Valid.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537
  1. <?php
  2. /**
  3. * Validation rules.
  4. *
  5. * @package Kohana
  6. * @category Security
  7. * @author Kohana Team
  8. * @copyright (c) Kohana Team
  9. * @license https://koseven.ga/LICENSE.md
  10. */
  11. class Kohana_Valid {
  12. /**
  13. * Checks if a field is not empty.
  14. *
  15. * @return boolean
  16. */
  17. public static function not_empty($value)
  18. {
  19. if (is_object($value) AND $value instanceof ArrayObject)
  20. {
  21. // Get the array from the ArrayObject
  22. $value = $value->getArrayCopy();
  23. }
  24. // Value cannot be NULL, FALSE, '', or an empty array
  25. return ! in_array($value, [NULL, FALSE, '', []], TRUE);
  26. }
  27. /**
  28. * Checks a field against a regular expression.
  29. *
  30. * @param string $value value
  31. * @param string $expression regular expression to match (including delimiters)
  32. * @return boolean
  33. */
  34. public static function regex($value, $expression)
  35. {
  36. return (bool) preg_match($expression, (string) $value);
  37. }
  38. /**
  39. * Checks that a field is long enough.
  40. *
  41. * @param string $value value
  42. * @param integer $length minimum length required
  43. * @return boolean
  44. */
  45. public static function min_length($value, $length)
  46. {
  47. return UTF8::strlen($value) >= $length;
  48. }
  49. /**
  50. * Checks that a field is short enough.
  51. *
  52. * @param string $value value
  53. * @param integer $length maximum length required
  54. * @return boolean
  55. */
  56. public static function max_length($value, $length)
  57. {
  58. return UTF8::strlen($value) <= $length;
  59. }
  60. /**
  61. * Checks that a field is exactly the right length.
  62. *
  63. * @param string $value value
  64. * @param integer|array $length exact length required, or array of valid lengths
  65. * @return boolean
  66. */
  67. public static function exact_length($value, $length)
  68. {
  69. if (is_array($length))
  70. {
  71. foreach ($length as $strlen)
  72. {
  73. if (UTF8::strlen($value) === $strlen)
  74. return TRUE;
  75. }
  76. return FALSE;
  77. }
  78. return UTF8::strlen($value) === $length;
  79. }
  80. /**
  81. * Checks that a field is exactly the value required.
  82. *
  83. * @param string $value value
  84. * @param string $required required value
  85. * @return boolean
  86. */
  87. public static function equals($value, $required)
  88. {
  89. return ($value === $required);
  90. }
  91. /**
  92. * Validates e-mail address
  93. * @link http://www.iamcal.com/publish/articles/php/parsing_email/
  94. * @link http://www.w3.org/Protocols/rfc822/
  95. *
  96. * @param string $email e-mail address
  97. * @param bool $strict strict e-mail checking
  98. * @return boolean
  99. */
  100. public static function email($email, $strict = FALSE)
  101. {
  102. if ($strict)
  103. {
  104. return filter_var(filter_var($email, FILTER_SANITIZE_STRING), FILTER_VALIDATE_EMAIL) !== FALSE;
  105. }
  106. else
  107. {
  108. return filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE;
  109. }
  110. }
  111. /**
  112. * Validate the domain of an email address by checking if the domain has a
  113. * valid MX record.
  114. *
  115. * @link http://php.net/checkdnsrr not added to Windows until PHP 5.3.0
  116. *
  117. * @param string $email email address
  118. * @return boolean
  119. */
  120. public static function email_domain($email)
  121. {
  122. if ( ! Valid::not_empty($email))
  123. return FALSE; // Empty fields cause issues with checkdnsrr()
  124. // Check if the email domain has a valid MX record
  125. return (bool) checkdnsrr(preg_replace('/^[^@]++@/', '', $email), 'MX');
  126. }
  127. /**
  128. * Validate a URL.
  129. *
  130. * @param string $url URL
  131. * @return boolean
  132. */
  133. public static function url($url)
  134. {
  135. // Based on http://www.apps.ietf.org/rfc/rfc1738.html#sec-5
  136. if ( ! preg_match(
  137. '~^
  138. # scheme
  139. [-a-z0-9+.]++://
  140. # username:password (optional)
  141. (?:
  142. [-a-z0-9$_.+!*\'(),;?&=%]++ # username
  143. (?::[-a-z0-9$_.+!*\'(),;?&=%]++)? # password (optional)
  144. @
  145. )?
  146. (?:
  147. # ip address
  148. \d{1,3}+(?:\.\d{1,3}+){3}+
  149. | # or
  150. # hostname (captured)
  151. (
  152. (?!-)[-a-z0-9]{1,63}+(?<!-)
  153. (?:\.(?!-)[-a-z0-9]{1,63}+(?<!-)){0,126}+
  154. )
  155. )
  156. # port (optional)
  157. (?::\d{1,5}+)?
  158. # path (optional)
  159. (?:/.*)?
  160. $~iDx', $url, $matches))
  161. return FALSE;
  162. // We matched an IP address
  163. if ( ! isset($matches[1]))
  164. return TRUE;
  165. // Check maximum length of the whole hostname
  166. // http://en.wikipedia.org/wiki/Domain_name#cite_note-0
  167. if (strlen($matches[1]) > 253)
  168. return FALSE;
  169. // An extra check for the top level domain
  170. // It must start with a letter
  171. $tld = ltrim(substr($matches[1], (int) strrpos($matches[1], '.')), '.');
  172. return ctype_alpha($tld[0]);
  173. }
  174. /**
  175. * Validate an IP.
  176. *
  177. * @param string $ip IP address
  178. * @param boolean $allow_private allow private IP networks
  179. * @return boolean
  180. */
  181. public static function ip($ip, $allow_private = TRUE)
  182. {
  183. // Do not allow reserved addresses
  184. $flags = FILTER_FLAG_NO_RES_RANGE;
  185. if ($allow_private === FALSE)
  186. {
  187. // Do not allow private or reserved addresses
  188. $flags = $flags | FILTER_FLAG_NO_PRIV_RANGE;
  189. }
  190. return (bool) filter_var($ip, FILTER_VALIDATE_IP, $flags);
  191. }
  192. /**
  193. * Validates a credit card number, with a Luhn check if possible.
  194. *
  195. * @param integer $number credit card number
  196. * @param string|array $type card type, or an array of card types
  197. * @return boolean
  198. * @uses Valid::luhn
  199. */
  200. public static function credit_card($number, $type = NULL)
  201. {
  202. // Remove all non-digit characters from the number
  203. if (($number = preg_replace('/\D+/', '', $number)) === '')
  204. return FALSE;
  205. if ($type == NULL)
  206. {
  207. // Use the default type
  208. $type = 'default';
  209. }
  210. elseif (is_array($type))
  211. {
  212. foreach ($type as $t)
  213. {
  214. // Test each type for validity
  215. if (Valid::credit_card($number, $t))
  216. return TRUE;
  217. }
  218. return FALSE;
  219. }
  220. $cards = Kohana::$config->load('credit_cards');
  221. // Check card type
  222. $type = strtolower($type);
  223. if ( ! isset($cards[$type]))
  224. return FALSE;
  225. // Check card number length
  226. $length = strlen($number);
  227. // Validate the card length by the card type
  228. if ( ! in_array($length, preg_split('/\D+/', $cards[$type]['length'])))
  229. return FALSE;
  230. // Check card number prefix
  231. if ( ! preg_match('/^'.$cards[$type]['prefix'].'/', $number))
  232. return FALSE;
  233. // No Luhn check required
  234. if ($cards[$type]['luhn'] == FALSE)
  235. return TRUE;
  236. return Valid::luhn($number);
  237. }
  238. /**
  239. * Validate a number against the [Luhn](http://en.wikipedia.org/wiki/Luhn_algorithm)
  240. * (mod10) formula.
  241. *
  242. * @param string $number number to check
  243. * @return boolean
  244. */
  245. public static function luhn($number)
  246. {
  247. // Force the value to be a string as this method uses string functions.
  248. // Converting to an integer may pass PHP_INT_MAX and result in an error!
  249. $number = (string) $number;
  250. if ( ! ctype_digit($number))
  251. {
  252. // Luhn can only be used on numbers!
  253. return FALSE;
  254. }
  255. // Check number length
  256. $length = strlen($number);
  257. // Checksum of the card number
  258. $checksum = 0;
  259. for ($i = $length - 1; $i >= 0; $i -= 2)
  260. {
  261. // Add up every 2nd digit, starting from the right
  262. $checksum += substr($number, $i, 1);
  263. }
  264. for ($i = $length - 2; $i >= 0; $i -= 2)
  265. {
  266. // Add up every 2nd digit doubled, starting from the right
  267. $double = substr($number, $i, 1) * 2;
  268. // Subtract 9 from the double where value is greater than 10
  269. $checksum += ($double >= 10) ? ($double - 9) : $double;
  270. }
  271. // If the checksum is a multiple of 10, the number is valid
  272. return ($checksum % 10 === 0);
  273. }
  274. /**
  275. * Checks if a phone number is valid.
  276. *
  277. * @param string $number phone number to check
  278. * @param array $lengths
  279. * @return boolean
  280. */
  281. public static function phone($number, $lengths = NULL)
  282. {
  283. if ( ! is_array($lengths))
  284. {
  285. $lengths = [7,10,11];
  286. }
  287. // Remove all non-digit characters from the number
  288. $number = preg_replace('/\D+/', '', $number);
  289. // Check if the number is within range
  290. return in_array(strlen($number), $lengths);
  291. }
  292. /**
  293. * Tests if a string is a valid date string.
  294. *
  295. * @param string $str date to check
  296. * @return boolean
  297. */
  298. public static function date($str)
  299. {
  300. return (strtotime($str) !== FALSE);
  301. }
  302. /**
  303. * Checks whether a string consists of alphabetical characters only.
  304. *
  305. * @param string $str input string
  306. * @param boolean $utf8 trigger UTF-8 compatibility
  307. * @return boolean
  308. */
  309. public static function alpha($str, $utf8 = FALSE)
  310. {
  311. $str = (string) $str;
  312. if ($utf8 === TRUE)
  313. {
  314. return (bool) preg_match('/^\pL++$/uD', $str);
  315. }
  316. else
  317. {
  318. return ctype_alpha($str);
  319. }
  320. }
  321. /**
  322. * Checks whether a string consists of alphabetical characters and numbers only.
  323. *
  324. * @param string $str input string
  325. * @param boolean $utf8 trigger UTF-8 compatibility
  326. * @return boolean
  327. */
  328. public static function alpha_numeric($str, $utf8 = FALSE)
  329. {
  330. if ($utf8 === TRUE)
  331. {
  332. return (bool) preg_match('/^[\pL\pN]++$/uD', $str);
  333. }
  334. else
  335. {
  336. return ctype_alnum($str);
  337. }
  338. }
  339. /**
  340. * Checks whether a string consists of alphabetical characters, numbers, underscores and dashes only.
  341. *
  342. * @param string $str input string
  343. * @param boolean $utf8 trigger UTF-8 compatibility
  344. * @return boolean
  345. */
  346. public static function alpha_dash($str, $utf8 = FALSE)
  347. {
  348. if ($utf8 === TRUE)
  349. {
  350. $regex = '/^[-\pL\pN_]++$/uD';
  351. }
  352. else
  353. {
  354. $regex = '/^[-a-z0-9_]++$/iD';
  355. }
  356. return (bool) preg_match($regex, $str);
  357. }
  358. /**
  359. * Checks whether a string consists of digits only (no dots or dashes).
  360. *
  361. * @param string $str input string
  362. * @param boolean $utf8 trigger UTF-8 compatibility
  363. * @return boolean
  364. */
  365. public static function digit($str, $utf8 = FALSE)
  366. {
  367. if ($utf8 === TRUE)
  368. {
  369. return (bool) preg_match('/^\pN++$/uD', $str);
  370. }
  371. else
  372. {
  373. return (is_int($str) AND $str >= 0) OR ctype_digit($str);
  374. }
  375. }
  376. /**
  377. * Checks whether a string is a valid number (negative and decimal numbers allowed).
  378. *
  379. * Uses {@link http://www.php.net/manual/en/function.localeconv.php locale conversion}
  380. * to allow decimal point to be locale specific (when used in PHP version < 8.0)
  381. * {@link https://php.watch/versions/8.0/float-to-string-locale-independent more info}
  382. *
  383. * @param string $str input string
  384. * @return boolean
  385. */
  386. public static function numeric($str)
  387. {
  388. if (version_compare(phpversion(), '8.0.0', '<')) {
  389. // Get the decimal point for the current locale
  390. list($decimal) = array_values(localeconv());
  391. } else {
  392. // Since PHP 8 the decimal separator is locale independent
  393. $decimal = '.';
  394. }
  395. // A lookahead is used to make sure the string contains at least one digit (before or after the decimal point)
  396. return (bool) preg_match('/^-?+(?=.*[0-9])[0-9]*+'.preg_quote($decimal).'?+[0-9]*+$/D', (string) $str);
  397. }
  398. /**
  399. * Tests if a number is within a range.
  400. *
  401. * @param string $number number to check
  402. * @param integer $min minimum value
  403. * @param integer $max maximum value
  404. * @param integer $step increment size
  405. * @return boolean
  406. */
  407. public static function range($number, $min, $max, $step = NULL)
  408. {
  409. if ($number < $min OR $number > $max)
  410. {
  411. // Number is outside of range
  412. return FALSE;
  413. }
  414. if ( ! $step)
  415. {
  416. // Default to steps of 1
  417. $step = 1;
  418. }
  419. // Check step requirements
  420. return (($number - $min) % $step === 0);
  421. }
  422. /**
  423. * Checks if a string is a proper decimal format. Optionally, a specific
  424. * number of digits can be checked too.
  425. *
  426. * @param string $str number to check
  427. * @param integer $places number of decimal places
  428. * @param integer $digits number of digits
  429. * @return boolean
  430. */
  431. public static function decimal($str, $places = 2, $digits = NULL)
  432. {
  433. if ($digits > 0)
  434. {
  435. // Specific number of digits
  436. $digits = '{'.( (int) $digits).'}';
  437. }
  438. else
  439. {
  440. // Any number of digits
  441. $digits = '+';
  442. }
  443. // Get the decimal point for the current locale
  444. list($decimal) = array_values(localeconv());
  445. return (bool) preg_match('/^[+-]?[0-9]'.$digits.preg_quote($decimal).'[0-9]{'.( (int) $places).'}$/D', $str);
  446. }
  447. /**
  448. * Checks if a string is a proper hexadecimal HTML color value. The validation
  449. * is quite flexible as it does not require an initial "#" and also allows for
  450. * the short notation using only three instead of six hexadecimal characters.
  451. *
  452. * @param string $str input string
  453. * @return boolean
  454. */
  455. public static function color($str)
  456. {
  457. return (bool) preg_match('/^#?+[0-9a-f]{3}(?:[0-9a-f]{3})?$/iD', $str);
  458. }
  459. /**
  460. * Checks if a field matches the value of another field.
  461. *
  462. * @param array $array array of values
  463. * @param string $field field name
  464. * @param string $match field name to match
  465. * @return boolean
  466. */
  467. public static function matches($array, $field, $match)
  468. {
  469. return ($array[$field] === $array[$match]);
  470. }
  471. }