Class: MailFormRule

  • Package: saf.MailForm
  • Author: John Luxford <lux@simian.ca>
  • Copyright: Copyright (C) 2001-2003, Simian Systems Inc.
  • License: http://www.sitellite.org/index/license Simian Open Software License
  • Version: 2.0, 2002-10-12, $Id: Rule.php,v 1.5 2007/10/06 00:06:30 lux Exp $
  • Access: public

Handles validation of form fields for the MailForm package.

Rule Format:

type "value"

Validation Rules:
- is "value"
- contains "some value"
- regex "some regex"
- equals "anotherfield"
- empty
- length "6+" (eg: 6, 6+, 6-12, 12-)
- gt "value"
- ge "value"
- lt "value"
- le "value"
- func "func_name" (or function "func_name")
- unique "dbtablename.columnname"
- exists "path/to/directory"
- numeric
- email
- header

Note: Any rule may be negated by preceeding it with a 'not', for example:
- not empty
- not contains "some value"

New in 1.2:
- Added a 'unique' rule, which compares the value against a specified field
in a database table.
- Fixed a bug in the 'length' rule evaluation.

New in 1.4:
- Added 'exists' and 'not exists' rules, which checks if the value given
exists (or doesn't) as a file name in the path provided by the rule.

New in 1.6:
- Abstracted 'not empty' and 'not exists' so that 'not' now negates any
rule, and 'empty' and 'exists' are ordinary rules now. This required
the addition of two new methods, _validate(), and _validateNegated(),
and a new $negated property.

New in 1.8:
- Added warning notices when rules fail the syntax parser.
- Added new rule type "numeric", which checks the data type of the value
to see whether it is a valid number or not.

New in 2.0:
- New rules: 'email' and 'header' which help prevent form abuse by spammers.
'email' checks that it is a valid email, and 'header' checks that there
are no newlines in the field so that it can't pass extra headers to your
mail() function.


Usage Example


<?php

$widget = new MF_Widget ('name');
$widget->addRule ('is "foo"''You must enter "foo" to pass!');

// note: MailFormRule is never accessed directly.

?>

Return to Top



Properties

$invalid_field = ''

  • Access: public

Contains the name of the widget that did not validate during
the last call to the invalid () method.

$method

  • Access: public

The value of the method attribute of the HTML form tag.
$method is actually an alias for $_attrs['method'].

$action

  • Access: public

The value of the action attribute of the HTML form tag.
$action is actually an alias for $_attrs['action'].

$widgets = array ()

  • Access: public

An array of form widgets.

$template

  • Access: public

The optional template file or data used to customize the look
of the form.

$title

  • Access: public

The title to be displayed at the top of the form.

$message

  • Access: public

The initial message to be displayed at the top of the form.

$extra

  • Access: public

A way to pass extra parameters to the HTML form tag, for
example 'enctype="multipart/formdata"'. Notice: This property is
deprecated in favour of the $_attrs list and the attr() and unset()
methods.

$error_message

  • Access: public

Contains the message from any internal errors.

$error_mode = 'single'

  • Access: public

Determines the way in which error messages are displayed.
The default ('single') is to display the error message for the first
invalid field only. The other ('all') is to display a list of all
invalid fields with their corresponding error messages. Please note
that $error_mode 'all' assumes that a custom error message is provided
for every rule.

$invalid = array ()

  • Access: public

A list of all invalid fields in the form, and their corresponding
error messages.

$submitted = false

  • Access: private

Contains a true or false value as to whether the form has been
submitted successfully or not. An invalid form will contain false.
This value is used internally by the setValues() method.

$name

  • Access: public

The name of the widget.

$_attrs = array ()

  • Access: private

This contains a list of attributes of the HTML form tag.

$sendTo

  • Access: public

The email address to send the form to in the default handler.

$sendFrom = ''

  • Access: public

The email address to send the form from in the default handler.

$sendExtra = ''

  • Access: public

Any extra parameters for the mail() function in the default handler.

$sendSubject = 'Mail Form'

  • Access: public

The subject line of the email to send from the default handler.

$screenReply = 'Thank you.  Your form has been sent.'

  • Access: public

The response to return upon a successfully submitted form in the
default handler. Defaults to "Thank you. Your form has been sent."

$handler

  • Access: public

The function or object method to use to handle the submitted form.
This function or method will be called by the run() method. Use the
setHandler() method to change this setting.

$uploadFiles = true

  • Access: public

Whether to upload files automatically or to leave them for a custom
saving mechanism.

$verify_sender = false

  • Access: public

Whether to verify the REQUEST_METHOD and HTTP_REFERER headers to make
it more difficult (although not impossible) for spammers to abuse your
form. Note that this can be enabled in a form's settings file under
the [Form] block via: verify_sender = yes

$clean_input = false

  • Access: public

Whether to strip all HTML and PHP tags/code from all input parameters.
This is off by default because it would break forms with the Xed editor
by default, so it must be enabled as needed. Note that this can be
enabled in a form's settings file under the [Form] block via:
clean_input = yes

$blacklist = true

  • Access: public

Whether to verify the remote address of the form submitter against
a list of invalid IP addresses in the database table
sitellite_form_blacklist so as to prevent repeated abuse from a single
source.

$verify_session = true

  • Access: public

Whether to verify that the submitter can accept session data, which
helps ensure they are a legitimate human user. Passing session
verification requires cookies to be enabled for the submitter, which
may help prevent abuse in combination with the other abuse-prevention
techniques because a spambot may ignore the cookie, however this
restricts forms for legitimate visitors who have cookies disabled
in their browser (only a very small number of users disable cookies,
but some do). To disable for a single form, add verify_session = no
to its settings.php form.

$autosave = false

  • Access: public

Whether this form should tie into Sitellite's autosave capabilities.
Please note that the autosave handler is only available to authenticated
users and not to anonymous forms.

$rule

  • Access: public

The original unmodified rule definition.

$msg

  • Access: public

The error message for this rule.

$type

  • Access: public

The rule type. Can be 'is', 'contains', 'regex', 'not empty',
'equals', 'length', 'gt', 'ge', 'lt', 'le', or 'func'.

$value

  • Access: public

The rule value. This corresponds to the part of the rule
in double quotes (ie. type "value").

$negated = false

  • Access: public

If a 'not' is present at the start of the rule, this will be
set to true, otherwise false.

Return to Top



Methods

MailFormRule ($rule, $name, $msg = '')

  • Access: public

Constructor Method.

parseRuleStatement ($rule)

  • Access: public

Parses the original rule into the $type and $value properties.

validate ($value, $form, $cgi)

  • Access: public
  • Return: boolean

Validates the value given against itself. Returns false on
failure and true on success.

_validate ($value, $form, $cgi)

  • Access: public
  • Return: boolean

Validates the value given against itself. Returns false on
failure and true on success.

_validateNegated ($value, $form, $cgi)

  • Access: public
  • Return: boolean

Validates the value given against itself. Returns false on
failure and true on success.

Return to Top

Copyright © 2008 Sitellite CMS Project

Powered by Sitellite 5.0 Content Management System