-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheck_input_function.inc.php
More file actions
executable file
·120 lines (108 loc) · 2.46 KB
/
check_input_function.inc.php
File metadata and controls
executable file
·120 lines (108 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
/*
* Check if file was called directly and error out because file should never be called directly
*/
if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])){
$_SERVER['return']['message']['error'][] = 'Something went terribly wrong :(';
echo json_encode($_SERVER['return']);
header('Status: 404 Not Found', false);
header('Location: https://lakebed.io', false);
die;
}
/*
* //function used almost everywhere to check input arguments versus allowed
*/
function check_input(
$post='',
$required='',
$optional='',
){
/*
* set error message title
*/
$title = '';
if (!empty($_SERVER['REQUEST_URI'])){
$title = trim($_SERVER['REQUEST_URI'], '/');
}
$title = "LAKEBED {$title}: ";
/*
* confirm we have data
*/
if (is_string($post)){
$post = array( $post );
}
if (!is_array($post)){
$post=array();
}
if (is_string($required)){
$required = array( $required );
}
if (!is_array($required)){
$required=array();
}
if (is_string($optional)){
$optional = array( $optional );
}
if (!is_array($optional)){
$optional=array();
}
/*
* init vars
* and set to lowercase
*/
$post = array_change_key_case($post);
$post = array_keys($post);
$post = array_combine($post, $post);
$required = array_combine($required, $required);
$required = array_change_key_case($required);
$optional = array_combine($optional, $optional);
$optional = array_change_key_case($optional);
/*
* unset security_token and CSRF since any page could/should have it
*/
unset($post['security_token'], $required['security_token'], $post['csrf'], $required['csrf']);
/*
* check required
* unset required for this check
* unset post for optional check
*/
foreach ($post AS $array_key=>$key){
if (
(!empty($required[ $key ]))
&&
($required[ $key ] = $key)
){
unset ($required[ $key ], $post[ $key ], $optional[ $key ]);
}
if (
(!empty($optional[ $key ]))
&&
($optional[ $key ] = $key)
){
unset ($required[ $key ], $post[ $key ], $optional[ $key ]);
}
}
/*
* if there's any required left over then error
*/
if (count($required)){
$required = implode(',', $required);
error_log("{$title} Query does not contain REQUIRED arguments ({$required}).");
return false;
}
/*
* if there's any post left over it means it was not in required or optional then error
*/
if (count($post)){
$post = implode(',', array_keys($post));
error_log("{$title} Query contains EXTRA ARGUMENTS ({$post}) that are not allowed.");
return false;
}
/*
* return success
*/
return true;
/*
* done //function
*/
}