upstream V3 development https://www.gnusocial.rocks/v3
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

977 lines
34 KiB

  1. <?php
  2. declare(strict_types = 1);
  3. /**
  4. * Validation class
  5. *
  6. * Copyright (c) 1997-2006 Pierre-Alain Joye,Tomas V.V.Cox, Amir Saied
  7. *
  8. * This source file is subject to the New BSD license, That is bundled
  9. * with this package in the file LICENSE, and is available through
  10. * the world-wide-web at
  11. * http://www.opensource.org/licenses/bsd-license.php
  12. * If you did not receive a copy of the new BSDlicense and are unable
  13. * to obtain it through the world-wide-web, please send a note to
  14. * pajoye@php.net so we can mail you a copy immediately.
  15. *
  16. * Author: Tomas V.V.Cox <cox@idecnet.com>
  17. * Pierre-Alain Joye <pajoye@php.net>
  18. * Amir Mohammad Saied <amir@php.net>
  19. *
  20. *
  21. * Package to validate various datas. It includes :
  22. * - numbers (min/max, decimal or not)
  23. * - email (syntax, domain check)
  24. * - string (predifined type alpha upper and/or lowercase, numeric,...)
  25. * - date (min, max, rfc822 compliant)
  26. * - uri (RFC2396)
  27. * - possibility valid multiple data with a single method call (::multiple)
  28. *
  29. * @category Validate
  30. * @package Validate
  31. *
  32. * @author Tomas V.V.Cox <cox@idecnet.com>
  33. * @author Pierre-Alain Joye <pajoye@php.net>
  34. * @author Amir Mohammad Saied <amir@php.net>
  35. * @copyright 1997-2006 Pierre-Alain Joye,Tomas V.V.Cox,Amir Mohammad Saied
  36. * @license http://www.opensource.org/licenses/bsd-license.php New BSD License
  37. *
  38. * @version CVS: $Id$
  39. *
  40. * @see http://pear.php.net/package/Validate
  41. */
  42. // {{{ Constants
  43. /**
  44. * Methods for common data validations
  45. */
  46. \define('VALIDATE_NUM', '0-9');
  47. \define('VALIDATE_SPACE', '\s');
  48. \define('VALIDATE_ALPHA_LOWER', 'a-z');
  49. \define('VALIDATE_ALPHA_UPPER', 'A-Z');
  50. \define('VALIDATE_ALPHA', VALIDATE_ALPHA_LOWER . VALIDATE_ALPHA_UPPER);
  51. \define('VALIDATE_EALPHA_LOWER', VALIDATE_ALPHA_LOWER . 'áéíóúýàèìòùäëïöüÿâêîôûãñõ¨åæç½ðøþß');
  52. \define('VALIDATE_EALPHA_UPPER', VALIDATE_ALPHA_UPPER . 'ÁÉÍÓÚÝÀÈÌÒÙÄËÏÖܾÂÊÎÔÛÃÑÕ¦ÅÆǼÐØÞ');
  53. \define('VALIDATE_EALPHA', VALIDATE_EALPHA_LOWER . VALIDATE_EALPHA_UPPER);
  54. \define('VALIDATE_PUNCTUATION', VALIDATE_SPACE . '\.,;\:&"\'\?\!\(\)');
  55. \define('VALIDATE_NAME', VALIDATE_EALPHA . VALIDATE_SPACE . "'" . '\-');
  56. \define('VALIDATE_STREET', VALIDATE_NUM . VALIDATE_NAME . '/\\ºª\\.');
  57. \define('VALIDATE_ITLD_EMAILS', 1);
  58. \define('VALIDATE_GTLD_EMAILS', 2);
  59. \define('VALIDATE_CCTLD_EMAILS', 4);
  60. \define('VALIDATE_ALL_EMAILS', 8);
  61. // }}}
  62. /**
  63. * Validation class
  64. *
  65. * Package to validate various datas. It includes :
  66. * - numbers (min/max, decimal or not)
  67. * - email (syntax, domain check)
  68. * - string (predifined type alpha upper and/or lowercase, numeric,...)
  69. * - date (min, max)
  70. * - uri (RFC2396)
  71. * - possibility valid multiple data with a single method call (::multiple)
  72. *
  73. * @category Validate
  74. * @package Validate
  75. *
  76. * @author Tomas V.V.Cox <cox@idecnet.com>
  77. * @author Pierre-Alain Joye <pajoye@php.net>
  78. * @author Amir Mohammad Saied <amir@php.net>
  79. * @author Diogo Cordeiro <diogo@fc.up.pt>
  80. * @copyright 1997-2006 Pierre-Alain Joye,Tomas V.V.Cox,Amir Mohammad Saied
  81. * @license http://www.opensource.org/licenses/bsd-license.php New BSD License
  82. *
  83. * @version Release: @package_version@
  84. *
  85. * @see http://pear.php.net/package/Validate
  86. */
  87. class Validate
  88. {
  89. // {{{ International, Generic and Country code TLDs
  90. /**
  91. * International Top-Level Domain
  92. *
  93. * This is an array of the known international
  94. * top-level domain names.
  95. *
  96. * @var array $itld (International top-level domains)
  97. */
  98. protected static array $itld = [
  99. 'arpa',
  100. 'root',
  101. ];
  102. /**
  103. * Generic top-level domain
  104. *
  105. * This is an array of the official
  106. * generic top-level domains.
  107. *
  108. * @var array $gtld (Generic top-level domains)
  109. */
  110. protected static array $gtld = [
  111. 'aero',
  112. 'biz',
  113. 'cat',
  114. 'com',
  115. 'coop',
  116. 'edu',
  117. 'gov',
  118. 'info',
  119. 'int',
  120. 'jobs',
  121. 'mil',
  122. 'mobi',
  123. 'museum',
  124. 'name',
  125. 'net',
  126. 'org',
  127. 'pro',
  128. 'travel',
  129. 'asia',
  130. 'post',
  131. 'tel',
  132. 'geo',
  133. ];
  134. /**
  135. * Country code top-level domains
  136. *
  137. * This is an array of the official country
  138. * codes top-level domains
  139. *
  140. * @var array $cctld (Country Code Top-Level Domain)
  141. */
  142. protected static array $cctld = [
  143. 'ac',
  144. 'ad', 'ae', 'af', 'ag',
  145. 'ai', 'al', 'am', 'an',
  146. 'ao', 'aq', 'ar', 'as',
  147. 'at', 'au', 'aw', 'ax',
  148. 'az', 'ba', 'bb', 'bd',
  149. 'be', 'bf', 'bg', 'bh',
  150. 'bi', 'bj', 'bm', 'bn',
  151. 'bo', 'br', 'bs', 'bt',
  152. 'bu', 'bv', 'bw', 'by',
  153. 'bz', 'ca', 'cc', 'cd',
  154. 'cf', 'cg', 'ch', 'ci',
  155. 'ck', 'cl', 'cm', 'cn',
  156. 'co', 'cr', 'cs', 'cu',
  157. 'cv', 'cx', 'cy', 'cz',
  158. 'de', 'dj', 'dk', 'dm',
  159. 'do', 'dz', 'ec', 'ee',
  160. 'eg', 'eh', 'er', 'es',
  161. 'et', 'eu', 'fi', 'fj',
  162. 'fk', 'fm', 'fo', 'fr',
  163. 'ga', 'gb', 'gd', 'ge',
  164. 'gf', 'gg', 'gh', 'gi',
  165. 'gl', 'gm', 'gn', 'gp',
  166. 'gq', 'gr', 'gs', 'gt',
  167. 'gu', 'gw', 'gy', 'hk',
  168. 'hm', 'hn', 'hr', 'ht',
  169. 'hu', 'id', 'ie', 'il',
  170. 'im', 'in', 'io', 'iq',
  171. 'ir', 'is', 'it', 'je',
  172. 'jm', 'jo', 'jp', 'ke',
  173. 'kg', 'kh', 'ki', 'km',
  174. 'kn', 'kp', 'kr', 'kw',
  175. 'ky', 'kz', 'la', 'lb',
  176. 'lc', 'li', 'lk', 'lr',
  177. 'ls', 'lt', 'lu', 'lv',
  178. 'ly', 'ma', 'mc', 'md',
  179. 'me', 'mg', 'mh', 'mk',
  180. 'ml', 'mm', 'mn', 'mo',
  181. 'mp', 'mq', 'mr', 'ms',
  182. 'mt', 'mu', 'mv', 'mw',
  183. 'mx', 'my', 'mz', 'na',
  184. 'nc', 'ne', 'nf', 'ng',
  185. 'ni', 'nl', 'no', 'np',
  186. 'nr', 'nu', 'nz', 'om',
  187. 'pa', 'pe', 'pf', 'pg',
  188. 'ph', 'pk', 'pl', 'pm',
  189. 'pn', 'pr', 'ps', 'pt',
  190. 'pw', 'py', 'qa', 're',
  191. 'ro', 'rs', 'ru', 'rw',
  192. 'sa', 'sb', 'sc', 'sd',
  193. 'se', 'sg', 'sh', 'si',
  194. 'sj', 'sk', 'sl', 'sm',
  195. 'sn', 'so', 'sr', 'st',
  196. 'su', 'sv', 'sy', 'sz',
  197. 'tc', 'td', 'tf', 'tg',
  198. 'th', 'tj', 'tk', 'tl',
  199. 'tm', 'tn', 'to', 'tp',
  200. 'tr', 'tt', 'tv', 'tw',
  201. 'tz', 'ua', 'ug', 'uk',
  202. 'us', 'uy', 'uz', 'va',
  203. 'vc', 've', 'vg', 'vi',
  204. 'vn', 'vu', 'wf', 'ws',
  205. 'ye', 'yt', 'yu', 'za',
  206. 'zm', 'zw',
  207. ];
  208. // }}}
  209. /**
  210. * Validate a tag URI (RFC4151)
  211. *
  212. * @param string $uri tag URI to validate
  213. *
  214. * @throws Exception
  215. *
  216. * @return bool true if valid tag URI, false if not
  217. */
  218. private static function uriRFC4151(string $uri): bool
  219. {
  220. $datevalid = false;
  221. if (preg_match(
  222. '/^tag:(?<name>.*),(?<date>\d{4}-?\d{0,2}-?\d{0,2}):(?<specific>.*)(.*:)*$/',
  223. $uri,
  224. $matches,
  225. )) {
  226. $date = $matches['date'];
  227. $date6 = strtotime($date);
  228. if ((mb_strlen($date) == 4) && $date <= date('Y')) {
  229. $datevalid = true;
  230. } elseif ((mb_strlen($date) == 7) && ($date6 < strtotime('now'))) {
  231. $datevalid = true;
  232. } elseif ((mb_strlen($date) == 10) && ($date6 < strtotime('now'))) {
  233. $datevalid = true;
  234. }
  235. if (self::email($matches['name'])) {
  236. $namevalid = true;
  237. } else {
  238. $namevalid = self::email('info@' . $matches['name']);
  239. }
  240. return $datevalid && $namevalid;
  241. } else {
  242. return false;
  243. }
  244. }
  245. /**
  246. * Validate a number
  247. *
  248. * @param string $number Number to validate
  249. * @param array $options array where:
  250. * 'decimal' is the decimal char or false when decimal
  251. * not allowed.
  252. * i.e. ',.' to allow both ',' and '.'
  253. * 'dec_prec' Number of allowed decimals
  254. * 'min' minimum value
  255. * 'max' maximum value
  256. *
  257. * @return bool true if valid number, false if not
  258. */
  259. public static function number(string $number, array $options = []): bool
  260. {
  261. $decimal = $dec_prec = $min = $max = null;
  262. if (\is_array($options)) {
  263. extract($options);
  264. }
  265. $dec_prec = $dec_prec ? "{1,{$dec_prec}}" : '+';
  266. $dec_regex = $decimal ? "[{$decimal}][0-9]{$dec_prec}" : '';
  267. if (!preg_match("|^[-+]?\\s*[0-9]+({$dec_regex})?\$|", $number)) {
  268. return false;
  269. }
  270. if ($decimal != '.') {
  271. $number = strtr($number, $decimal, '.');
  272. }
  273. $number = (float) str_replace(' ', '', $number);
  274. if ($min !== null && $min > $number) {
  275. return false;
  276. }
  277. return !($max !== null && $max < $number);
  278. }
  279. /**
  280. * Converting a string to UTF-7 (RFC 2152)
  281. *
  282. * @param string $string string to be converted
  283. *
  284. * @return string converted string
  285. */
  286. private static function stringToUtf7(string $string): string
  287. {
  288. $return = '';
  289. $utf7 = [
  290. 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K',
  291. 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
  292. 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
  293. 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
  294. 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2',
  295. '3', '4', '5', '6', '7', '8', '9', '+', ',',
  296. ];
  297. $state = 0;
  298. if (!empty($string)) {
  299. $i = 0;
  300. while ($i <= mb_strlen($string)) {
  301. $char = mb_substr($string, $i, 1);
  302. if ($state == 0) {
  303. if ((\ord($char) >= 0x7F) || (\ord($char) <= 0x1F)) {
  304. if ($char) {
  305. $return .= '&';
  306. }
  307. $state = 1;
  308. } elseif ($char == '&') {
  309. $return .= '&-';
  310. } else {
  311. $return .= $char;
  312. }
  313. } elseif (($i == mb_strlen($string)
  314. || !((\ord($char) >= 0x7F)) || (\ord($char) <= 0x1F))) {
  315. if ($state != 1) {
  316. if (\ord($char) > 64) {
  317. $return .= '';
  318. } else {
  319. $return .= $utf7[\ord($char)];
  320. }
  321. }
  322. $return .= '-';
  323. $state = 0;
  324. } else {
  325. switch ($state) {
  326. case 1:
  327. $return .= $utf7[\ord($char) >> 2];
  328. $residue = (\ord($char) & 0x03) << 4;
  329. $state = 2;
  330. break;
  331. case 2:
  332. $return .= $utf7[$residue | (\ord($char) >> 4)];
  333. $residue = (\ord($char) & 0x0F) << 2;
  334. $state = 3;
  335. break;
  336. case 3:
  337. $return .= $utf7[$residue | (\ord($char) >> 6)];
  338. $return .= $utf7[\ord($char) & 0x3F];
  339. $state = 1;
  340. break;
  341. }
  342. }
  343. ++$i;
  344. }
  345. return $return;
  346. }
  347. return '';
  348. }
  349. /**
  350. * Validate an email according to full RFC822 (inclusive human readable part)
  351. *
  352. * @param string $email email to validate,
  353. * will return the address for optional dns validation
  354. * @param array $options email() options
  355. *
  356. * @return bool true if valid email, false if not
  357. */
  358. private static function emailRFC822(string &$email, array &$options): bool
  359. {
  360. static $address = null;
  361. static $uncomment = null;
  362. if (!$address) {
  363. // atom = 1*<any CHAR except specials, SPACE and CTLs>
  364. $atom = '[^][()<>@,;:\\".\s\000-\037\177-\377]+\s*';
  365. // qtext = <any CHAR excepting <">, ; => may be folded
  366. // "\" & CR, and including linear-white-space>
  367. $qtext = '[^"\\\\\r]';
  368. // quoted-pair = "\" CHAR ; may quote any char
  369. $quoted_pair = '\\\\.';
  370. // quoted-string = <"> *(qtext/quoted-pair) <">; Regular qtext or
  371. // ; quoted chars.
  372. $quoted_string = '"(?:' . $qtext . '|' . $quoted_pair . ')*"\s*';
  373. // word = atom / quoted-string
  374. $word = '(?:' . $atom . '|' . $quoted_string . ')';
  375. // local-part = word *("." word) ; uninterpreted
  376. // ; case-preserved
  377. $local_part = $word . '(?:\.\s*' . $word . ')*';
  378. // dtext = <any CHAR excluding "[", ; => may be folded
  379. // "]", "\" & CR, & including linear-white-space>
  380. $dtext = '[^][\\\\\r]';
  381. // domain-literal = "[" *(dtext / quoted-pair) "]"
  382. $domain_literal = '\[(?:' . $dtext . '|' . $quoted_pair . ')*\]\s*';
  383. // sub-domain = domain-ref / domain-literal
  384. // domain-ref = atom ; symbolic reference
  385. $sub_domain = '(?:' . $atom . '|' . $domain_literal . ')';
  386. // domain = sub-domain *("." sub-domain)
  387. $domain = $sub_domain . '(?:\.\s*' . $sub_domain . ')*';
  388. // addr-spec = local-part "@" domain ; global address
  389. $addr_spec = $local_part . '@\s*' . $domain;
  390. // route = 1#("@" domain) ":" ; path-relative
  391. $route = '@' . $domain . '(?:,@\s*' . $domain . ')*:\s*';
  392. // route-addr = "<" [route] addr-spec ">"
  393. $route_addr = '<\s*(?:' . $route . ')?' . $addr_spec . '>\s*';
  394. // phrase = 1*word ; Sequence of words
  395. $phrase = $word . '+';
  396. // mailbox = addr-spec ; simple address
  397. // / phrase route-addr ; name & addr-spec
  398. $mailbox = '(?:' . $addr_spec . '|' . $phrase . $route_addr . ')';
  399. // group = phrase ":" [#mailbox] ";"
  400. $group = $phrase . ':\s*(?:' . $mailbox . '(?:,\s*' . $mailbox . ')*)?;\s*';
  401. // address = mailbox ; one addressee
  402. // / group ; named list
  403. $address = '/^\s*(?:' . $mailbox . '|' . $group . ')$/';
  404. $uncomment
  405. = '/((?:(?:\\\\"|[^("])*(?:' . $quoted_string
  406. . ')?)*)((?<!\\\\)\((?:(?2)|.)*?(?<!\\\\)\))/';
  407. }
  408. // strip comments
  409. $email = preg_replace($uncomment, '$1 ', $email);
  410. return preg_match($address, $email);
  411. }
  412. /**
  413. * Full TLD Validation function
  414. *
  415. * This function is used to make a much more proficient validation
  416. * against all types of official domain names.
  417. *
  418. * @param string $email the email address to check
  419. * @param array $options The options for validation
  420. *
  421. * @return bool True if validating succeeds
  422. */
  423. protected static function fullTLDValidation(
  424. string $email,
  425. array $options,
  426. ): bool {
  427. $validate = [];
  428. if (!empty($options['VALIDATE_ITLD_EMAILS'])) {
  429. $validate[] = 'itld';
  430. }
  431. if (!empty($options['VALIDATE_GTLD_EMAILS'])) {
  432. $validate[] = 'gtld';
  433. }
  434. if (!empty($options['VALIDATE_CCTLD_EMAILS'])) {
  435. $validate[] = 'cctld';
  436. }
  437. if (\count($validate) === 0) {
  438. array_push($validate, 'itld', 'gtld', 'cctld');
  439. }
  440. $toValidate = [];
  441. foreach ($validate as $valid) {
  442. $tmpVar = (string) $valid;
  443. $toValidate[$valid] = self::${$tmpVar};
  444. }
  445. $e = self::executeFullEmailValidation($email, $toValidate);
  446. return $e;
  447. }
  448. /**
  449. * Execute the validation
  450. *
  451. * This function will execute the full email vs tld
  452. * validation using an array of tlds passed to it.
  453. *
  454. * @param string $email the email to validate
  455. * @param array $arrayOfTLDs The array of the TLDs to validate
  456. *
  457. * @return bool true or false (Depending on if it validates or if it does not)
  458. */
  459. public static function executeFullEmailValidation(
  460. string $email,
  461. array $arrayOfTLDs,
  462. ): bool {
  463. $emailEnding = explode('.', $email);
  464. $emailEnding = $emailEnding[\count($emailEnding) - 1];
  465. foreach ($arrayOfTLDs as $validator => $keys) {
  466. if (\in_array($emailEnding, $keys)) {
  467. return true;
  468. }
  469. }
  470. return false;
  471. }
  472. /**
  473. * Validate an email
  474. *
  475. * @param string $email email to validate
  476. * @param mixed bool (BC) $check_domain Check or not if the domain exists
  477. * array $options associative array of options
  478. * 'check_domain' boolean Check or not if the domain exists
  479. * 'use_rfc822' boolean Apply the full RFC822 grammar
  480. *
  481. * Ex.
  482. * $options = [
  483. * 'check_domain' => 'true',
  484. * 'fullTLDValidation' => 'true',
  485. * 'use_rfc822' => 'true',
  486. * 'VALIDATE_GTLD_EMAILS' => 'true',
  487. * 'VALIDATE_CCTLD_EMAILS' => 'true',
  488. * 'VALIDATE_ITLD_EMAILS' => 'true',
  489. * ];
  490. * @param null|mixed $options
  491. *
  492. * @throws Exception
  493. *
  494. * @return bool true if valid email, false if not
  495. */
  496. public static function email(string $email, $options = null): bool
  497. {
  498. $check_domain = false;
  499. $use_rfc822 = false;
  500. if (\is_bool($options)) {
  501. $check_domain = $options;
  502. } elseif (\is_array($options)) {
  503. extract($options);
  504. }
  505. /**
  506. * Check for IDN usage so we can encode the domain as Punycode
  507. * before continuing.
  508. */
  509. $hasIDNA = false;
  510. if (self::includePathFileExists('Net/IDNA2.php')) {
  511. include_once('Net/IDNA2.php');
  512. $hasIDNA = true;
  513. }
  514. if ($hasIDNA === true) {
  515. if (str_contains($email, '@')) {
  516. $tmpEmail = explode('@', $email);
  517. $domain = array_pop($tmpEmail);
  518. // Check if the domain contains characters > 127 which means
  519. // it's an idn domain name.
  520. $chars = count_chars($domain, 1);
  521. if (!empty($chars) && max(array_keys($chars)) > 127) {
  522. $idna = &Net_IDNA2::singleton();
  523. $domain = $idna->encode($domain);
  524. }
  525. $tmpEmail[] = $domain;
  526. $email = implode('@', $tmpEmail);
  527. }
  528. }
  529. /**
  530. * @todo Fix bug here.. even if it passes this, it won't be passing
  531. * The regular expression below
  532. */
  533. if (isset($fullTLDValidation)) {
  534. //$valid = self::fullTLDValidation($email, $fullTLDValidation);
  535. $valid = self::fullTLDValidation($email, $options);
  536. if (!$valid) {
  537. return false;
  538. }
  539. }
  540. // the base regexp for address
  541. $regex = '&^(?: # recipient:
  542. ("\s*(?:[^"\f\n\r\t\v\b\s]+\s*)+")| #1 quoted name
  543. ([-\w!\#\$%\&\'*+~/^`|{}]+(?:\.[-\w!\#\$%\&\'*+~/^`|{}]+)*)) #2 OR dot-atom
  544. @(((\[)? #3 domain, 4 as IPv4, 5 optionally bracketed
  545. (?:(?:(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:[0-1]?[0-9]?[0-9]))\.){3}
  546. (?:(?:25[0-5])|(?:2[0-4][0-9])|(?:[0-1]?[0-9]?[0-9]))))(?(5)\])|
  547. ((?:[a-z0-9](?:[-a-z0-9]*[a-z0-9])?\.)*[a-z0-9](?:[-a-z0-9]*[a-z0-9])?) #6 domain as hostname
  548. \.((?:([^- ])[-a-z]*[-a-z]))) #7 TLD
  549. $&xi';
  550. //checks if exists the domain (MX or A)
  551. if ($use_rfc822 ? self::emailRFC822($email, $options)
  552. : preg_match($regex, $email)) {
  553. if ($check_domain && \function_exists('checkdnsrr')) {
  554. $domain = preg_replace('/[^-a-z.0-9]/i', '', array_pop(explode('@', $email)));
  555. return (bool) (checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A'));
  556. }
  557. return true;
  558. }
  559. return false;
  560. }
  561. /**
  562. * Validate a string using the given format 'format'
  563. *
  564. * @param string $string String to validate
  565. * @param array|string $options Options array where:
  566. * 'format' is the format of the string
  567. * Ex:VALIDATE_NUM . VALIDATE_ALPHA (see constants)
  568. * 'min_length' minimum length
  569. * 'max_length' maximum length
  570. *
  571. * @return bool true if valid string, false if not
  572. */
  573. public static function string(string $string, $options): bool
  574. {
  575. $format = null;
  576. $min_length = 0;
  577. $max_length = 0;
  578. if (\is_array($options)) {
  579. extract($options);
  580. }
  581. if ($format && !preg_match("|^[{$format}]*\$|s", $string)) {
  582. return false;
  583. }
  584. if ($min_length && mb_strlen($string) < $min_length) {
  585. return false;
  586. }
  587. return !($max_length && mb_strlen($string) > $max_length);
  588. }
  589. /**
  590. * Validate an URI (RFC2396)
  591. * This function will validate 'foobarstring' by default, to get it to validate
  592. * only http, https, ftp and such you have to pass it in the allowed_schemes
  593. * option, like this:
  594. * <code>
  595. * $options = ['allowed_schemes' => ['http', 'https', 'ftp']]
  596. * var_dump(Validate::uri('http://www.example.org', $options));
  597. * </code>
  598. *
  599. * NOTE 1: The rfc2396 normally allows middle '-' in the top domain
  600. * e.g. http://example.co-m should be valid
  601. * However, as '-' is not used in any known TLD, it is invalid
  602. * NOTE 2: As double shlashes // are allowed in the path part, only full URIs
  603. * including an authority can be valid, no relative URIs
  604. * the // are mandatory (optionally preceeded by the 'sheme:' )
  605. * NOTE 3: the full complience to rfc2396 is not achieved by default
  606. * the characters ';/?:@$,' will not be accepted in the query part
  607. * if not urlencoded, refer to the option "strict'"
  608. *
  609. * @param string $url URI to validate
  610. * @param null|array $options Options used by the validation method.
  611. * key => type
  612. * 'domain_check' => boolean
  613. * Whether to check the DNS entry or not
  614. * 'allowed_schemes' => array, list of protocols
  615. * List of allowed schemes ('http',
  616. * 'ssh+svn', 'mms')
  617. * 'strict' => string the refused chars
  618. * in query and fragment parts
  619. * default: ';/?:@$,'
  620. * empty: accept all rfc2396 foreseen chars
  621. *
  622. * @throws Exception
  623. *
  624. * @return bool true if valid uri, false if not
  625. */
  626. public static function uri(string $url, ?array $options = null): bool
  627. {
  628. $strict = ';/?:@$,';
  629. $domain_check = false;
  630. $allowed_schemes = null;
  631. if (\is_array($options)) {
  632. extract($options);
  633. }
  634. if (\is_array($allowed_schemes)
  635. && \in_array('tag', $allowed_schemes)
  636. ) {
  637. if (str_starts_with($url, 'tag:')) {
  638. return self::uriRFC4151($url);
  639. }
  640. }
  641. if (preg_match(
  642. '&^(?:([a-z][-+.a-z0-9]*):)? # 1. scheme
  643. (?:// # authority start
  644. (?:((?:%[0-9a-f]{2}|[-a-z0-9_.!~*\'();:\&=+$,])*)@)? # 2. authority-userinfo
  645. (?:((?:[a-z0-9](?:[-a-z0-9]*[a-z0-9])?\.)*[a-z](?:[a-z0-9]+)?\.?) # 3. authority-hostname OR
  646. |([0-9]{1,3}(?:\.[0-9]{1,3}){3})) # 4. authority-ipv4
  647. (?::([0-9]*))?) # 5. authority-port
  648. ((?:/(?:%[0-9a-f]{2}|[-a-z0-9_.!~*\'():@\&=+$,;])*)*/?)? # 6. path
  649. (?:\?([^#]*))? # 7. query
  650. (?:\#((?:%[0-9a-f]{2}|[-a-z0-9_.!~*\'();/?:@\&=+$,])*))? # 8. fragment
  651. $&xi',
  652. $url,
  653. $matches,
  654. )) {
  655. $scheme = $matches[1] ?? '';
  656. $authority = $matches[3] ?? '';
  657. if (\is_array($allowed_schemes)
  658. && !\in_array($scheme, $allowed_schemes)
  659. ) {
  660. return false;
  661. }
  662. if (!empty($matches[4])) {
  663. $parts = explode('.', $matches[4]);
  664. foreach ($parts as $part) {
  665. if ($part > 255) {
  666. return false;
  667. }
  668. }
  669. } elseif ($domain_check && \function_exists('checkdnsrr')) {
  670. if (!checkdnsrr($authority, 'A')) {
  671. return false;
  672. }
  673. }
  674. if ($strict) {
  675. $strict = '#[' . preg_quote($strict, '#') . ']#';
  676. if ((!empty($matches[7]) && preg_match($strict, $matches[7]))
  677. || (!empty($matches[8]) && preg_match($strict, $matches[8]))) {
  678. return false;
  679. }
  680. }
  681. return true;
  682. }
  683. return false;
  684. }
  685. /**
  686. * Substr
  687. *
  688. * @param string $num Length
  689. * @param false|string $opt Unknown
  690. */
  691. private static function substr(
  692. string &$date,
  693. string $num,
  694. $opt = false,
  695. ): string {
  696. if (
  697. $opt
  698. && mb_strlen($date) >= $opt
  699. && preg_match('/^[0-9]{' . $opt . '}/', $date, $m)
  700. ) {
  701. $ret = $m[0];
  702. } else {
  703. $ret = mb_substr($date, 0, $num);
  704. }
  705. $date = mb_substr($date, mb_strlen($ret));
  706. return $ret;
  707. }
  708. protected static function modf($val, $div)
  709. {
  710. if (\function_exists('bcmod')) {
  711. return bcmod($val, $div);
  712. } elseif (\function_exists('fmod')) {
  713. return fmod($val, $div);
  714. }
  715. $r = $val / $div;
  716. $i = (int) $r;
  717. return (int) ($val - $i * $div + .1);
  718. }
  719. /**
  720. * Calculates sum of product of number digits with weights
  721. *
  722. * @param string $number number string
  723. * @param array $weights reference to array of weights
  724. *
  725. * @return int returns product of number digits with weights
  726. */
  727. protected static function multWeights(
  728. string $number,
  729. array &$weights,
  730. ): int {
  731. if (!\is_array($weights)) {
  732. return -1;
  733. }
  734. $sum = 0;
  735. $count = min(\count($weights), mb_strlen($number));
  736. if ($count == 0) { // empty string or weights array
  737. return -1;
  738. }
  739. for ($i = 0; $i < $count; ++$i) {
  740. $sum += (int) (mb_substr($number, $i, 1)) * $weights[$i];
  741. }
  742. return $sum;
  743. }
  744. /**
  745. * Calculates control digit for a given number
  746. *
  747. * @param string $number number string
  748. * @param array $weights reference to array of weights
  749. * @param int $modulo (optionsl) number
  750. * @param int $subtract (optional) number
  751. * @param bool $allow_high (optional) true if function can return number higher than 10
  752. *
  753. * @return int -1 calculated control number is returned
  754. */
  755. protected static function getControlNumber(
  756. string $number,
  757. array &$weights,
  758. int $modulo = 10,
  759. int $subtract = 0,
  760. bool $allow_high = false,
  761. ): int {
  762. // calc sum
  763. $sum = self::multWeights($number, $weights);
  764. if ($sum == -1) {
  765. return -1;
  766. }
  767. $mod = self::modf($sum, $modulo); // calculate control digit
  768. if ($subtract > $mod && $mod > 0) {
  769. $mod = $subtract - $mod;
  770. }
  771. if ($allow_high === false) {
  772. $mod %= 10; // change 10 to zero
  773. }
  774. return $mod;
  775. }
  776. /**
  777. * Validates a number
  778. *
  779. * @param string $number number to validate
  780. * @param array $weights reference to array of weights
  781. * @param int $modulo (optional) number
  782. * @param int $subtract (optional) number
  783. *
  784. * @return bool true if valid, false if not
  785. */
  786. protected static function checkControlNumber(
  787. string $number,
  788. array &$weights,
  789. int $modulo = 10,
  790. int $subtract = 0,
  791. ): bool {
  792. if (mb_strlen($number) < \count($weights)) {
  793. return false;
  794. }
  795. $target_digit = mb_substr($number, \count($weights), 1);
  796. $control_digit = self::getControlNumber(
  797. $number,
  798. $weights,
  799. $modulo,
  800. $subtract,
  801. ($modulo > 10),
  802. );
  803. if ($control_digit == -1) {
  804. return false;
  805. }
  806. if ($target_digit === 'X' && $control_digit == 10) {
  807. return true;
  808. }
  809. return !($control_digit != $target_digit);
  810. }
  811. /**
  812. * Bulk data validation for data introduced in the form of an
  813. * assoc array in the form $var_name => $value.
  814. * Can be used on any of Validate subpackages
  815. *
  816. * @param array $data Ex: ['name' => 'toto', 'email' => 'toto@thing.info'];
  817. * @param array $val_type Contains the validation type and all parameters used in.
  818. * 'val_type' is not optional
  819. * others validations properties must have the same name as the function
  820. * parameters.
  821. * Ex: ['toto' => ['type'=>'string','format'='toto@thing.info','min_length'=>5]];
  822. * @param bool $remove if set, the elements not listed in data will be removed
  823. *
  824. * @return array value name => true|false the value name comes from the data key
  825. */
  826. public static function multiple(
  827. array &$data,
  828. array &$val_type,
  829. bool $remove = false,
  830. ): array {
  831. $keys = array_keys($data);
  832. $valid = [];
  833. foreach ($keys as $var_name) {
  834. if (!isset($val_type[$var_name])) {
  835. if ($remove) {
  836. unset($data[$var_name]);
  837. }
  838. continue;
  839. }
  840. $opt = $val_type[$var_name];
  841. $methods = get_class_methods('Validate');
  842. $val2check = $data[$var_name];
  843. // core validation method
  844. if (\in_array(mb_strtolower($opt['type']), $methods)) {
  845. //$opt[$opt['type']] = $data[$var_name];
  846. $method = $opt['type'];
  847. unset($opt['type']);
  848. if (sizeof($opt) == 1 && \is_array(reset($opt))) {
  849. $opt = array_pop($opt);
  850. }
  851. $valid[$var_name] = \call_user_func(['Validate', $method], $val2check, $opt);
  852. /**
  853. * external validation method in the form:
  854. * "<class name><underscore><method name>"
  855. * Ex: us_ssn will include class Validate/US.php and call method ssn()
  856. */
  857. } elseif (str_contains($opt['type'], '_')) {
  858. $validateType = explode('_', $opt['type']);
  859. $method = array_pop($validateType);
  860. $class = implode('_', $validateType);
  861. $classPath = str_replace('_', \DIRECTORY_SEPARATOR, $class);
  862. $class = 'Validate_' . $class;
  863. if (self::includePathFileExists("Validate/{$classPath}.php")) {
  864. include_once "Validate/{$classPath}.php";
  865. } else {
  866. trigger_error("{$class} isn't installed or you may have some permission issues", \E_USER_ERROR);
  867. }
  868. $ce = mb_substr(phpversion(), 0, 1) > 4
  869. ? class_exists($class, false) : class_exists($class);
  870. if (!$ce
  871. || !\in_array($method, get_class_methods($class))
  872. ) {
  873. trigger_error(
  874. "Invalid validation type {$class}::{$method}",
  875. \E_USER_WARNING,
  876. );
  877. continue;
  878. }
  879. unset($opt['type']);
  880. if (sizeof($opt) == 1) {
  881. $opt = array_pop($opt);
  882. }
  883. $valid[$var_name] = \call_user_func(
  884. [$class, $method],
  885. $data[$var_name],
  886. $opt,
  887. );
  888. } else {
  889. trigger_error(
  890. "Invalid validation type {$opt['type']}",
  891. \E_USER_WARNING,
  892. );
  893. }
  894. }
  895. return $valid;
  896. }
  897. /**
  898. * Determine whether specified file exists along the include path.
  899. *
  900. * @param string $filename file to search for
  901. *
  902. * @return bool true if file exists
  903. */
  904. private static function includePathFileExists(string $filename): bool
  905. {
  906. $paths = explode(':', ini_get('include_path'));
  907. $result = false;
  908. foreach ($paths as $val) {
  909. $result = file_exists($val . '/' . $filename);
  910. if ($result) {
  911. break;
  912. }
  913. }
  914. return $result;
  915. }
  916. }