[PATCH v1 10/13] Add input form validation

[Ammar Faizi <ammarfaizi2@gnuweeb.org>]

This validates the user inputs.

Co-authored-by: Muhammad Fitrah Pandjalu <pandjalu9j@gmail.com>
Signed-off-by: Muhammad Fitrah Pandjalu <pandjalu9j@gmail.com>
Co-authored-by: Taufiq Pohan <m.taufiq30s@hotmail.com>
Signed-off-by: Taufiq Pohan <m.taufiq30s@hotmail.com>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 public/api.php   | 25 +++++++++++++------
 public/index.php | 65 +++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 9 deletions(-)

diff --git a/public/api.php b/public/api.php
index 97d8e4d..8305552 100644
--- a/public/api.php
+++ b/public/api.php
@@ -18,6 +18,13 @@ if (!isset($_GET["action"]) || !is_string($_GET["action"])) {
 	goto out;
 }
 
+const SOCIAL_MEDIA = [
+	"facebook_id",
+	"twitter_username",
+	"discord_username",
+	"github_username",
+];
+
 function submit_attendance(): array
 {
 	if ($_SERVER["REQUEST_METHOD"] !== "POST")
@@ -39,17 +46,19 @@ function submit_attendance(): array
 	if (!isset($j["email"]) || !is_string($j["email"]))
 		return [400, err_msg(400, "Missing \"email\" string argument!")];
 
-	if (!isset($j["facebook_id"]))
-		return [400, err_msg(400, "Missing \"facebook_id\" argument!")];
+	$social_media_is_filled = false;
+	foreach (SOCIAL_MEDIA as $sc) {
+		if (!isset($j[$sc]))
+			continue;
 
-	if (!isset($j["twitter_username"]))
-		return [400, err_msg(400, "Missing \"twitter_username\" argument!")];
+		if (!is_string($j[$sc]))
+			return [400, err_msg(400, "Argument \"{$sc}\" has to be a string")];
 
-	if (!isset($j["discord_username"]))
-		return [400, err_msg(400, "Missing \"discord_username\" argument!")];
+		$social_media_is_filled = true;
+	}
 
-	if (!isset($j["github_username"]))
-		return [400, err_msg(400, "Missing \"github_username\" argument!")];
+	if (!$social_media_is_filled)
+		return [400, err_msg(400, "Social media accounts must be filled at least one")];
 
 	try {
 		$pdo = pdo();
diff --git a/public/index.php b/public/index.php
index 411f6df..abb016f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -8,6 +8,7 @@
 <body>
 	<div class="container p-5">
 		<h1 class="text-center">VNL Member Attendance Form</h1>
+		<h3 class="text-center">3th and 4th Dec 2022 (VNL Booth Senayan Park)</h3>
 		<div>
 			<form method="POST" action="javascript:void(0);" id="attendance_form">
 				<div class="mb-3">
@@ -67,6 +68,52 @@
 			success: load_select2_city
 		});
 
+		function form_err(msg)
+		{
+			alert(msg);
+		}
+
+		function form_ok()
+		{
+			alert("Terima kasih telah melakukan presensi, data Anda sudah dicatat dan dijamin aman!");
+		}
+
+		function validate_form(j)
+		{
+			if (!j.full_name.match(/^[a-z\.\'\ ]+$/i)) {
+				form_err("The full name must match with /^[a-z\\.\\'\\ ]+$/i regex pattern!");
+				return false;
+			}
+
+			if (!j.phone_number.match(/^((\+?62)|(0))\d+$/i)) {
+				form_err("The phone number must match with /^((\\+?62)|(0))\\d+$/i regex pattern!");
+				return false;
+			}
+
+			const social_media = [
+				"facebook_id",
+				"twitter_username",
+				"discord_username",
+				"github_username",
+			];
+			let social_media_is_filled = false;
+			let i;
+
+			for (i in social_media) {
+				if (j[social_media[i]] !== null) {
+					social_media_is_filled = true;
+					break;
+				}
+			}
+
+			if (!social_media_is_filled) {
+				form_err("Social media accounts must be filled at least one");
+				return false;
+			}
+
+			return true;
+		}
+
 		let form = $("#attendance_form");
 		form.submit(function () {
 			let data = form.serializeArray();
@@ -77,17 +124,33 @@
 				let key = data[i].name;
 				let val = data[i].value;
 
+				val = val.trim();
 				if (key === "city")
 					val = parseInt(val);
 
+				if (val === "")
+					val = null;
+
 				json[key] = val;
 			}
 
+			if (!validate_form(json))
+				return;
+
 			$.post({
 				url: "api.php?action=submit_attendance",
 				data: JSON.stringify(json),
 				success: function () {
-					alert("success!");
+					form_ok();
+					window.location = "";
+				},
+				error: function (res) {
+					let j = res.responseJSON;
+
+					if ("error" in j)
+						form_err(j.error);
+					else
+						form_err("Unknown error!");
 				}
 			});
 		});
-- 
Ammar Faizi