From 9a48870eacbbb4ffac1adfe17439a730adaebea6 Mon Sep 17 00:00:00 2001 From: Maxim Leshchenko Date: Wed, 8 Dec 2021 20:06:05 +0200 Subject: [PATCH] Users: Validate email and Telegram account name when changing page contacts --- Web/Presenters/AuthPresenter.php | 14 ++------------ Web/Presenters/UserPresenter.php | 17 +++++++++++++++-- Web/Util/Validator.php | 26 ++++++++++++++++++++++++++ locales/en.strings | 6 ++++++ locales/ru.strings | 6 ++++++ 5 files changed, 55 insertions(+), 14 deletions(-) create mode 100644 Web/Util/Validator.php diff --git a/Web/Presenters/AuthPresenter.php b/Web/Presenters/AuthPresenter.php index 4e11f97e..b70ac035 100644 --- a/Web/Presenters/AuthPresenter.php +++ b/Web/Presenters/AuthPresenter.php @@ -6,6 +6,7 @@ use openvk\Web\Models\Entities\PasswordReset; use openvk\Web\Models\Repositories\IPs; use openvk\Web\Models\Repositories\Users; use openvk\Web\Models\Repositories\Restores; +use openvk\Web\Util\Validator; use Chandler\Session\Session; use Chandler\Security\User as ChandlerUser; use Chandler\Security\Authenticator; @@ -32,17 +33,6 @@ final class AuthPresenter extends OpenVKPresenter parent::__construct(); } - private function emailValid(string $email): bool - { - if(empty($email)) return false; - - $email = trim($email); - [$user, $domain] = explode("@", $email); - $domain = idn_to_ascii($domain) . "."; - - return checkdnsrr($domain, "MX"); - } - private function ipValid(): bool { $ip = (new IPs)->get(CONNECTING_IP); @@ -87,7 +77,7 @@ final class AuthPresenter extends OpenVKPresenter if(!$this->ipValid()) $this->flashFail("err", "Подозрительная попытка регистрации", "Вы пытались зарегистрироваться из подозрительного места."); - if(!$this->emailValid($this->postParam("email"))) + if(!Validator::i()->emailValid($this->postParam("email"))) $this->flashFail("err", "Неверный email адрес", "Email, который вы ввели, не является корректным."); if (strtotime($this->postParam("birthday")) > time()) diff --git a/Web/Presenters/UserPresenter.php b/Web/Presenters/UserPresenter.php index bef3812f..e2cc1f91 100644 --- a/Web/Presenters/UserPresenter.php +++ b/Web/Presenters/UserPresenter.php @@ -9,6 +9,7 @@ use openvk\Web\Models\Repositories\Albums; use openvk\Web\Models\Repositories\Videos; use openvk\Web\Models\Repositories\Notes; use openvk\Web\Models\Repositories\Vouchers; +use openvk\Web\Util\Validator; use Chandler\Security\Authenticator; use lfkeitel\phptotp\{Base32, Totp}; use chillerlan\QRCode\{QRCode, QROptions}; @@ -158,8 +159,20 @@ final class UserPresenter extends OpenVKPresenter $this->flashFail("err", tr("error_segmentation"), "котлетки: Remote err!"); } } elseif($_GET['act'] === "contacts") { - $user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact")); - $user->setTelegram(empty($this->postParam("telegram")) ? NULL : ltrim($this->postParam("telegram"), "@")); + if(empty($this->postParam("email_contact")) || Validator::i()->emailValid($this->postParam("email_contact"))) + $user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact")); + else + $this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment")); + + $telegram = $this->postParam("telegram"); + if(empty($telegram) || Validator::i()->telegramValid($telegram)) + if(strpos($telegram, "t.me/") === 0) + $user->setTelegram(empty($telegram) ? NULL : substr($telegram, 5)); + else + $user->setTelegram(empty($telegram) ? NULL : ltrim($telegram, "@")); + else + $this->flashFail("err", tr("invalid_telegram_name"), tr("invalid_telegram_name_comment")); + $user->setCity(empty($this->postParam("city")) ? NULL : $this->postParam("city")); $user->setAddress(empty($this->postParam("address")) ? NULL : $this->postParam("address")); diff --git a/Web/Util/Validator.php b/Web/Util/Validator.php new file mode 100644 index 00000000..50a2f345 --- /dev/null +++ b/Web/Util/Validator.php @@ -0,0 +1,26 @@ + 64) return false; + $domain = idn_to_ascii($domain) . "."; + + return checkdnsrr($domain, "MX"); + } + + function telegramValid(string $telegram): bool + { + return (bool) preg_match("/^(?:t.me\/|@)?([a-zA-Z0-9]{0,32})$/", $telegram); + } + + use TSimpleSingleton; +} diff --git a/locales/en.strings b/locales/en.strings index 7536d8f4..046f36be 100644 --- a/locales/en.strings +++ b/locales/en.strings @@ -561,6 +561,12 @@ "shared_succ" = "The post will appear on your wall. Click on the notification to go to your wall."; +"invalid_email_address" = "Invalid Email address"; +"invalid_email_address_comment" = "The Email you entered is not correct."; + +"invalid_telegram_name" = "Invalid Telegram account name"; +"invalid_telegram_name_comment" = "The Telegram account name you entered is not correct."; + /* Admin actions */ "login_as" = "Login as $1"; diff --git a/locales/ru.strings b/locales/ru.strings index f657d5da..34b3ee64 100644 --- a/locales/ru.strings +++ b/locales/ru.strings @@ -586,6 +586,12 @@ "shared_succ" = "Запись появится на вашей стене. Нажмите на уведомление, чтобы перейти к своей стене."; +"invalid_email_address" = "Неверный Email адрес"; +"invalid_email_address_comment" = "Email, который вы ввели, не является корректным."; + +"invalid_telegram_name" = "Неверное имя Telegram аккаунта"; +"invalid_telegram_name_comment" = "Вы ввели неверное имя аккаунта Telegram."; + /* Admin actions */ "login_as" = "Войти как $1";