oxinputvalidator.php

Go to the documentation of this file.

<?php

class oxInputValidator extends oxSuperCfg
{

    const INVALID_ACCOUNT_NUMBER = -5;

    const INVALID_BANK_CODE = -4;

    protected $_aRequiredCCFields = array('kktype',
                                          'kknumber',
                                          'kkmonth',
                                          'kkyear',
                                          'kkname',
                                          'kkpruef'
    );

    protected $_aInputValidationErrors = array();


    protected $_oCompanyVatInValidator = null;

    protected $_aPossibleCCType = array('mcd', // Master Card
                                        'vis', // Visa
                                        'amx', // American Express
                                        'dsc', // Discover
                                        'dnc', // Diners Club
                                        'jcb', // JCB
                                        'swi', // Switch
                                        'dlt', // Delta
                                        'enr' // EnRoute
    );

    protected $_aRequiredDCFields = array('lsbankname',
                                          'lsktonr',
                                          'lsktoinhaber'
    );

    public function __construct()
    {
    }

    public function validateBasketAmount($dAmount)
    {
        $dAmount = str_replace(',', '.', $dAmount);

        if (!is_numeric($dAmount) || $dAmount < 0) {
            $oEx = oxNew('oxArticleInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_INVALIDAMOUNT'));
            throw $oEx;
        }

        if (!oxRegistry::getConfig()->getConfigParam('blAllowUnevenAmounts')) {
            $dAmount = round(( string ) $dAmount);
        }

        //negative amounts are not allowed
        //$dAmount = abs($dAmount);

        return $dAmount;
    }

    public function checkLogin($oUser, $sLogin, $aInvAddress)
    {
        $sLogin = (isset($aInvAddress['oxuser__oxusername'])) ? $aInvAddress['oxuser__oxusername'] : $sLogin;

        // check only for users with password during registration
        // if user wants to change user name - we must check if passwords are ok before changing
        if ($oUser->oxuser__oxpassword->value && $sLogin != $oUser->oxuser__oxusername->value) {

            // on this case password must be taken directly from request
            $sNewPass = (isset($aInvAddress['oxuser__oxpassword']) && $aInvAddress['oxuser__oxpassword']) ? $aInvAddress['oxuser__oxpassword'] : oxRegistry::getConfig()->getRequestParameter('user_password');
            if (!$sNewPass) {

                // 1. user forgot to enter password
                $oEx = oxNew('oxInputException');
                $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));

                return $this->_addValidationError("oxuser__oxpassword", $oEx);
            } else {

                // 2. entered wrong password
                if (!$oUser->isSamePassword($sNewPass)) {
                    $oEx = oxNew('oxUserException');
                    $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_PASSWORD_DO_NOT_MATCH'));

                    return $this->_addValidationError("oxuser__oxpassword", $oEx);
                }
            }
        }

        if ($oUser->checkIfEmailExists($sLogin)) {
            //if exists then we do now allow to do that
            $oEx = oxNew('oxUserException');
            $oEx->setMessage(sprintf(oxRegistry::getLang()->translateString('ERROR_MESSAGE_USER_USEREXISTS'), $sLogin));

            return $this->_addValidationError("oxuser__oxusername", $oEx);
        }

        return $sLogin;
    }

    public function checkEmail($oUser, $sEmail)
    {
        // missing email address (user login name) ?
        if (!$sEmail) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));

            return $this->_addValidationError("oxuser__oxusername", $oEx);
        }

        // invalid email address ?
        if (!oxRegistry::getUtils()->isValidEmail($sEmail)) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOVALIDEMAIL'));

            return $this->_addValidationError("oxuser__oxusername", $oEx);
        }
    }

    public function checkPassword($oUser, $sNewPass, $sConfPass, $blCheckLength = false)
    {
        //  no password at all
        if ($blCheckLength && getStr()->strlen($sNewPass) == 0) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_EMPTYPASS'));

            return $this->_addValidationError("oxuser__oxpassword", $oEx);
        }

        //  password is too short ?
        if ($blCheckLength && getStr()->strlen($sNewPass) < 6) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_PASSWORD_TOO_SHORT'));

            return $this->_addValidationError("oxuser__oxpassword", $oEx);
        }

        //  passwords do not match ?
        if ($sNewPass != $sConfPass) {
            $oEx = oxNew('oxUserException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_PASSWORD_DO_NOT_MATCH'));

            return $this->_addValidationError("oxuser__oxpassword", $oEx);
        }
    }

    public function checkRequiredFields($oUser, $aBillingAddress, $aDeliveryAddress)
    {
        $oRequiredAddressFields = oxNew('oxRequiredAddressFields');

        $oFieldsValidator = oxNew('oxRequiredFieldsValidator');

        $oUser = oxNew('oxUser');
        $oBillingAddress = $this->_setFields($oUser, $aBillingAddress);
        $oFieldsValidator->setRequiredFields($oRequiredAddressFields->getBillingFields());
        $oFieldsValidator->validateFields($oBillingAddress);
        $aInvalidFields = $oFieldsValidator->getInvalidFields();

        if (!empty($aDeliveryAddress)) {
            $oDeliveryAddress = $this->_setFields(oxNew('oxAddress'), $aDeliveryAddress);
            $oFieldsValidator->setRequiredFields($oRequiredAddressFields->getDeliveryFields());
            $oFieldsValidator->validateFields($oDeliveryAddress);
            $aInvalidFields = array_merge($aInvalidFields, $oFieldsValidator->getInvalidFields());
        }

        foreach ($aInvalidFields as $sField) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));

            $this->_addValidationError($sField, $oEx);
        }
    }

    private function _setFields($oObject, $aFields)
    {
        $aFields = is_array($aFields) ? $aFields : array();
        foreach ($aFields as $sKey => $sValue) {
            $oObject->$sKey = oxNew('oxField', $sValue);
        }

        return $oObject;
    }

    public function checkRequiredArrayFields($oUser, $sFieldName, $aFieldValues)
    {
        foreach ($aFieldValues as $sValue) {
            if (!trim($sValue)) {
                $oEx = oxNew('oxInputException');
                $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));

                $this->_addValidationError($sFieldName, $oEx);
            }
        }
    }

    public function checkCountries($oUser, $aInvAddress, $aDelAddress)
    {
        $sBillCtry = isset($aInvAddress['oxuser__oxcountryid']) ? $aInvAddress['oxuser__oxcountryid'] : null;
        $sDelCtry = isset($aDelAddress['oxaddress__oxcountryid']) ? $aDelAddress['oxaddress__oxcountryid'] : null;

        if ($sBillCtry || $sDelCtry) {
            $oDb = oxDb::getDb();

            if (($sBillCtry == $sDelCtry) || (!$sBillCtry && $sDelCtry) || ($sBillCtry && !$sDelCtry)) {
                $sBillCtry = $sBillCtry ? $sBillCtry : $sDelCtry;
                $sQ = "select oxactive from oxcountry where oxid = " . $oDb->quote($sBillCtry) . " ";
            } else {
                $sQ = "select ( select oxactive from oxcountry where oxid = " . $oDb->quote($sBillCtry) . " ) and
                              ( select oxactive from oxcountry where oxid = " . $oDb->quote($sDelCtry) . " ) ";
            }

            if (!$oDb->getOne($sQ)) {
                $oEx = oxNew('oxUserException');
                $oEx->setMessage(oxRegistry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));

                $this->_addValidationError("oxuser__oxpassword", $oEx);
            }
        }
    }

    public function checkVatId($oUser, $aInvAddress)
    {
        if ($this->_hasRequiredParametersForVatInCheck($aInvAddress)) {

            $oCountry = $this->_getCountry($aInvAddress['oxuser__oxcountryid']);

            if ($oCountry && $oCountry->isInEU()) {

                $oVatInValidator = $this->getCompanyVatInValidator($oCountry);

                $oVatIn = oxNew('oxCompanyVatIn', $aInvAddress['oxuser__oxustid']);

                if (!$oVatInValidator->validate($oVatIn)) {
                    $oEx = oxNew('oxInputException');
                    $oEx->setMessage(oxRegistry::getLang()->translateString('VAT_MESSAGE_' . $oVatInValidator->getError()));

                    return $this->_addValidationError("oxuser__oxustid", $oEx);
                }
            }
        } elseif ($aInvAddress['oxuser__oxustid'] && !$aInvAddress['oxuser__oxcompany']) {
            $oEx = oxNew('oxInputException');
            $oEx->setMessage(oxRegistry::getLang()->translateString('VAT_MESSAGE_COMPANY_MISSING'));

            return $this->_addValidationError("oxuser__oxcompany", $oEx);
        }
    }


    protected function _getCountry($sCountryId)
    {
        $oCountry = oxNew('oxCountry');
        $oCountry->load($sCountryId);

        return $oCountry;
    }

    public function getFieldValidationErrors()
    {
        return $this->_aInputValidationErrors;
    }

    public function getFirstValidationError()
    {
        $oErr = null;
        $aErr = reset($this->_aInputValidationErrors);
        if (is_array($aErr)) {
            $oErr = reset($aErr);
        }

        return $oErr;
    }

    public function validatePaymentInputData($sPaymentId, & $aDynValue)
    {
        $mxValidationResult = true;

        switch ($sPaymentId) {
            case 'oxidcreditcard':
                $mxValidationResult = false;

                $blAllCreditCardInformationSet = $this->_isAllBankInformationSet($this->_aRequiredCCFields, $aDynValue);
                $blCreditCardTypeExist = in_array($aDynValue['kktype'], $this->_aPossibleCCType);

                if ($blAllCreditCardInformationSet && $blCreditCardTypeExist) {
                    $oCardValidator = oxNew("oxccvalidator");
                    $mxValidationResult = $oCardValidator->isValidCard(
                        $aDynValue['kknumber'],
                        $aDynValue['kktype'],
                        $aDynValue['kkmonth'] . substr($aDynValue['kkyear'], 2, 2)
                    );
                }
                break;

            case "oxiddebitnote":
                $mxValidationResult = false;

                if ($this->_isAllBankInformationSet($this->_aRequiredDCFields, $aDynValue)) {
                    $mxValidationResult = $this->_validateDebitNote($aDynValue);
                }

                break;
        }

        return $mxValidationResult;
    }

    protected function _addValidationError($sFieldName, $oErr)
    {
        return $this->_aInputValidationErrors[$sFieldName][] = $oErr;
    }

    protected function _validateDebitNote($aDebitInformation)
    {
        $aDebitInformation = $this->_cleanDebitInformation($aDebitInformation);
        $sBankCode = $aDebitInformation['lsblz'];
        $sAccountNumber = $aDebitInformation['lsktonr'];
        $oSepaValidator = oxNew("oxSepaValidator");

        if (empty($sBankCode) || $oSepaValidator->isValidBIC($sBankCode)) {
            $mxValidationResult = true;
            if (!$oSepaValidator->isValidIBAN($sAccountNumber)) {
                $mxValidationResult = self::INVALID_ACCOUNT_NUMBER;
            }
        } else {
            $mxValidationResult = self::INVALID_BANK_CODE;
            if (!oxRegistry::getConfig()->getConfigParam('blSkipDebitOldBankInfo')) {
                $mxValidationResult = $this->_validateOldDebitInfo($aDebitInformation);
            }
        }

        return $mxValidationResult;
    }

    protected function _validateOldDebitInfo($aDebitInfo)
    {
        $oStr = getStr();
        $aDebitInfo = $this->_fixAccountNumber($aDebitInfo);

        $mxValidationResult = true;

        if (!$oStr->preg_match("/^\d{5,8}$/", $aDebitInfo['lsblz'])) {
            // Bank code is invalid
            $mxValidationResult = self::INVALID_BANK_CODE;
        }

        if (true === $mxValidationResult && !$oStr->preg_match("/^\d{10,12}$/", $aDebitInfo['lsktonr'])) {
            // Account number is invalid
            $mxValidationResult = self::INVALID_ACCOUNT_NUMBER;
        }


        return $mxValidationResult;
    }

    protected function _fixAccountNumber($aDebitInfo)
    {
        $oStr = getStr();

        if ($oStr->strlen($aDebitInfo['lsktonr']) < 10) {
            $sNewNum = str_repeat(
                '0',
                10 - $oStr->strlen($aDebitInfo['lsktonr'])
            ) . $aDebitInfo['lsktonr'];
            $aDebitInfo['lsktonr'] = $sNewNum;
        }

        return $aDebitInfo;
    }

    protected function _isAllBankInformationSet($aRequiredFields, $aBankInformation)
    {
        $blResult = true;
        foreach ($aRequiredFields as $sFieldName) {
            if (!isset($aBankInformation[$sFieldName]) || !trim($aBankInformation[$sFieldName])) {
                $blResult = false;
                break;
            }
        }

        return $blResult;
    }

    protected function _cleanDebitInformation($aDebitInformation)
    {
        $aDebitInformation['lsblz'] = str_replace(' ', '', $aDebitInformation['lsblz']);
        $aDebitInformation['lsktonr'] = str_replace(' ', '', $aDebitInformation['lsktonr']);

        return $aDebitInformation;
    }

    protected function _hasRequiredParametersForVatInCheck($aInvAddress)
    {
        return $aInvAddress['oxuser__oxustid'] && $aInvAddress['oxuser__oxcountryid'] && $aInvAddress['oxuser__oxcompany'];
    }

    private function _isVATIdentificationNumberInvalid($aInvAddress, $oCountry)
    {
        return (bool) strncmp($aInvAddress['oxuser__oxustid'], $oCountry->getVATIdentificationNumberPrefix(), 2);
    }

    protected function _getVatIdValidator()
    {
        $oVatCheck = oxNew('oxOnlineVatIdCheck');

        return $oVatCheck;
    }

    public function setCompanyVatInValidator($oCompanyVatInValidator)
    {
        $this->_oCompanyVatInValidator = $oCompanyVatInValidator;
    }

    public function getCompanyVatInValidator($oCountry)
    {
        if (is_null($this->_oCompanyVatInValidator)) {

            $oVatInValidator = oxNew('oxCompanyVatInValidator', $oCountry);

            $oValidator = oxNew('oxCompanyVatInCountryChecker');

            $oVatInValidator->addChecker($oValidator);

            if (!oxRegistry::getConfig()->getConfigParam("blVatIdCheckDisabled")) {
                $oOnlineValidator = oxNew('oxOnlineVatIdCheck');
                $oVatInValidator->addChecker($oOnlineValidator);
            }

            $this->setCompanyVatInValidator($oVatInValidator);
        }

        return $this->_oCompanyVatInValidator;
    }
}