oxinputvalidator.php

Go to the documentation of this file.

<?php

class oxInputValidator extends oxSuperCfg
{
    private static $_instance = null;

    protected $_aRequiredCCFields = array( 'kktype',
                                           'kknumber',
                                           'kkmonth',
                                           'kkyear',
                                           'kkname',
                                           'kkpruef'
                                          );

    protected $_aInputValidationErrors = array();

    protected $_aPossibleCCType = array( 'mcd', // Master Card
                                         'vis', // Visa
                                         'amx', // American Express
                                         'dsc', // Discover
                                         'dnc', // Diners Club
                                         'jcb', // JCB
                                         'swi', // Switch
                                         'dlt', // Delta
                                         'enr'  // EnRoute
                                        );

    protected $_aRequiredDCFields = array( 'lsbankname',
                                           'lsblz',
                                           'lsktonr',
                                           'lsktoinhaber'
                                         );

    public function __construct()
    {
    }

    static function getInstance()
    {
        return oxRegistry::get("oxInputValidator");
    }

    public function validateBasketAmount( $dAmount )
    {
        $dAmount = str_replace( ',', '.', $dAmount );

        if ( !is_numeric( $dAmount ) || $dAmount < 0) {
            $oEx = oxNew( 'oxArticleInputException' );
            $oEx->setMessage('ERROR_MESSAGE_INPUT_INVALIDAMOUNT');
            throw $oEx;
        }

        if ( !oxRegistry::getConfig()->getConfigParam( 'blAllowUnevenAmounts' ) ) {
            $dAmount = round( ( string ) $dAmount );
        }

        //negative amounts are not allowed
        //$dAmount = abs($dAmount);

        return $dAmount;
    }

    public function validatePaymentInputData( $sPaymentId, & $aDynvalue )
    {
        $mxValidationResult = true;

        switch( $sPaymentId ) {
            case 'oxidcreditcard':

                $mxValidationResult = false;

                foreach ( $this->_aRequiredCCFields as $sFieldName ) {
                    if ( !isset( $aDynvalue[$sFieldName] ) || !trim( $aDynvalue[$sFieldName] ) ) {
                        break 2;
                    }
                }

                if ( in_array( $aDynvalue['kktype'], $this->_aPossibleCCType ) ) {
                    $sType = $aDynvalue['kktype'];
                } else {
                    $sType = null;
                    break;
                }

                $oCardValidator = oxNew( "oxccvalidator" );
                $blResult = $oCardValidator->isValidCard( $aDynvalue['kknumber'], $sType, $aDynvalue['kkmonth'].substr( $aDynvalue['kkyear'], 2, 2 ) );
                if ( $blResult ) {
                    $mxValidationResult = true;
                }

                break;

            case "oxiddebitnote":

                $mxValidationResult = false;
                $oStr = getStr();

                foreach ( $this->_aRequiredDCFields as $sFieldName ) {
                    if ( !isset( $aDynvalue[$sFieldName] ) || !trim( $aDynvalue[$sFieldName] ) ) {
                        break 2;
                    }
                }

                // Cleaning up spaces
                $aDynvalue['lsblz']   = str_replace( ' ', '', $aDynvalue['lsblz'] );
                $aDynvalue['lsktonr'] = str_replace( ' ', '', $aDynvalue['lsktonr'] );

                $oSepaValidator = oxNew( "oxSepaValidator" );

                // Check BIC / IBAN
                if ( $oSepaValidator->isValidBIC($aDynvalue['lsblz']) && $oSepaValidator->isValidIBAN($aDynvalue['lsktonr']) ) {
                    $mxValidationResult = true;
                }

                // If can't meet BIC / IBAN formats check account number and bank code with old validation
                if ( !$mxValidationResult ) {
                    // If account number is shorter than 10, add zeros in front of number
                    if ( $oStr->strlen( $aDynvalue['lsktonr'] ) < 10 ) {
                        $sNewNum = str_repeat( '0', 10 - $oStr->strlen( $aDynvalue['lsktonr'] ) ).$aDynvalue['lsktonr'];
                        $aDynvalue['lsktonr'] = $sNewNum;
                    }

                    if ( $oStr->preg_match( "/^\d{5,8}$/", $aDynvalue['lsblz'] ) ) {
                        if ( !$oStr->preg_match( "/\d{10}/", $aDynvalue['lsktonr'] ) ) {
                            // Account number is invalid
                            $mxValidationResult = -5;
                            break;
                        } else {
                            $mxValidationResult = true;
                        }
                    } else {
                        // Bank code is invalid
                        $mxValidationResult = -4;
                    }
                }


                break;
        }

        return $mxValidationResult;
    }

    protected function _addValidationError( $sFieldName, $oErr )
    {
        return $this->_aInputValidationErrors[$sFieldName][] = $oErr;
    }

    public function checkLogin( $oUser, $sLogin, $aInvAddress )
    {
        // check only for users with password during registration
        // if user wants to change user name - we must check if passwords are ok before changing
        if ( $oUser->oxuser__oxpassword->value && $sLogin != $oUser->oxuser__oxusername->value ) {

            // on this case password must be taken directly from request
            $sNewPass = (isset( $aInvAddress['oxuser__oxpassword']) && $aInvAddress['oxuser__oxpassword'] )?$aInvAddress['oxuser__oxpassword']:oxConfig::getParameter( 'user_password' );
            if ( !$sNewPass ) {

                // 1. user forgot to enter password
                $oEx = oxNew( 'oxInputException' );
                $oEx->setMessage('ERROR_MESSAGE_INPUT_NOTALLFIELDS');

                return $this->_addValidationError( "oxuser__oxpassword", $oEx );
            } else {

                // 2. entered wrong password
                if ( !$oUser->isSamePassword( $sNewPass ) ) {
                    $oEx = oxNew( 'oxUserException' );
                    $oEx->setMessage('ERROR_MESSAGE_USER_PWDDONTMATCH');

                    return $this->_addValidationError( "oxuser__oxpassword", $oEx );
                }
            }
        }

        if ( $oUser->checkIfEmailExists( $sLogin ) ) {
            //if exists then we do now allow to do that
            $oEx = oxNew( 'oxUserException' );
            $oLang = oxRegistry::getLang();
            $oEx->setMessage( sprintf( $oLang->translateString( 'ERROR_MESSAGE_USER_USEREXISTS', $oLang->getTplLanguage() ), $sLogin ) );

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }
    }

    public function checkEmail(  $oUser, $sEmail )
    {
        // missing email address (user login name) ?
        if ( !$sEmail ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('ERROR_MESSAGE_INPUT_NOTALLFIELDS');

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }

        // invalid email address ?
        if ( !oxRegistry::getUtils()->isValidEmail( $sEmail ) ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage( 'ERROR_MESSAGE_INPUT_NOVALIDEMAIL' );

            return $this->_addValidationError( "oxuser__oxusername", $oEx );
        }
    }

    public function checkPassword( $oUser, $sNewPass, $sConfPass, $blCheckLenght = false )
    {
        //  no password at all
        if ( $blCheckLenght && getStr()->strlen( $sNewPass ) == 0 ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('ERROR_MESSAGE_INPUT_EMPTYPASS');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }

        //  password is too short ?
        if ( $blCheckLenght &&  getStr()->strlen( $sNewPass ) < 6 ) {
            $oEx = oxNew( 'oxInputException' );
            $oEx->setMessage('ERROR_MESSAGE_PASSWORD_TOO_SHORT');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }

        //  passwords do not match ?
        if ( $sNewPass != $sConfPass ) {
            $oEx = oxNew( 'oxUserException' );
            $oEx->setMessage('ERROR_MESSAGE_USER_PWDDONTMATCH');

            return $this->_addValidationError( "oxuser__oxpassword", $oEx );
        }
    }

    public function checkRequiredFields( $oUser, $aInvAddress, $aDelAddress )
    {
        // collecting info about required fields
        $aMustFields = array( 'oxuser__oxfname',
                              'oxuser__oxlname',
                              'oxuser__oxstreetnr',
                              'oxuser__oxstreet',
                              'oxuser__oxzip',
                              'oxuser__oxcity' );

        // config should override default fields
        $aMustFillFields = $this->getConfig()->getConfigParam( 'aMustFillFields' );
        if ( is_array( $aMustFillFields ) ) {
            $aMustFields = $aMustFillFields;
        }

        // assuring data to check
        $aInvAddress = is_array( $aInvAddress )?$aInvAddress:array();
        $aDelAddress = is_array( $aDelAddress )?$aDelAddress:array();

        // collecting fields
        $aFields = array_merge( $aInvAddress, $aDelAddress );


        // check delivery address ?
        $blCheckDel = false;
        if ( count( $aDelAddress ) ) {
            $blCheckDel = true;
        }

        // checking
        foreach ( $aMustFields as $sMustField ) {

            // A. not nice, but we keep all fields info in one config array, and must support baskwards compat.
            if ( !$blCheckDel && strpos( $sMustField, 'oxaddress__' ) === 0 ) {
                continue;
            }

            if ( isset( $aFields[$sMustField] ) && is_array( $aFields[$sMustField] ) ) {
                $this->checkRequiredArrayFields( $oUser, $sMustField, $aFields[$sMustField] );
            } elseif ( !isset( $aFields[$sMustField] ) || !trim( $aFields[$sMustField] ) ) {
                   $oEx = oxNew( 'oxInputException' );
                   $oEx->setMessage('ERROR_MESSAGE_INPUT_NOTALLFIELDS');

                   $this->_addValidationError( $sMustField, $oEx );
            }
        }
    }

    public function checkRequiredArrayFields( $oUser, $sFieldName, $aFieldValues )
    {
        foreach ( $aFieldValues as $sValue ) {
            if ( !trim( $sValue ) ) {
                $oEx = oxNew( 'oxInputException' );
                $oEx->setMessage('ERROR_MESSAGE_INPUT_NOTALLFIELDS');

                $this->_addValidationError( $sFieldName, $oEx );
            }
        }
    }

    public function checkCountries( $oUser, $aInvAddress, $aDelAddress )
    {
        $sBillCtry = isset( $aInvAddress['oxuser__oxcountryid'] ) ? $aInvAddress['oxuser__oxcountryid'] : null;
        $sDelCtry  = isset( $aDelAddress['oxaddress__oxcountryid'] ) ? $aDelAddress['oxaddress__oxcountryid'] : null;

        if ( $sBillCtry || $sDelCtry ) {
            $oDb = oxDb::getDb();

            if ( ( $sBillCtry == $sDelCtry ) || ( !$sBillCtry && $sDelCtry ) || ( $sBillCtry && !$sDelCtry ) ) {
                $sBillCtry = $sBillCtry ? $sBillCtry : $sDelCtry;
                $sQ = "select oxactive from oxcountry where oxid = ".$oDb->quote( $sBillCtry )." ";
            } else {
                $sQ = "select ( select oxactive from oxcountry where oxid = ".$oDb->quote( $sBillCtry )." ) and
                              ( select oxactive from oxcountry where oxid = ".$oDb->quote( $sDelCtry )." ) ";
            }

            if ( !$oDb->getOne( $sQ ) ) {
                $oEx = oxNew( 'oxUserException' );
                $oEx->setMessage('ERROR_MESSAGE_INPUT_NOTALLFIELDS' );

                $this->_addValidationError( "oxuser__oxpassword", $oEx );
            }
        }
    }

    public function checkVatId( $oUser, $aInvAddress )
    {
        if ( $aInvAddress['oxuser__oxustid'] ) {

            if (!($sCountryId = $aInvAddress['oxuser__oxcountryid'])) {
                // no country
                return;
            }
            $oCountry = oxNew('oxcountry');
            if ( $oCountry->load( $sCountryId ) && $oCountry->isForeignCountry() && $oCountry->isInEU() ) {

                    if ( strncmp( $aInvAddress['oxuser__oxustid'], $oCountry->oxcountry__oxisoalpha2->value, 2 ) ) {
                        $oEx = oxNew( 'oxInputException' );
                        $oEx->setMessage( 'VAT_MESSAGE_ID_NOT_VALID' );

                        return $this->_addValidationError( "oxuser__oxustid", $oEx );
                    }

            }
        }
    }

    public function getFieldValidationErrors()
    {
        return $this->_aInputValidationErrors;
    }

    public function getFirstValidationError()
    {
        $oErr = null;
        $aErr = reset( $this->_aInputValidationErrors );
        if ( is_array( $aErr ) ) {
            $oErr = reset( $aErr );
        }
        return $oErr;
    }
}