oxinputvalidator.php

Go to the documentation of this file.

<?php

class oxInputValidator extends oxSuperCfg
{

    const INVALID_ACCOUNT_NUMBER = -5;

    const INVALID_BANK_CODE = -4;

    private static $_instance = null;

    protected $_aRequiredCCFields = array( 'kktype',
                                           'kknumber',
                                           'kkmonth',
                                           'kkyear',
                                           'kkname',
                                           'kkpruef'
                                          );

    protected $_aInputValidationErrors = array();

    protected $_aPossibleCCType = array( 'mcd', // Master Card
                                         'vis', // Visa
                                         'amx', // American Express
                                         'dsc', // Discover
                                         'dnc', // Diners Club
                                         'jcb', // JCB
                                         'swi', // Switch
                                         'dlt', // Delta
                                         'enr'  // EnRoute
                                        );

    protected $_aRequiredDCFields = array( 'lsbankname',
                                           'lsktonr',
                                           'lsktoinhaber'
                                         );

    public function __construct()
    {
    }

    static function getInstance()
    {
        if ( defined('OXID_PHP_UNIT')) {
            if ( ($oClassMod = modInstances::getMod(__CLASS__))  && is_object($oClassMod) ) {
                return $oClassMod;
            } else {
                 $inst = oxNew( 'oxInputValidator' );
                 modInstances::addMod( __CLASS__, $inst );
                 return $inst;
            }
        }

        if ( !isset( self::$_instance ) ) {
            // allow modules
            self::$_instance = oxNew( 'oxInputValidator' );
        }
        return self::$_instance;
    }

    public function validateBasketAmount( $dAmount )
    {
        $dAmount = str_replace( ',', '.', $dAmount );

        if ( !is_numeric( $dAmount ) || $dAmount < 0) {
            $oEx = oxNew( 'oxArticleInputException' );
            $oEx->setMessage('EXCEPTION_INPUT_INVALIDAMOUNT');
            throw $oEx;
        }

        if ( !oxConfig::getInstance()->getConfigParam( 'blAllowUnevenAmounts' ) ) {
            $dAmount = round( ( string ) $dAmount );
        }

        //negative amounts are not allowed
        //$dAmount = abs($dAmount);

        return $dAmount;
    }

    public function checkLogin( $oUser, $sLogin, $aInvAddress )
    {
        // check only for users with password during registration
        // if user wants to change user name - we must check if passwords are ok before changing
        if ( $oUser->oxuser__oxpassword->value && $sLogin != $oUser->oxuser__oxusername->value ) {

            // on this case password must be taken directly from request
            $sNewPass = (isset( $aInvAddress['oxuser__oxpassword']) && $aInvAddress['oxuser__oxpassword'] )?$aInvAddress['oxuser__oxpassword']:oxConfig::getParameter( 'user_password' );
            if ( !$sNewPass ) {

                // 1. user forgot to enter password
                $oEx = oxNew( 'oxInputException' );
                $oEx->setMessage('EXCEPTION_INPUT_NOTALLFIELDS');

                return $this->_addValidationError( "oxuser__oxpassword", $oEx );
            } else {

                // 2. entered wrong password
                if ( !$oUser->isSamePassword( $sNewPass ) ) {
                    $oEx = oxNew( 'oxUserException' );
                    $oEx->setMessage('EXCEPTION_USER_PWDDONTMATCH');

                    return $this->_addValidationError( "oxuser__oxpassword", $oEx );
                }
            }
        }

        if ( $oUser->checkIfEmailExists( $sLogin ) ) {
            //if exists then we do now allow to do that
            $oEx = oxNew( 'oxUserException' );
            $oLang = oxLang::getInstance();
            $oEx->setMessage( sprintf( $oLang->translateString( 'EXCEPTION_USER_USEREXISTS', $oLang->getTplLanguage() ), $sLogin ) );

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }
    }

    public function checkEmail(  $oUser, $sEmail )
    {
        // missing email address (user login name) ?
        if ( !$sEmail ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('EXCEPTION_INPUT_NOTALLFIELDS');

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }

        // invalid email address ?
        if ( !oxUtils::getInstance()->isValidEmail( $sEmail ) ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage( 'EXCEPTION_INPUT_NOVALIDEMAIL' );

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }
    }

    public function checkPassword( $oUser, $sNewPass, $sConfPass, $blCheckLength = false )
    {
        //  no password at all
        if ( $blCheckLength && getStr()->strlen( $sNewPass ) == 0 ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('EXCEPTION_INPUT_EMPTYPASS');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }

        //  password is too short ?
        if ( $blCheckLength &&  getStr()->strlen( $sNewPass ) < 6 ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('EXCEPTION_INPUT_PASSTOOSHORT');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }

        //  passwords do not match ?
        if ( $sNewPass != $sConfPass ) {
            $oEx = oxNew( 'oxUserException' );
            $oEx->setMessage('EXCEPTION_USER_PWDDONTMATCH');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }
    }

    public function checkRequiredFields( $oUser, $aInvAddress, $aDelAddress )
    {
        // collecting info about required fields
        $aMustFields = array( 'oxuser__oxfname',
                              'oxuser__oxlname',
                              'oxuser__oxstreetnr',
                              'oxuser__oxstreet',
                              'oxuser__oxzip',
                              'oxuser__oxcity' );

        // config should override default fields
        $aMustFillFields = $this->getConfig()->getConfigParam( 'aMustFillFields' );
        if ( is_array( $aMustFillFields ) ) {
            $aMustFields = $aMustFillFields;
        }

        // assuring data to check
        $aInvAddress = is_array( $aInvAddress )?$aInvAddress:array();
        $aDelAddress = is_array( $aDelAddress )?$aDelAddress:array();

        // collecting fields
        $aFields = array_merge( $aInvAddress, $aDelAddress );


        // check delivery address ?
        $blCheckDel = false;
        if ( count( $aDelAddress ) ) {
            $blCheckDel = true;
        }

        // checking
        foreach ( $aMustFields as $sMustField ) {

            // A. not nice, but we keep all fields info in one config array, and must support backward compatibility.
            if ( !$blCheckDel && strpos( $sMustField, 'oxaddress__' ) === 0 ) {
                continue;
            }

            if ( isset( $aFields[$sMustField] ) && is_array( $aFields[$sMustField] ) ) {
                $this->checkRequiredArrayFields( $oUser, $sMustField, $aFields[$sMustField] );
            } elseif ( !isset( $aFields[$sMustField] ) || !trim( $aFields[$sMustField] ) ) {
                   $oEx = oxNew( 'oxInputException' );
                   $oEx->setMessage('EXCEPTION_INPUT_NOTALLFIELDS');

                   $this->_addValidationError( $sMustField, $oEx );
            }
        }
    }

    public function checkRequiredArrayFields( $oUser, $sFieldName, $aFieldValues )
    {
        foreach ( $aFieldValues as $sValue ) {
            if ( !trim( $sValue ) ) {
                $oEx = oxNew( 'oxInputException' );
                $oEx->setMessage('EXCEPTION_INPUT_NOTALLFIELDS');

                $this->_addValidationError( $sFieldName, $oEx );
            }
        }
    }

    public function checkCountries( $oUser, $aInvAddress, $aDelAddress )
    {
        $sBillCtry = isset( $aInvAddress['oxuser__oxcountryid'] ) ? $aInvAddress['oxuser__oxcountryid'] : null;
        $sDelCtry  = isset( $aDelAddress['oxaddress__oxcountryid'] ) ? $aDelAddress['oxaddress__oxcountryid'] : null;

        if ( $sBillCtry || $sDelCtry ) {
            $oDb = oxDb::getDb();

            if ( ( $sBillCtry == $sDelCtry ) || ( !$sBillCtry && $sDelCtry ) || ( $sBillCtry && !$sDelCtry ) ) {
                $sBillCtry = $sBillCtry ? $sBillCtry : $sDelCtry;
                $sQ = "select oxactive from oxcountry where oxid = ".$oDb->quote( $sBillCtry )." ";
            } else {
                $sQ = "select ( select oxactive from oxcountry where oxid = ".$oDb->quote( $sBillCtry )." ) and
                              ( select oxactive from oxcountry where oxid = ".$oDb->quote( $sDelCtry )." ) ";
            }

            if ( !$oDb->getOne( $sQ ) ) {
                $oEx = oxNew( 'oxUserException' );
                $oEx->setMessage('EXCEPTION_INPUT_NOTALLFIELDS' );

                $this->_addValidationError( "oxuser__oxpassword", $oEx );
            }
        }
    }

    public function checkVatId( $oUser, $aInvAddress )
    {
        if ( $aInvAddress['oxuser__oxustid'] ) {

            if (!($sCountryId = $aInvAddress['oxuser__oxcountryid'])) {
                // no country
                return;
            }
            $oCountry = oxNew('oxcountry');
            if ( $oCountry->load( $sCountryId ) && $oCountry->isForeignCountry() && $oCountry->isInEU() ) {

                    if ( strncmp( $aInvAddress['oxuser__oxustid'], $oCountry->oxcountry__oxisoalpha2->value, 2 ) ) {
                        $oEx = oxNew( 'oxInputException' );
                        $oEx->setMessage( 'VAT_MESSAGE_ID_NOT_VALID' );

                        return $this->_addValidationError( "oxuser__oxustid", $oEx );
                    }

            }
        }
    }

    public function getFieldValidationErrors()
    {
        return $this->_aInputValidationErrors;
    }

    public function getFirstValidationError()
    {
        $oErr = null;
        $aErr = reset( $this->_aInputValidationErrors );
        if ( is_array( $aErr ) ) {
            $oErr = reset( $aErr );
        }
        return $oErr;
    }

    public function validatePaymentInputData( $sPaymentId, & $aDynValue )
    {
        $mxValidationResult = true;

        switch( $sPaymentId ) {
            case 'oxidcreditcard':
                $mxValidationResult = false;

                $blAllCreditCardInformationSet = $this->_isAllBankInformationSet( $this->_aRequiredCCFields, $aDynValue );
                $blCreditCardTypeExist = in_array( $aDynValue['kktype'], $this->_aPossibleCCType );

                if ( $blAllCreditCardInformationSet && $blCreditCardTypeExist ) {
                    $oCardValidator = oxNew( "oxccvalidator" );
                    $mxValidationResult = $oCardValidator->isValidCard(
                                                    $aDynValue['kknumber'],
                                                    $aDynValue['kktype'],
                                                    $aDynValue['kkmonth'].substr( $aDynValue['kkyear'], 2, 2 )
                    );
                }
                break;

            case "oxiddebitnote":
                $mxValidationResult = false;

                if ( $this->_isAllBankInformationSet( $this->_aRequiredDCFields, $aDynValue ) ) {
                    $mxValidationResult = $this->_validateDebitNote( $aDynValue );
                }

                break;
        }

        return $mxValidationResult;
    }

    protected function _addValidationError( $sFieldName, $oErr )
    {
        return $this->_aInputValidationErrors[$sFieldName][] = $oErr;
    }

    protected function _validateDebitNote( $aDebitInformation )
    {
        $aDebitInformation = $this->_cleanDebitInformation( $aDebitInformation );
        $sBankCode = $aDebitInformation['lsblz'];
        $sAccountNumber = $aDebitInformation['lsktonr'];
        $oSepaValidator = oxNew( "oxSepaValidator" );

        if ( empty( $sBankCode ) || $oSepaValidator->isValidBIC( $sBankCode ) ) {
            $mxValidationResult = true;
            if ( !$oSepaValidator->isValidIBAN( $sAccountNumber ) ) {
                $mxValidationResult = self::INVALID_ACCOUNT_NUMBER;
            }
        } else {
            $mxValidationResult = $this->_validateOldDebitInfo( $aDebitInformation );
        }

        return $mxValidationResult;
    }

    protected function _validateOldDebitInfo( $aDebitInfo )
    {
        $oStr       = getStr();
        $aDebitInfo = $this->_fixAccountNumber( $aDebitInfo );

        $mxValidationResult = true;

        if ( !$oStr->preg_match( "/^\d{5,8}$/", $aDebitInfo['lsblz'] ) ) {
            // Bank code is invalid
            $mxValidationResult = self::INVALID_BANK_CODE;
        }

        if ( true === $mxValidationResult && !$oStr->preg_match( "/^\d{10,12}$/", $aDebitInfo['lsktonr'] ) ) {
            // Account number is invalid
            $mxValidationResult = self::INVALID_ACCOUNT_NUMBER;
        }


        return $mxValidationResult;
    }

    protected function _fixAccountNumber( $aDebitInfo )
    {
        $oStr = getStr();

        if ( $oStr->strlen( $aDebitInfo['lsktonr'] ) < 10 ) {
            $sNewNum = str_repeat(
                           '0', 10 - $oStr->strlen( $aDebitInfo['lsktonr'] )
                       ) . $aDebitInfo['lsktonr'];
            $aDebitInfo['lsktonr'] = $sNewNum;
        }

        return $aDebitInfo;
    }

    protected function _isAllBankInformationSet( $aRequiredFields, $aBankInformation )
    {
        $blResult = true;
        foreach ( $aRequiredFields as $sFieldName ) {
            if ( !isset( $aBankInformation[$sFieldName] ) || !trim( $aBankInformation[$sFieldName] ) ) {
                $blResult = false;
                break;
            }
        }

        return $blResult;
    }

    protected function _cleanDebitInformation( $aDebitInformation )
    {
        $aDebitInformation['lsblz']   = str_replace( ' ', '', $aDebitInformation['lsblz'] );
        $aDebitInformation['lsktonr'] = str_replace( ' ', '', $aDebitInformation['lsktonr'] );

        return $aDebitInformation;
    }
}