Users: Validate email and Telegram account name when changing page contacts

This commit is contained in:
Maxim Leshchenko 2021-12-08 20:06:05 +02:00
parent 863a3b1c89
commit 9a48870eac
No known key found for this signature in database
GPG key ID: BB9C44A8733FBEEE
5 changed files with 55 additions and 14 deletions

View file

@ -6,6 +6,7 @@ use openvk\Web\Models\Entities\PasswordReset;
use openvk\Web\Models\Repositories\IPs;
use openvk\Web\Models\Repositories\Users;
use openvk\Web\Models\Repositories\Restores;
use openvk\Web\Util\Validator;
use Chandler\Session\Session;
use Chandler\Security\User as ChandlerUser;
use Chandler\Security\Authenticator;
@ -32,17 +33,6 @@ final class AuthPresenter extends OpenVKPresenter
parent::__construct();
}
private function emailValid(string $email): bool
{
if(empty($email)) return false;
$email = trim($email);
[$user, $domain] = explode("@", $email);
$domain = idn_to_ascii($domain) . ".";
return checkdnsrr($domain, "MX");
}
private function ipValid(): bool
{
$ip = (new IPs)->get(CONNECTING_IP);
@ -87,7 +77,7 @@ final class AuthPresenter extends OpenVKPresenter
if(!$this->ipValid())
$this->flashFail("err", "Подозрительная попытка регистрации", "Вы пытались зарегистрироваться из подозрительного места.");
if(!$this->emailValid($this->postParam("email")))
if(!Validator::i()->emailValid($this->postParam("email")))
$this->flashFail("err", "Неверный email адрес", "Email, который вы ввели, не является корректным.");
if (strtotime($this->postParam("birthday")) > time())

View file

@ -9,6 +9,7 @@ use openvk\Web\Models\Repositories\Albums;
use openvk\Web\Models\Repositories\Videos;
use openvk\Web\Models\Repositories\Notes;
use openvk\Web\Models\Repositories\Vouchers;
use openvk\Web\Util\Validator;
use Chandler\Security\Authenticator;
use lfkeitel\phptotp\{Base32, Totp};
use chillerlan\QRCode\{QRCode, QROptions};
@ -158,8 +159,20 @@ final class UserPresenter extends OpenVKPresenter
$this->flashFail("err", tr("error_segmentation"), "котлетки: Remote err!");
}
} elseif($_GET['act'] === "contacts") {
if(empty($this->postParam("email_contact")) || Validator::i()->emailValid($this->postParam("email_contact")))
$user->setEmail_Contact(empty($this->postParam("email_contact")) ? NULL : $this->postParam("email_contact"));
$user->setTelegram(empty($this->postParam("telegram")) ? NULL : ltrim($this->postParam("telegram"), "@"));
else
$this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment"));
$telegram = $this->postParam("telegram");
if(empty($telegram) || Validator::i()->telegramValid($telegram))
if(strpos($telegram, "t.me/") === 0)
$user->setTelegram(empty($telegram) ? NULL : substr($telegram, 5));
else
$user->setTelegram(empty($telegram) ? NULL : ltrim($telegram, "@"));
else
$this->flashFail("err", tr("invalid_telegram_name"), tr("invalid_telegram_name_comment"));
$user->setCity(empty($this->postParam("city")) ? NULL : $this->postParam("city"));
$user->setAddress(empty($this->postParam("address")) ? NULL : $this->postParam("address"));

26
Web/Util/Validator.php Normal file
View file

@ -0,0 +1,26 @@
<?php declare(strict_types=1);
namespace openvk\Web\Util;
use Chandler\Patterns\TSimpleSingleton;
class Validator
{
function emailValid(string $email): bool
{
if(empty($email)) return false;
$email = trim($email);
[$user, $domain] = explode("@", $email);
if(is_null($domain)) return false;
if(iconv_strlen($user) > 64) return false;
$domain = idn_to_ascii($domain) . ".";
return checkdnsrr($domain, "MX");
}
function telegramValid(string $telegram): bool
{
return (bool) preg_match("/^(?:t.me\/|@)?([a-zA-Z0-9]{0,32})$/", $telegram);
}
use TSimpleSingleton;
}

View file

@ -561,6 +561,12 @@
"shared_succ" = "The post will appear on your wall. Click on the notification to go to your wall.";
"invalid_email_address" = "Invalid Email address";
"invalid_email_address_comment" = "The Email you entered is not correct.";
"invalid_telegram_name" = "Invalid Telegram account name";
"invalid_telegram_name_comment" = "The Telegram account name you entered is not correct.";
/* Admin actions */
"login_as" = "Login as $1";

View file

@ -586,6 +586,12 @@
"shared_succ" = "Запись появится на вашей стене. Нажмите на уведомление, чтобы перейти к своей стене.";
"invalid_email_address" = "Неверный Email адрес";
"invalid_email_address_comment" = "Email, который вы ввели, не является корректным.";
"invalid_telegram_name" = "Неверное имя Telegram аккаунта";
"invalid_telegram_name_comment" = "Вы ввели неверное имя аккаунта Telegram.";
/* Admin actions */
"login_as" = "Войти как $1";