SESSION['rss_feed'] == 'enable' || !$_SESSION['rss_feed'] == 'disable') {
    // enforce the default
    $_SESSION['rss_feed'] = 'disable';
  }

  // The following routines will throw an error back to the user for correction
  // Gallery Name length must be between 1 and 75 characters (error check)
  length('gallery_name', $_SESSION['gallery_name'], 1, 75);

  // Art Per Page must be between 1 and 2 chars long (error check)
  length('art_per_page', $_SESSION['art_per_page'], 1, 2);
 
  // Art Per Row must be between 1 and 2 chars long (error check)
  length('art_per_row', $_SESSION['art_per_row'], 1, 2);

  // Thumbnail Max must be between 1 and 3 chars long (error check)
  length('thumbnail_max', $_SESSION['thumbnail_max'], 1, 3);

  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  // Description must be between 0 and 255 chars long (error check)
  length('description', $_SESSION['description'], 0, 255);

  // Keywords must be between 0 and 255 chars long (error check)
  length('keywords', $_SESSION['keywords'], 0, 255);

  return $errors;
}

// ensures a day of the month is properly 
// formatted for insertion into mysql
function check_day($day) {
  if ($day == '1' || $day == '01') {
    $check_day = '01';
  }
  elseif ($day == '2' || $day == '02') {
    $check_day = '02';
  }
  elseif ($day == '3' || $day == '03') {
    $check_day = '03';
  }
  elseif ($day == '4' || $day == '04') {
    $check_day = '04';
  }
  elseif ($day == '5' || $day == '05') {
    $check_day = '05';
  }
  elseif ($day == '6' || $day == '06') {
    $check_day = '06';
  }
  elseif ($day == '7' || $day == '07') {
    $check_day = '07';
  }
  elseif ($day == '8' || $day == '08') {
    $check_day = '08';
  }
  elseif ($day == '9' || $day == '09') {
    $check_day = '09';
  }
  elseif ($day == '10') {
    $check_day = '10';
  }
  elseif ($day == '11') {
    $check_day = '11';
  }
  elseif ($day == '12') {
    $check_day = '12';
  }
  elseif ($day == '13') {
    $check_day = '13';
  }
  elseif ($day == '14') {
    $check_day = '14';
  }
  elseif ($day == '15') {
    $check_day = '15';
  }
  elseif ($day == '16') {
    $check_day = '16';
  }
  elseif ($day == '17') {
    $check_day = '17';
  }
  elseif ($day == '18') {
    $check_day = '18';
  }
  elseif ($day == '19') {
    $check_day = '19';
  }
  elseif ($day == '20') {
    $check_day = '20';
  }
  elseif ($day == '21') {
    $check_day = '21';
  }
  elseif ($day == '22') {
    $check_day = '22';
  }
  elseif ($day == '23') {
    $check_day = '23';
  }
  elseif ($day == '24') {
    $check_day = '24';
  }
  elseif ($day == '25') {
    $check_day = '25';
  }
  elseif ($day == '26') {
    $check_day = '26';
  }
  elseif ($day == '27') {
    $check_day = '27';
  }
  elseif ($day == '28') {
    $check_day = '28';
  }
  elseif ($day == '29') {
    $check_day = '29';
  }
  elseif ($day == '30') {
    $check_day = '30';
  }
  elseif ($day == '31') {
    $check_day = '31';
  }
  else {
    $check_day = '00';
  }
  return $check_day;
}

// ensures a month is properly formatted for insertion into mysql
function check_month($month) {
  if ($month == '1' || $month == '01') {
    $check_month = '01';
  }
  elseif ($month == '2' || $month == '02') {
    $check_month = '02';
  }
  elseif ($month == '3' || $month == '03') {
    $check_month = '03';
  }
  elseif ($month == '4' || $month == '04') {
    $check_month = '04';
  }
  elseif ($month == '5' || $month == '05') {
    $check_month = '05';
  }
  elseif ($month == '6' || $month == '06') {
    $check_month = '06';
  }
  elseif ($month == '7' || $month == '07') {
    $check_month = '07';
  }
  elseif ($month == '8' || $month == '08') {
    $check_month = '08';
  }
  elseif ($month == '9' || $month == '09') {
    $check_month = '09';
  }
  elseif ($month == '10') {
    $check_month = '10';
  }
  elseif ($month == '11') {
    $check_month = '11';
  }
  elseif ($month == '12') {
    $check_month = '12';
  }
  else {
    $check_month = '00';
  }
  return $check_month;
}

// performs validation routines on session vars and formats session birth & death dates
function validate_artist() {
  global $errors;
  $errors = array();

  if (isset($_SESSION['name'])) {
    $_SESSION['name'] = clean_string($_SESSION['name'], 125);

    // Name must be between 1 and 125 chars long (error check)
    length('name', $_SESSION['name'], 1, 125);
  }

  if (isset($_SESSION['location'])) {
    $_SESSION['location'] = clean_string($_SESSION['location'], 75);
  }

  if (isset($_SESSION['birth_year'])) {
    $birth_year = clean_string($_SESSION['birth_year'], 4);

    if (is_numeric($birth_year)) {
      $birth_year = $birth_year;
    }
    else {
      $birth_year = '0000';
    }
  }

  if (isset($_SESSION['birth_month'])) {
    $_SESSION['birth_month'] = clean_string($_SESSION['birth_month'], 2);

    $birth_month = check_month($_SESSION['birth_month']);
  }
  else {
    $birth_month = '00';
  }

  if (isset($_SESSION['birth_day'])) {
    $_SESSION['birth_day'] = clean_string($_SESSION['birth_day'], 2);

    $birth_day = check_day($_SESSION['birth_day']);
  }
  else {
    $birth_day = '00';
  }

  if (isset($_SESSION['death_year'])) {
    $death_year = clean_string($_SESSION['death_year'], 4);

    if (is_numeric($death_year)) {
      $death_year = $death_year;
    }
    else {
      $death_year = '0000';
    }
  }

  if (isset($_SESSION['death_month'])) {
    $_SESSION['death_month'] = clean_string($_SESSION['death_month'], 2);

    $death_month = check_month($_SESSION['death_month']);
  }
  else {
    $death_month = '00';
  }

  if (isset($_SESSION['death_day'])) {
    $_SESSION['death_day'] = clean_string($_SESSION['death_day'], 2);

    $death_day = check_day($_SESSION['death_day']);
  }
  else {
    $death_day = '00';
  }

  if (isset($birth_year)) {
    if ($birth_year == '0000') {
      $birth_month = '00';
      $birth_day   = '00';
    }
  }
  else {
    $birth_year = '0000';
    $birth_month = '00';
    $birth_day   = '00';
  }

  if (isset($death_year)) {
    if ($death_year == '0000') {
      $death_month = '00';
      $death_day   = '00';
    }
  }
  else {
    $death_year = '0000';
    $death_month = '00';
    $death_day   = '00';
  }

  // preparing session vars for insertion into mysql
  $_SESSION['birth_date'] = $birth_year . '-' . $birth_month . '-' . $birth_day;
  $_SESSION['death_date'] = $death_year . '-' . $death_month . '-' . $death_day;

  return $errors;
}

function validate_page() {
  global $errors;
  $errors = array();
  // The following silent checks will correct errors with no input required from the user
  $_SESSION['category_id'] = clean_string($_SESSION['category_id'], 11);
  $_SESSION['priority']    = clean_string($_SESSION['priority'], 11);
  $_SESSION['name']        = clean_string($_SESSION['name'], 85);
  $_SESSION['display']     = clean_string($_SESSION['display'], 4);
  $_SESSION['title']       = clean_string($_SESSION['title'], 55);
  $_SESSION['keywords']    = clean_string($_SESSION['keywords'], 255);
  // Display must say 'show' or 'hide'. Default is 'show'. (silent check)
  if (!$_SESSION['display'] == 'show' || !$_SESSION['display'] == 'hide') {
    // enforce the default
    $_SESSION['display'] = 'show';
  }
  // Comments must say 'enable' or 'disable'. Default is 'enable'. (silent check)
  if (!$_SESSION['comments'] == 'enable' || !$_SESSION['comments'] == 'disable') {
    // enforce the default
    $_SESSION['comments'] = 'disable';
  }

  // rss_feed must say 'enable' or 'disable'
  if (!$_SESSION['rss_feed'] == 'enable' || !$_SESSION['rss_feed'] == 'disable') {
    // enforce the default
    $_SESSION['rss_feed'] = 'disable';
  }

  // The following routines will throw an error back to the user for correction
  // Name must be between 1 and 35 chars long (error check)
  length('name', $_SESSION['name'], 1, 35);

  // Text must be between 1 and 65536 chars long (error check)
  length('text', $_SESSION['text'], 1, 65536);

  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  // Description may be between 0 and 255 chars long (error check)
  length('description', $_SESSION['description'], 0, 255);

  // Keywords may be between 0 and 255 chars long (error check)
  length('keywords', $_SESSION['keywords'], 0, 255);
  return $errors;
}

function validate_artwork() {
  global $errors;
  $errors = array();
  // The following silent checks will correct errors with no input required from the user
  $_SESSION['gallery_id']      = clean_string($_SESSION['gallery_id'], 11);
  $_SESSION['title']           = clean_string($_SESSION['title'], 55);
  $_SESSION['new_thumbnail']   = clean_string($_SESSION['new_thumbnail'], 7);
  if(isset($_SESSION['thumbnail'])) {
    $_SESSION['thumbnail'] = clean_string($_SESSION['thumbnail'], 155);
  }
  $_SESSION['display']         = clean_string($_SESSION['display'], 4);
  $_SESSION['type']            = clean_string($_SESSION['type'], 7);
  $_SESSION['year_completed']  = clean_string($_SESSION['year_completed'], 4);
  $_SESSION['month_completed'] = clean_string($_SESSION['month_completed'], 9);
  $_SESSION['day_completed']   = clean_string($_SESSION['day_completed'], 2);
  $_SESSION['status']          = clean_string($_SESSION['status'], 9);
  $_SESSION['qty_instock']     = clean_string($_SESSION['qty_instock'], 8);
  $_SESSION['price']           = clean_string($_SESSION['price'], 19);
  $_SESSION['shipping']        = clean_string($_SESSION['shipping'], 19);
  $_SESSION['handling']        = clean_string($_SESSION['handling'], 19);
  $_SESSION['priority']        = clean_string($_SESSION['priority'], 5);
  $_SESSION['comments']        = clean_string($_SESSION['comments'], 7);
  $_SESSION['rss_feed']        = clean_string($_SESSION['rss_feed'], 7);
  $_SESSION['artist_id']       = clean_string($_SESSION['artist_id'], 10);
  $_SESSION['medium']          = clean_string($_SESSION['medium'], 35);
  $_SESSION['size']            = clean_string($_SESSION['size'], 25);
  $_SESSION['style']           = clean_string($_SESSION['style'], 45);
  $_SESSION['subject']         = clean_string($_SESSION['subject'], 45);
  $_SESSION['description']     = clean_string($_SESSION['description'], 255);
  $_SESSION['keywords']        = clean_string($_SESSION['keywords'], 255);

  // Display must say 'show' or 'hide'. Default is 'show'. (silent check)
  if (!$_SESSION['display'] == 'show' || !$_SESSION['display'] == 'hide') {
    // enforce the default
    $_SESSION['display'] = 'show';
  }

  // Comments must say 'enable' or 'disable'. Default is 'disable'. (silent check)
  if (!$_SESSION['comments'] == 'enable' || !$_SESSION['comments'] == 'disable') {
    // enforce the default
    $_SESSION['comments'] = 'disable';
  }
  // rss_feed must say 'enable' or 'disable'
  if (!$_SESSION['rss_feed'] == 'enable' || !$_SESSION['rss_feed'] == 'disable') {
    // enforce the default
    $_SESSION['rss_feed'] = 'disable';
  }

  // Type must say 'sale' or 'exhibit'. Default is 'sale'. (silent check)
  if (!$_SESSION['type'] == 'sale' || !$_SESSION['type'] == 'exhibit') {
    // enforce the default
    $_SESSION['type'] = 'sale';
  }
  // Status must say 'available', 'pending' or 'sold'. Default is 'available'. (silent check)
  if (!$_SESSION['status'] == 'available' || !$_SESSION['status'] == 'pending' || !$_SESSION['status'] == 'sold') {
    // enforce the default
    $_SESSION['status'] = 'available';
  }

  // Price needs a default zero value
  if (empty($_SESSION['price'])) {
    $_SESSION['price'] = '0.00';
  }

  // Shipping needs a default zero value
  if (empty($_SESSION['shipping'])) {
    $_SESSION['shipping'] = '0.00';
  }

  // Handling needs a default zero value
  if (empty($_SESSION['handling'])) {
    $_SESSION['handling'] = '0.00';
  }

  // Year needs a default zero value
  if (empty($_SESSION['year_completed'])) {
    $_SESSION['year_completed'] = '0000';
  }

  // Month needs a default zero value
  if (empty($_SESSION['month_completed'])) {
    $_SESSION['month_completed'] = '00';
  }

  // Day needs a default zero value
  if (empty($_SESSION['day_completed'])) {
    $_SESSION['day_completed'] = '00';
  }

  // The following routines will throw an error back to the user for correction

  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  return $errors;
}

function validate_product() {
  global $errors;
  $errors = array();
  // The following silent check will correct errors with no input required from the user
  $_SESSION['category_id']  = clean_string($_SESSION['category_id'], 11);
  $_SESSION['product_name'] = clean_string($_SESSION['product_name'], 55);
  $_SESSION['new_picture']  = clean_string($_SESSION['new_picture'], 7);
  if(isset($_SESSION['picture'])) {
    $_SESSION['picture'] = clean_string($_SESSION['picture'], 155);
  }
  $_SESSION['qty_instock'] = clean_string($_SESSION['qty_instock'], 8);
  $_SESSION['price']       = clean_string($_SESSION['price'], 19);
  $_SESSION['shipping']    = clean_string($_SESSION['shipping'], 19);
  $_SESSION['handling']    = clean_string($_SESSION['handling'], 19);
  $_SESSION['title']       = clean_string($_SESSION['title'], 55);
  $_SESSION['description'] = clean_string($_SESSION['description'], 255);
  $_SESSION['keywords']    = clean_string($_SESSION['keywords'], 255);
  $_SESSION['display']     = clean_string($_SESSION['display'], 4);
  $_SESSION['priority']    = clean_string($_SESSION['priority'], 5);

  // Price needs a default zero value
  if (empty($_SESSION['price'])) {
    $_SESSION['price'] = '0.00';
  }

  // Shipping needs a default zero value
  if (empty($_SESSION['shipping'])) {
    $_SESSION['shipping'] = '0.00';
  }

  // Handling needs a default zero value
  if (empty($_SESSION['handling'])) {
    $_SESSION['handling'] = '0.00';
  }

  // enforce defaults for enum fields
  if (!$_SESSION['display'] == 'show' || !$_SESSION['display'] == 'hide') {
    $_SESSION['display'] = 'show';
  }
  else {
    $_SESSION['display'] = $_SESSION['display'];
  }

  // The following routines will throw an error back to the user for correction
  // Name must be between 1 and 35 chars long (error check)
  length('product_name', $_SESSION['product_name'], 1, 55);

  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  // Description may be between 0 and 255 chars long (error check)
  length('description', $_SESSION['description'], 0, 255);

  // Keywords may be between 0 and 255 chars long (error check)
  length('keywords', $_SESSION['keywords'], 0, 255);

  return $errors;
}

function validate_category() {
  global $errors;
  $errors = array();
  // The following silent check will correct errors with no input required from the user
  $_SESSION['cat_name']    = clean_string($_SESSION['cat_name'], 35);
  $_SESSION['title']       = clean_string($_SESSION['title'], 55);
  $_SESSION['description'] = clean_string($_SESSION['description'], 255);
  $_SESSION['keywords']    = clean_string($_SESSION['keywords'], 255);

  if (is_numeric($_SESSION['priority'])) {
    $_SESSION['priority'] = clean_string($_SESSION['priority'], 5);
  }
  else {
    $_SESSION['priority'] = 0;
  }

  // enforce defaults for enum fields
  if (!$_SESSION['cat_type'] == 'gallery' || !$_SESSION['cat_type'] == 'page' || !$_SESSION['cat_type'] == 'product') {
    $_SESSION['cat_type'] = 'gallery';
  }
  else {
    $_SESSION['cat_type'] = $_SESSION['cat_type'];
  }

  if (!$_SESSION['display'] == 'show' || !$_SESSION['display'] == 'hide') {
    $_SESSION['display'] = 'show';
  }
  else {
    $_SESSION['display'] = $_SESSION['display'];
  }

  if (!$_SESSION['sidebar'] == 'one' || !$_SESSION['sidebar'] == 'two') {
    $_SESSION['sidebar'] = 'one';
  }
  else {
    $_SESSION['sidebar'] = $_SESSION['sidebar'];
  }

  if (!$_SESSION['rss_channel'] == 'yes' || !$_SESSION['rss_channel'] == 'no') {
    $_SESSION['rss_channel'] = 'no';
  }
  else {
    $_SESSION['rss_channel'] = $_SESSION['rss_channel'];
  }

  // Cat name must be between 1 and 35 chars long (error check)
  length('cat_name', $_SESSION['cat_name'], 1, 35);

  // Title must be between 1 and 55 chars long (error check)
  length('title', $_SESSION['title'], 1, 55);

  return $errors;
}

?>
Return current item: Phpexhibition