|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
tangfucius Smarty Rookie
Joined: 30 Sep 2004 Posts: 16
|
Posted: Fri Jun 10, 2005 1:52 pm Post subject: SmartyValidate isUnique plugin |
|
|
I've been using SmartyValidate since version 1, and there's been a LOT of wonderful changes/bug fixes, specifically those for version 2.x.
Here goes a personal plugin: isUnique
very often during a website's signup/registration process, you need to check if an username or email is already taken by someone else in a database table, and most of the time you just have to write a function to query that table.
This, in my opinion, can very likely be classified as data validation. Assuming you are using SmartyValidate for data validation, it would be inconsistent to use SmartyValidate for most of your data validation and having to write another block of codes outside of SmartyValidate to validate if a username/email address already exists in a database. So here is the isUnique plugin, feed the form field name, the table name, and the name of the column you want to check on, and the validator will tell you if it's Unique or not.
Sample Usage:
Code: | <?php
session_start();
// you will need to setup Smarty if
// the defaults are not correct.
require('Smarty.class.php');
require('SmartyValidate.class.php');
$smarty =& new Smarty;
if(empty($_POST)) {
// new form, we (re)set the session data
SmartyValidate::connect($smarty, true);
// register our validators
SmartyValidate::register_validator('username_isunique', 'username:users_table:username_column', 'isUnique', true);
// display form
$smarty->display('form.tpl');
} else {
// validate after a POST
SmartyValidate::connect($smarty);
if(SmartyValidate::is_valid($_POST)) {
// no errors, done with SmartyValidate
SmartyValidate::disconnect();
$smarty->display('success.tpl');
} else {
// error, redraw the form
$smarty->assign($_POST);
$smarty->display('form.tpl');
}
}
?> |
Code: | <?
/**
* validate_criteria.isUnique.php
*
* @author Yi Tang
* @package SmartyValidate plugins
* @copyright 2005
* @version 1.0
*/
/**
* test if a value is unique in for a column in specific table
*
* @param string $value the value being tested
* @param boolean $empty if field can be empty
* @param array params validate parameter values
* @param array formvars form var values
*/
function smarty_validate_criteria_isUnique($value, $empty, &$params, &$formvars) {
if( strlen($value) != 0 )
{
//clean up $params
$value = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $value) );
$params['field2'] = ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field2']);
$params['field3'] = ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field3']);
$params['field4'] = ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field4']);
$params['field5'] = ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field5']);
//addslashes if magic quotes is off
if( !get_magic_quotes_gpc() )
{
$params['field2'] = addslashes( $params['field2'] );
$params['field3'] = addslashes( $params['field3'] );
$params['field4'] = addslashes( $params['field4'] );
$params['field5'] = addslashes( $params['field5'] );
}
//check on required $params
if( !empty( $params['field2'] ) && !empty( $params['field3'] ) )
{
$sql = 'SELECT '.$params['field3'].' FROM '.$params['field2']
.' WHERE '.$params['field3'].' = \''.$value.'\'';
//check if a primary key column and value are supplied for self-exclusive checking
if( !empty( $params['field4'] ) && !empty( $params['field5'] ) )
{
$sql .= ' AND '.$params['field4'].' != \''.$params['field5'].'\'';
}
//run the query
if( false != ( $result = mysql_query($sql) ) )
{
return !mysql_num_rows($result);
}
else
{
return false;
}
}
else
{
trigger_error('Missing table and field');
return false;
}
}
else
{
return $empty;
}
}
?> |
Last edited by tangfucius on Fri Jun 10, 2005 5:44 pm; edited 1 time in total |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri Jun 10, 2005 2:51 pm Post subject: |
|
|
Nice addon tangfucius,
Of course you would write a SmartyValidate criteria to handle something like username uniqueness. SmartyValidate doesn't ship with one because of variety of requirements necessary. Your plugin handles the database/table/column name, but doesn't cover the situation where you want to test for a unique username other than the given users' username.
For instance, you edit a user profile and it tests if the username is taken. You don't want to include the username of that user in the validation test, so you need another column (like user id) to use for exclusion.
So basically, write yourself a criteria function that fits the bill
Last edited by mohrt on Fri Jun 10, 2005 3:12 pm; edited 1 time in total |
|
Back to top |
|
tangfucius Smarty Rookie
Joined: 30 Sep 2004 Posts: 16
|
Posted: Fri Jun 10, 2005 3:08 pm Post subject: |
|
|
very good point.
the plugin was written based on the situation where you do not allow change of usernames in a website, however as pointed out in the reply, this has some limitations. Nevertheless here goes the re-vision that does what mohrt suggested, just so that some users might make use of it.
sample usage:
Code: | <?php
session_start();
// you will need to setup Smarty if
// the defaults are not correct.
require('Smarty.class.php');
require('SmartyValidate.class.php');
$smarty =& new Smarty;
if(empty($_POST)) {
// new form, we (re)set the session data
SmartyValidate::connect($smarty, true);
// register our validators
SmartyValidate::register_validator('username_isunique', 'username:users_table:username_column:optional_primary_key_column:optional_primary_key_value', 'isUnique', true);
// display form
$smarty->display('form.tpl');
} else {
// validate after a POST
SmartyValidate::connect($smarty);
if(SmartyValidate::is_valid($_POST)) {
// no errors, done with SmartyValidate
SmartyValidate::disconnect();
$smarty->display('success.tpl');
} else {
// error, redraw the form
$smarty->assign($_POST);
$smarty->display('form.tpl');
}
}
?> |
validate_criteria.isUnique.php:
Code: | <?
/**
* validate_criteria.isUnique.php
*
* @author Yi Tang
* @package SmartyValidate plugins
* @copyright 2005
* @version 1.0
*/
/**
* test if a value is unique in for a column in specific table
*
* @param string $value the value being tested
* @param boolean $empty if field can be empty
* @param array params validate parameter values
* @param array formvars form var values
*/
function smarty_validate_criteria_isUnique($value, $empty, &$params, &$formvars) {
if( strlen($value) != 0 )
{
//check on required $params
if( !empty( $params['field2'] ) && !empty( $params['field3'] ) )
{
$sql = 'SELECT * FROM '.$params['field2'].' WHERE '.$params['field3'].' = \''.$value.'\'';
//check if a primary key column and value are supplied for self-exclusive checking
if( !empty( $params['field4'] ) && !empty( $params['field5'] ) )
{
$sql .= ' AND '.$params['field4'].' != \''.$params['field5'].'\'';
}
//run the query
if( false != ( $result = mysql_query($sql) ) )
{
return !mysql_num_rows($result);
}
else
{
return false;
}
}
else
{
trigger_error('Missing table and field');
return false;
}
}
else
{
return $empty;
}
}
?>
|
|
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri Jun 10, 2005 3:16 pm Post subject: |
|
|
One more thing, you might want to think about SQL injection attacks, what if the username has a single quote?
[php:1:468fd03091]$sql = sprintf("SELECT * FROM %s where %s = '%s'",
preg_replace('!\W!','',$params['field2']),
preg_replace('!\W!','',$params['field3']),
mysql_escape_string($value));[/php:1:468fd03091] |
|
Back to top |
|
tangfucius Smarty Rookie
Joined: 30 Sep 2004 Posts: 16
|
Posted: Fri Jun 10, 2005 3:35 pm Post subject: |
|
|
good point again. However this plugin is used to validate uniqueness, not autheticate permissions, there is not much security involved. Single quotes,
good point, although usernames shouldn't allow single quotes to start with,
it's still a good point as I'm trying to make this plugin universal.
Three easy fixes for the two points mohrt pointed out,
changed "SELECT * FROM" to "SELECT ".$params['field3']." FROM"
--this way it only returns the column field being validated on no matter what,
even if there is sql injection, they get nothing but the column being validated against.
--strip out all possible injection attacks
--addslashes on all $params and $value
this goes the result, any suggestion welcome:
Code: | <?
/**
* validate_criteria.isUnique.php
*
* @author Yi Tang
* @package SmartyValidate plugins
* @copyright 2005
* @version 1.0
*/
/**
* test if a value is unique in for a column in specific table
*
* @param string $value the value being tested
* @param boolean $empty if field can be empty
* @param array params validate parameter values
* @param array formvars form var values
*/
function smarty_validate_criteria_isUnique($value, $empty, &$params, &$formvars) {
if( strlen($value) != 0 )
{
//clean up $params
$value = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $value) );
$params['field2'] = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field2']) );
$params['field3'] = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field3']) );
$params['field4'] = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field4']) );
$params['field5'] = addslashes( ereg_replace("[^a-zA-Z0-9*_.-\']", '', $params['field5']) );
//check on required $params
if( !empty( $params['field2'] ) && !empty( $params['field3'] ) )
{
$sql = 'SELECT '.$params['field3'].' FROM '.$params['field2']
.' WHERE '.$params['field3'].' = \''.$value.'\'';
//check if a primary key column and value are supplied for self-exclusive checking
if( !empty( $params['field4'] ) && !empty( $params['field5'] ) )
{
$sql .= ' AND '.$params['field4'].' != \''.$params['field5'].'\'';
}
//run the query
if( false != ( $result = mysql_query($sql) ) )
{
return !mysql_num_rows($result);
}
else
{
return false;
}
}
else
{
trigger_error('Missing table and field');
return false;
}
}
else
{
return $empty;
}
}
?> |
|
|
Back to top |
|
Tanmaya Smarty n00b
Joined: 26 Jun 2008 Posts: 1
|
Posted: Thu Jun 26, 2008 10:01 am Post subject: isunique doubt |
|
|
hiii
it was yet relif to see your code but i am getting some error
if you could plpz help me out in this :
SmartyValidate: [is_valid] criteria function 'isUnique' was not found. in W:\www\faceimage\libs\SmartyValidate.class.php on line 592
Code: |
////testuuseexit.php/////////////
<form name="form1" method="post" action="testuuseexi.php">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<th scope="col"> </th>
<th scope="col"> </th>
<th scope="col"> </th>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
<td> </td>
</tr>
<tr>
<th scope="row">username{validate id="username_isunique" message="<font color='#FF0000' size='-6'>Please enter your full name</font> "}</th>
<td><input type="text" name="txtunm" id="txtunm"></td>
<td> </td>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
<td> </td>
</tr>
<tr>
<th scope="row"> </th>
<td><input type="submit" name="btnsub" id="btnsub" value="Submit"></td>
<td> </td>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
<td> </td>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
<td> </td>
</tr>
<tr>
<th scope="row"> </th>
<td> </td>
<td> </td>
</tr>
</table>
</form>
////////testuuseexit.php/////
<?php
session_start();
// you will need to setup Smarty if
// the defaults are not correct.
require('libs/Smarty.class.php');
require('libs/SmartyValidate.class.php');
$smarty =& new Smarty;
if(empty($_POST)) {
// new form, we (re)set the session data
SmartyValidate::connect($smarty, true);
// register our validators
SmartyValidate::register_validator('username_isunique', 'txtunm:tbluser:username', 'isUnique', true);
// display form
$smarty->display('testuuseexit.tpl');
} else {
// validate after a POST
SmartyValidate::connect($smarty);
if(SmartyValidate::is_valid($_POST)) {
// no errors, done with SmartyValidate
SmartyValidate::disconnect();
$smarty->display('success.tpl');
} else {
// error, redraw the form
$smarty->assign($_POST);
$smarty->display('testuuseexit.tpl');
}
}
?>
|
i think there may be some mistakes but i couldnot find it out
is there some thing to be changed in the SmartyValidate.php
As i am new to this smarty i could not figure it out
Thanks |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|