mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 13:59:29 +00:00
163 lines
3.5 KiB
PHP
163 lines
3.5 KiB
PHP
<?php
|
|
/**
|
|
* Requests functions
|
|
*
|
|
* @author Pierre HUBERT
|
|
*/
|
|
|
|
/**
|
|
* Check $_POST parametres associated to a request
|
|
*
|
|
* @param Array $varList The list of variables to check
|
|
* @return Boolean True or false depending of the success of the operation
|
|
*/
|
|
function check_post_parametres(array $varList){
|
|
|
|
//Check each fields
|
|
foreach($varList as $process){
|
|
|
|
//Check variable existence
|
|
if(!isset($_POST[$process]))
|
|
return false; //The variable does not exists
|
|
|
|
//Check variable content
|
|
if($_POST[$process] == "")
|
|
return false; //The variable is empty
|
|
|
|
}
|
|
|
|
//If we arrive there, it is a success
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Convert a list of numbers (anything with IDs) comma-separated to an array
|
|
*
|
|
* @param String $list The input list
|
|
* @return Array The list of user / an empty list in case of errors
|
|
*/
|
|
function numbers_list_to_array($list) : array{
|
|
//Split the list into an array
|
|
$array = explode(",", $list);
|
|
$usersList = array();
|
|
|
|
foreach($array as $process){
|
|
|
|
//Check the entry is valid
|
|
if(toInt($process) < 1)
|
|
//return array();
|
|
continue; //Ignore entry
|
|
|
|
//Add the entry to the list
|
|
$usersList[toInt($process)] = toInt($process);
|
|
}
|
|
|
|
//Return the result
|
|
return $usersList;
|
|
}
|
|
|
|
/**
|
|
* Securely transform user given number (mixed) to integer (int)
|
|
*
|
|
* @param Mixed $input The input variable (mixed)
|
|
* @return Integer $output The output (safe integer)
|
|
*/
|
|
function toInt($input){
|
|
return floor($input*1);
|
|
}
|
|
|
|
/**
|
|
* Remove HTML markup codes (<, >)
|
|
*
|
|
* @param String $input The string to change
|
|
* @return String The updated string
|
|
*/
|
|
function removeHTMLnodes($input){
|
|
$output = str_replace("<", "<", $input);
|
|
return str_replace(">", ">", $output);
|
|
}
|
|
|
|
/**
|
|
* Check a string before inserting it
|
|
*
|
|
* @param String $string The string to check
|
|
* @return Boolean True if the string is valid / false else
|
|
*/
|
|
function check_string_before_insert($string){
|
|
|
|
//First, empty string are invalid
|
|
if($string == "")
|
|
return false;
|
|
|
|
//Remove HTML tags before continuing
|
|
$string = str_replace(array("<", ">"), "", $string);
|
|
|
|
//Check string size
|
|
if(strlen($string)<3)
|
|
return false;
|
|
|
|
//Check if the string has at least three different characters
|
|
if(strlen(count_chars($string,3)) < 3)
|
|
return false;
|
|
|
|
//Success
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Make a string safe to be used to perform a query on a database
|
|
*
|
|
* @param string $input The string to process
|
|
* @return string The result string
|
|
*/
|
|
function safe_for_sql(string $input) : string {
|
|
|
|
//Perform safe adapation
|
|
$input = str_ireplace("\\", "\\\\", $input);
|
|
$input = str_ireplace("'", "\\'", $input);
|
|
$input = str_ireplace('"', "\\\"", $input);
|
|
|
|
return $input;
|
|
|
|
}
|
|
|
|
/**
|
|
* Check a given user ID
|
|
*
|
|
* @param int $userID The user ID to check
|
|
* @return bool True if userID is valid, false else
|
|
*/
|
|
function check_user_id(int $userID) : bool {
|
|
|
|
if($userID < 1)
|
|
return false; //Invalid
|
|
|
|
return true; //Valid
|
|
}
|
|
|
|
/**
|
|
* Get userID posted in a request and return it if there
|
|
* isn't any error
|
|
*
|
|
* @param string $name Optionnal, the name of the post field
|
|
* @return int User ID
|
|
* @throws RestError in case of error
|
|
*/
|
|
function getPostUserID(string $name = "userID") : int {
|
|
|
|
//Get userID post
|
|
if(!isset($_POST[$name]))
|
|
Rest_fatal_error(400, "Please specify a userID in '".$name."' !");
|
|
|
|
$userID = toInt($_POST[$name]);
|
|
|
|
//Check userID validity
|
|
if(!check_user_id($userID))
|
|
Rest_fatal_error(400, "Invalid userID in '".$name."' !");
|
|
|
|
//Check if user exits
|
|
if(!CS::get()->components->user->exists($userID))
|
|
Rest_fatal_error(404, "Specified user in '".$name."' not found !");
|
|
|
|
return $userID;
|
|
} |