diff --git a/app/Controllers/AdminController.php b/app/Controllers/AdminController.php index c8230e13..15b5943c 100644 --- a/app/Controllers/AdminController.php +++ b/app/Controllers/AdminController.php @@ -102,7 +102,7 @@ class AdminController extends BaseController $action = isset($_GET['action']) ? $_GET['action'] : ""; if ($action == "color") { - Utils::checkPost(['color_scheme']); + Validate::checkPost(['color_scheme']); $color_scheme = str_replace('_', '-', $_POST['color_scheme']); \Option::set('color_scheme', $color_scheme); @@ -118,7 +118,7 @@ class AdminController extends BaseController throw new E('用户不存在', 1); if ($action == "email") { - Utils::checkPost(['email']); + Validate::checkPost(['email']); if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { View::json('邮箱格式错误', 3); @@ -128,7 +128,7 @@ class AdminController extends BaseController View::json('邮箱修改成功', 0); } if ($action == "nickname") { - Utils::checkPost(['nickname']); + Validate::checkPost(['nickname']); if (Utils::convertString($_POST['nickname']) != $_POST['nickname']) View::json('无效的昵称。昵称中包含了奇怪的字符。', 1); @@ -137,15 +137,15 @@ class AdminController extends BaseController View::json('昵称已成功设置为 '.$_POST['nickname'], 0); } else if ($action == "password") { - Utils::checkPost(['password']); + Validate::checkPost(['password']); - if (\Validate::checkValidPwd($_POST['password'])) { + if (\Validate::password($_POST['password'])) { if ($user->changePasswd($_POST['password'])) View::json('密码修改成功', 0); } } else if ($action == "score") { - Utils::checkPost(['score']); + Validate::checkPost(['score']); if ($user->setScore($_POST['score'])) View::json('积分修改成功', 0); @@ -205,7 +205,7 @@ class AdminController extends BaseController $player = new Player(Utils::getValue('pid', $_POST)); if ($action == "preference") { - Utils::checkPost(['preference']); + Validate::checkPost(['preference']); if ($_POST['preference'] != "default" && $_POST['preference'] != "slim") View::json('无效的参数', 0); @@ -214,7 +214,7 @@ class AdminController extends BaseController View::json('角色 '.$player->player_name.' 的优先模型已更改至 '.$_POST['preference'], 0); } elseif ($action == "texture") { - Utils::checkPost(['model', 'tid']); + Validate::checkPost(['model', 'tid']); if ($_POST['model'] != "steve" && $_POST['model'] != "alex" && $_POST['model'] != "cape") View::json('无效的参数', 0); @@ -226,7 +226,7 @@ class AdminController extends BaseController View::json('角色 '.$player->player_name.' 的材质修改成功', 0); } elseif ($action == "owner") { - Utils::checkPost(['uid']); + Validate::checkPost(['uid']); if (!is_numeric($_POST['uid'])) View::json('无效的参数', 0); diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 47be47f9..145ed239 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -7,6 +7,7 @@ use App\Models\UserModel; use App\Exceptions\E; use Mail; use View; +use Utils; use Option; class AuthController extends BaseController @@ -20,8 +21,8 @@ class AuthController extends BaseController { $user = new User($_POST['email']); - if (\Utils::getValue('login_fails', $_SESSION) > 3) { - if (strtolower(\Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) + if (Utils::getValue('login_fails', $_SESSION) > 3) { + if (strtolower(Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) View::json('验证码填写错误', 1); } @@ -75,14 +76,14 @@ class AuthController extends BaseController public function handleRegister() { - if (strtolower(\Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) + if (strtolower(Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) View::json('验证码填写错误', 1); $user = new User($_POST['email']); if (!$user->is_registered) { if (Option::get('user_can_register') == 1) { - if (\Validate::checkValidPwd($_POST['password'])) { + if (\Validate::password($_POST['password'])) { // If amount of registered accounts of IP is more than allowed mounts, // then reject the registration. if (count(UserModel::where('ip', \Http::getRealIP())->get()) < Option::get('regs_per_ip')) { @@ -119,7 +120,7 @@ class AuthController extends BaseController public function handleForgot() { - if (strtolower(\Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) + if (strtolower(Utils::getValue('captcha', $_POST)) != strtolower($_SESSION['phrase'])) View::json('验证码填写错误', 1); if ($_ENV['MAIL_HOST'] == "") @@ -140,7 +141,7 @@ class AuthController extends BaseController ->subject('重置您在 '.Option::get('site_name').' 上的账户密码'); $uid = $user->uid; - $token = base64_encode($user->getToken().substr(time(), 4, 6).\Utils::generateRndString(16)); + $token = base64_encode($user->getToken().substr(time(), 4, 6).Utils::generateRndString(16)); $url = Option::get('site_url')."/auth/reset?uid={$uid}&token=$token"; $content = View::make('auth.mail')->with('reset_url', $url)->render(); @@ -182,9 +183,9 @@ class AuthController extends BaseController public function handleReset() { - \Utils::checkPost(['uid', 'password']); + \Validate::checkPost(['uid', 'password']); - if (\Validate::checkValidPwd($_POST['password'])) { + if (\Validate::password($_POST['password'])) { $user = new User('', $_POST['uid']); $user->changePasswd($_POST['password']); diff --git a/app/Controllers/ClosetController.php b/app/Controllers/ClosetController.php index 07848554..aa41ed41 100644 --- a/app/Controllers/ClosetController.php +++ b/app/Controllers/ClosetController.php @@ -44,7 +44,7 @@ class ClosetController extends BaseController public function add() { - \Utils::checkPost(['tid', 'name']); + \Validate::checkPost(['tid', 'name']); if ($this->closet->add($_POST['tid'], $_POST['name'])) { $t = Texture::find($_POST['tid']); diff --git a/app/Controllers/PlayerController.php b/app/Controllers/PlayerController.php index f73d3f81..877111ec 100644 --- a/app/Controllers/PlayerController.php +++ b/app/Controllers/PlayerController.php @@ -36,7 +36,7 @@ class PlayerController extends BaseController if (!isset($player_name)) View::json('你还没有填写要添加的角色名哦', 1); - if (!\Validate::checkValidPlayerName($player_name)) + if (!\Validate::playerName($player_name)) { $msg = "无效的角色名。角色名只能包含" . ((Option::get('allow_chinese_playername') == "1") ? "汉字、" : "")."字母、数字以及下划线"; View::json($msg, 2); @@ -85,7 +85,7 @@ class PlayerController extends BaseController if (!$new_player_name) throw new E('Invalid parameters', 1); - if (!\Validate::checkValidPlayerName($new_player_name)) + if (!\Validate::playerName($new_player_name)) { $msg = "无效的角色名。角色名只能包含" . ((Option::get('allow_chinese_playername') == "1") ? "汉字、" : "")."字母、数字以及下划线"; View::json($msg, 2); diff --git a/app/Controllers/SkinlibController.php b/app/Controllers/SkinlibController.php index 80db98fa..42bb8a09 100644 --- a/app/Controllers/SkinlibController.php +++ b/app/Controllers/SkinlibController.php @@ -169,7 +169,7 @@ class SkinlibController extends BaseController public function delete() { - \Utils::checkPost(['tid']); + \Validate::checkPost(['tid']); $result = Texture::find($_POST['tid']); @@ -208,8 +208,8 @@ class SkinlibController extends BaseController } public function rename() { - \Utils::checkPost(['tid', 'new_name']); - \Validate::checkValidTextureName($_POST['new_name']); + \Validate::checkPost(['tid', 'new_name']); + \Validate::textureName($_POST['new_name']); $t = Texture::find($_POST['tid']); @@ -227,7 +227,7 @@ class SkinlibController extends BaseController private function checkUpload($type) { - \Validate::checkValidTextureName(Utils::getValue('name', $_POST)); + \Validate::textureName(Utils::getValue('name', $_POST)); if (!Utils::getValue('file', $_FILES)) View::json('你还没有选择任何文件哟', 1); diff --git a/app/Controllers/UserController.php b/app/Controllers/UserController.php index 6a571e31..7ad9866b 100644 --- a/app/Controllers/UserController.php +++ b/app/Controllers/UserController.php @@ -11,12 +11,12 @@ use View; class UserController extends BaseController { private $action = ""; - private $user = null; + private $user = null; function __construct() { $this->action = isset($_GET['action']) ? $_GET['action'] : ""; - $this->user = new User($_SESSION['email']); + $this->user = new User($_SESSION['email']); } public function index() @@ -62,7 +62,7 @@ class UserController extends BaseController if (!$this->user->checkPasswd($_POST['current_password'])) View::json('原密码错误', 1); - if (\Validate::checkValidPwd($_POST['new_password'])) { + if (\Validate::password($_POST['new_password'])) { if ($this->user->changePasswd($_POST['new_password'])) View::json('密码修改成功,请重新登录', 0); } diff --git a/app/Middlewares/CheckPostMiddleware.php b/app/Middlewares/CheckPostMiddleware.php index bc16530d..bec717fb 100644 --- a/app/Middlewares/CheckPostMiddleware.php +++ b/app/Middlewares/CheckPostMiddleware.php @@ -13,7 +13,7 @@ class CheckPostMiddleware implements IMiddleware public function handle(Request $request) { if (isset($_POST['email']) && $_POST['email'] != "") { - if (!Validate::checkValidEmail($_POST['email'])) { + if (!Validate::email($_POST['email'])) { View::json('邮箱格式错误', 3); } diff --git a/app/Services/Utils.php b/app/Services/Utils.php index 2cde38e1..1f35e7b7 100644 --- a/app/Services/Utils.php +++ b/app/Services/Utils.php @@ -21,7 +21,7 @@ class Utils * * @param string $key * @param array $array - * @return object + * @return string|boolean */ public static function getValue($key, $array) { if (array_key_exists($key, $array)) { @@ -52,12 +52,4 @@ class Utils return ($timestamp == 0) ? date('Y-m-d H:i:s') : date('Y-m-d H:i:s', $timestamp); } - public static function checkPost(Array $keys) - { - foreach ($keys as $key) { - if (!isset($_POST[$key])) - throw new E('Invalid parameters.', 1); - } - } - } diff --git a/app/Services/Validate.php b/app/Services/Validate.php index 09d57371..e8ee512c 100644 --- a/app/Services/Validate.php +++ b/app/Services/Validate.php @@ -6,19 +6,33 @@ use App\Exceptions\E; class Validate { - public static function checkValidEmail($email) + /** + * Check POST values in a simple way + * + * @param array $keys + * @return void + */ + public static function checkPost(Array $keys) + { + foreach ($keys as $key) { + if (!isset($_POST[$key])) + throw new E('Invalid parameters.', 1); + } + } + + public static function email($email) { return filter_var($email, FILTER_VALIDATE_EMAIL); } - public static function checkValidPlayerName($player_name) + public static function playerName($player_name) { $regx = (Option::get('allow_chinese_playername') == "1") ? "/^([A-Za-z0-9\x{4e00}-\x{9fa5}_]+)$/u" : "/^([A-Za-z0-9_]+)$/"; return preg_match($regx, $player_name); } - public static function checkValidTextureName($texture_name) + public static function textureName($texture_name) { if (strlen($texture_name) > 32 || strlen($texture_name) < 1) { throw new E('无效的材质名称。材质名长度应该小于 32。', 2); @@ -28,11 +42,11 @@ class Validate return true; } - public static function checkValidPwd($passwd) + public static function password($password) { - if (strlen($passwd) > 16 || strlen($passwd) < 8) { + if (strlen($password) > 16 || strlen($password) < 8) { throw new E('无效的密码。密码长度应该大于 8 并小于 16。', 2); - } else if (Utils::convertString($passwd) != $passwd) { + } else if (Utils::convertString($password) != $password) { throw new E('无效的密码。密码中包含了奇怪的字符。', 2); } return true;