Then, a for loop is entered for iterating through all the characters in the variable $required, which can contain any or all of the letters a, l, u, d, w, or p, which stand for any lette
Trang 1Those characters that do not match are placed in the array $matches by the function, and from there are placed in the string $caught, separated by a comma/space pair so that they can be added to an error message
The string variable $plural is then assigned the value “ is” if there is a single match,
or “s are” if there is more than one This is then used when constructing the error message
so that it reads grammatically, using one or other of the forms (the value of $plural is
shown in bold): “The following character is not allowed”; “The following characters are
not allowed”
Then, a for loop is entered for iterating through all the characters in the variable
$required, which can contain any or all of the letters a, l, u, d, w, or p, which stand for any letter, lowercase, uppercase, digit, word (any letter or number), or punctuation
Depending on which letter is being processed, the variable $regex is assigned the correct value to enable the following preg_match() call to ensure that at least one of that character type is included in the string This feature is very useful in cases where a certain type of input is required such as a number, or maybe a password that must have at least one each of a letter, number, and punctuation character
As the variable’s name indicates, all characters in $required must exist in the string being validated Therefore if any one of the types of characters described by $required is not encountered, another error message is added to the $error array
Finally, if $error has no messages in it, then no errors were encountered, so a single-element array containing the value TRUE is returned Otherwise, a two-single-element array is returned, the first of which is the value FALSE, and the second is the array of error messages
How to Use It
To validate a user-supplied string, call the PIPHP_ValidateText() function, giving it the string to validate and various parameters indicating which characters are both allowed and required
For example, to ensure that a string to be used for a password has one of each type of character—lowercase, uppercase, digit, and punctuation—and is at least 6 and no more than
16 characters long, you could use code such as the following, where $text is extracted from the form input password:
echo "<form method='post' action='$_SERVER[PHP_SELF]'>";
echo "<input type='text' name='password' />";
echo "<input type='submit' /></form>";
if (isset($_POST['password'])) {
$text = $_POST['password'];
$allowed = "a-zA-Z0-9 !&*+=:;@~#";
$required = "ludp";
$result = PIPHP_ValidateText($text, 10, 16, $allowed, $required);
if ($result[0] == FALSE) for ($j = 0 ; $j < count($result[1]) ; ++$j) echo $result[1][$j] ".<br>";
else echo "Password validated";
}
Trang 2You may wish to save this file with a filename such as validate.php, then you can call it
up in your browser and view the result of entering different values A copy of this file is also
in the plug-ins.zip file (in /6/validate.php), which is downloadable from the companion web site at pluginphp.com.
In this code, the string variable $allowed sets the plug-in to accept any of the following: letters of any case, as well as digits, the space character, and any characters out of !&*+=:;@~ and # The $required string simultaneously tells the plug-in that there must be at least one lowercase letter, one uppercase letter, one digit, and one punctuation character
Upon the function’s return, if the first element of the array $result is FALSE, then validation failed and so the strings in the array stored in the second element are displayed— they are the error messages returned by the plug-in But if the first element is TRUE,
validation succeeded
Here’s another example Because $allowed may include regular expression operators such as \w, which means any letter or digit, or the _ character, you could use the plug-in to ensure that a username (determined by you), which should only include letters, digits, underlines, periods, and hyphens (and cannot be comprised only of punctuation), has been correctly entered, like this:
$result = PIPHP_ValidateText($username, 4, 20, "\w\.\-", "a");
In this case, the $allowed argument of \w means “allow letters, digits, and the underline,” while \ and \- also allow the period and hyphen The $required parameter
of a ensures there is at least one letter, which can be of either case
The Plug-in
function PIPHP_ValidateText($text, $minlength, $maxlength, $allowed, $required)
{ $len = strlen($text);
$error = array();
if ($len < $minlength) $error[] = "The string length is too short " "(min $minlength characters)";
elseif ($len > $maxlength) $error[] = "The string length is too long " "(max $maxlength characters)";
$result = preg_match_all("/([^$allowed])/", $text, $matches);
$caught = implode(array_unique($matches[1]), ', ');
$plural = strlen($caught) > 1 ? $plural = "s are" : " is";
if ($result) $error[] = "The following character$plural " "not allowed: " $caught;
for ($j = 0 ; $j < strlen($required) ; ++$j) {
switch(substr(strtolower($required), $j, 1))
Trang 3{ case "a": $regex = "a-zA-Z"; $str = "letter";
break;
case "l": $regex = "a-z"; $str = "lower case";
break;
case "u": $regex = "A-Z"; $str = "upper case";
break;
case "d": $regex = "0-9"; $str = "digit";
break;
case "w": $regex = "\w"; $str = "letter or number";
break;
case "p": $regex = "\W"; $str = "punctuation";
break;
}
if (!preg_match("/[$regex]/", $text)) $error[] = "The string must include at least one " "$str character";
}
if (count($error)) return array(FALSE, $error);
else return array(TRUE);
}
Validate E-mail
Quite often people will make mistakes when entering their e-mail address into a web form This is also another common area where some users just enter rubbish to see what happens
To catch these things, you can use this plug-in to at least check whether the format of an e-mail address supplied to you is valid, as shown in Figure 6-6
About the Plug-in
This plug-in accepts an e-mail address whose format requires validating On success, it returns TRUE, otherwise it returns FALSE It takes this argument:
• $email The e-mail address to be validated
F IGURE 6-6 Using this plug-in you can ensure that the format of an e-mail address is valid.
36
Trang 4Variables, Arrays, and Functions
PIPHP_ValidateText() Plug-in 35: function to validate a string
How It Works
The most obvious required part of an e-mail address is the @ symbol, so the first thing this plug-in does is locate its position and store it in the variable $at If $at is given the value FALSE, or if the length of $email is less than the minimum of six characters that an e-mail
address can have (a@b.cc), then the value FALSE is returned, because the address is already
found to be invalid
Next the e-mail address is split into the two halves on either side of the position pointed
to by $at using the substr() function The left portion is assigned to the variable $left and the right to the variable $right
Then plug-in 35, PIPHP_ValidateText(), is called to evaluate each half The left half must be between one and 64 characters in length and may comprise any letters, digits, underlines, periods, and + or - symbols This is enforced using the argument of \w\.\+\-
Also, at least one letter must be included, so the second argument of a checks for that
The right half of an e-mail address must be between one and 255 characters in length and may be comprised of any mix of letters, digits, hyphens, or periods This validation is accomplished using the argument \a-zA-Z0-9\.\- And to ensure at least one letter appears in the domain, a second argument of a is supplied The results of these two validations are placed in the arrays $res1 and $res2
Final validation is achieved by ensuring there is at least one period in the right half of the e-mail address and that both the previous two validations were also successful If so, then TRUE is returned, otherwise FALSE is returned
How to Use It
To validate an e-mail address, just pass it to PIPHP_ValidateEmail(), which will return TRUE if successful, otherwise it will return FALSE, like this:
if (PIPHP_ValidateEmail($email)) echo "Validation succeeded";
Note that because this plug-in makes use of plug-in 35, PIPHP_ValidateText(), you must also have a copy of it in the same program file, or otherwise include it
The Plug-in
function PIPHP_ValidateEmail($email) {
$at = strrpos($email, '@');
if (!$at || strlen($email) < 3) return FALSE;
Trang 5
$left = substr($email, 0, $at);
$right = substr($email, $at + 1);
$res1 = PIPHP_ValidateText($left, 1, 64, "\w\.\+\-",
"a");
$res2 = PIPHP_ValidateText($right, 1, 255, "\a-zA-Z0-9\.\-",
"a");
if (!strpos($right, '.') || !$res1[0] || !$res2[0]) return FALSE;
else return TRUE;
}
Spam Catch
Even with a strong Captcha system in place, you will still find users trying to manually spam your web site They tend to be people who discover your site through a very specific search engine query for which they would like their own site to also rank well, and they hope that by adding a link back to their site from yours this will happen
Using this plug-in you can specify a set of keywords that will trigger spam detection, and then use the level of spam certainty returned by the function to decide whether to ignore a user post Figure 6-7 illustrates the plug-in in action
About the Plug-in
This plug-in accepts a user-supplied string and matches it against a list of keywords to determine the likelihood that the string contains spam It takes these arguments:
• $text The e-mail address to be validated
• $words An array of keywords against which to check
Variables, Arrays, and Functions
• None
F IGURE 6-7 This plug-in will go a long way towards further reducing spam on your web site.
37