From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ammarfaizi2@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: **
X-Spam-Status: No, score=2.2 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.6
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181])
	by gnuweeb.org (Postfix) with ESMTPS id B5DA181722
	for <gwml@vger.gnuweeb.org>; Sun, 27 Nov 2022 20:32:55 +0000 (UTC)
Received: by mail-pf1-f181.google.com with SMTP id l7so6180037pfl.7
        for <gwml@vger.gnuweeb.org>; Sun, 27 Nov 2022 12:32:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VPm+dax1bgy4a/kWPW2nYsk+ru3jUdcW+oplYsVDJEw=;
        b=PthQQ/GulYVPvn+9EdGNFcmS0+t0wcJNsdw8niil5omxDDve7ZzoNodDD0HiAr6hWS
         obcZQcYmN2mSju+l93PXNcxlDfM2T6Jq6+36JX5uJVQ1adKDhpfTbMpb3TuLYL3hbc2I
         i/Ap5F7fkmRBAtXq0Smor269Ww9i5ifw5Vxis2PC/T6n75e6CksXxylpAgeo+G/IJMwk
         vVv3Jg+iwFm9vI1V/0Ue6L/ew8VnqNsEp6A6NS3ytPbd2FbdiOl57AosZ+sn1aNczT9C
         fBzk8q79q2BmVRYFoJCXpzNsecAbJcqiiAPiULWWTLJAbFQJCCC+AfMGRbuaPmjKIB2q
         A3TA==
X-Gm-Message-State: ANoB5pktmW362x7rRIDW+2lr81Cvc+aucoSxgo4+bL1hgU8RjKUADe4t
	joMB3IxqlaA0W87SgSZmfmH+fG4YbgR2pQ==
X-Google-Smtp-Source: AA0mqf7n65+BQCNKEF7hKOQuMyKd6ISY1axvPfD9k+2N3o/jowT3oupk1u8+PyCOTnlwWNEm8pWgTw==
X-Received: by 2002:a63:f925:0:b0:470:88:8c18 with SMTP id h37-20020a63f925000000b0047000888c18mr25999689pgi.23.1669581175243;
        Sun, 27 Nov 2022 12:32:55 -0800 (PST)
Received: from localhost.localdomain ([2404:8000:1021:2a9:da99:231d:4dfa:7f54])
        by smtp.gmail.com with ESMTPSA id ij13-20020a170902ab4d00b0018685257c0dsm7234904plb.58.2022.11.27.12.32.52
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 27 Nov 2022 12:32:54 -0800 (PST)
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
To: Gilang Fachrezy <gilang4321@gmail.com>
Cc: Ammar Faizi <ammarfaizi2@gnuweeb.org>,
	Taufiq Pohan <m.taufiq30s@hotmail.com>,
	Aldy Prastyo <dipras75@gmail.com>,
	Muhammad Fitrah Pandjalu <pandjalu9j@gmail.com>,
	Nauvalsa Yanandana <yuliananda013@gmail.com>,
	GNU/Weeb Mailing List <gwml@vger.gnuweeb.org>,
	VNLX Kernel Department <kernel@vnlx.org>
Subject: [PATCH v1 10/13] Add input form validation
Date: Mon, 28 Nov 2022 03:32:13 +0700
Message-Id: <20221127203216.408808-11-ammarfaizi2@gnuweeb.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20221127203216.408808-1-ammarfaizi2@gnuweeb.org>
References: <20221127203216.408808-1-ammarfaizi2@gnuweeb.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <gwml.vger.gnuweeb.org>

This validates the user inputs.

Co-authored-by: Muhammad Fitrah Pandjalu <pandjalu9j@gmail.com>
Signed-off-by: Muhammad Fitrah Pandjalu <pandjalu9j@gmail.com>
Co-authored-by: Taufiq Pohan <m.taufiq30s@hotmail.com>
Signed-off-by: Taufiq Pohan <m.taufiq30s@hotmail.com>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
---
 public/api.php   | 25 +++++++++++++------
 public/index.php | 65 +++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 9 deletions(-)

diff --git a/public/api.php b/public/api.php
index 97d8e4d..8305552 100644
--- a/public/api.php
+++ b/public/api.php
@@ -18,6 +18,13 @@ if (!isset($_GET["action"]) || !is_string($_GET["action"])) {
 	goto out;
 }
 
+const SOCIAL_MEDIA = [
+	"facebook_id",
+	"twitter_username",
+	"discord_username",
+	"github_username",
+];
+
 function submit_attendance(): array
 {
 	if ($_SERVER["REQUEST_METHOD"] !== "POST")
@@ -39,17 +46,19 @@ function submit_attendance(): array
 	if (!isset($j["email"]) || !is_string($j["email"]))
 		return [400, err_msg(400, "Missing \"email\" string argument!")];
 
-	if (!isset($j["facebook_id"]))
-		return [400, err_msg(400, "Missing \"facebook_id\" argument!")];
+	$social_media_is_filled = false;
+	foreach (SOCIAL_MEDIA as $sc) {
+		if (!isset($j[$sc]))
+			continue;
 
-	if (!isset($j["twitter_username"]))
-		return [400, err_msg(400, "Missing \"twitter_username\" argument!")];
+		if (!is_string($j[$sc]))
+			return [400, err_msg(400, "Argument \"{$sc}\" has to be a string")];
 
-	if (!isset($j["discord_username"]))
-		return [400, err_msg(400, "Missing \"discord_username\" argument!")];
+		$social_media_is_filled = true;
+	}
 
-	if (!isset($j["github_username"]))
-		return [400, err_msg(400, "Missing \"github_username\" argument!")];
+	if (!$social_media_is_filled)
+		return [400, err_msg(400, "Social media accounts must be filled at least one")];
 
 	try {
 		$pdo = pdo();
diff --git a/public/index.php b/public/index.php
index 411f6df..abb016f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -8,6 +8,7 @@
 <body>
 	<div class="container p-5">
 		<h1 class="text-center">VNL Member Attendance Form</h1>
+		<h3 class="text-center">3th and 4th Dec 2022 (VNL Booth Senayan Park)</h3>
 		<div>
 			<form method="POST" action="javascript:void(0);" id="attendance_form">
 				<div class="mb-3">
@@ -67,6 +68,52 @@
 			success: load_select2_city
 		});
 
+		function form_err(msg)
+		{
+			alert(msg);
+		}
+
+		function form_ok()
+		{
+			alert("Terima kasih telah melakukan presensi, data Anda sudah dicatat dan dijamin aman!");
+		}
+
+		function validate_form(j)
+		{
+			if (!j.full_name.match(/^[a-z\.\'\ ]+$/i)) {
+				form_err("The full name must match with /^[a-z\\.\\'\\ ]+$/i regex pattern!");
+				return false;
+			}
+
+			if (!j.phone_number.match(/^((\+?62)|(0))\d+$/i)) {
+				form_err("The phone number must match with /^((\\+?62)|(0))\\d+$/i regex pattern!");
+				return false;
+			}
+
+			const social_media = [
+				"facebook_id",
+				"twitter_username",
+				"discord_username",
+				"github_username",
+			];
+			let social_media_is_filled = false;
+			let i;
+
+			for (i in social_media) {
+				if (j[social_media[i]] !== null) {
+					social_media_is_filled = true;
+					break;
+				}
+			}
+
+			if (!social_media_is_filled) {
+				form_err("Social media accounts must be filled at least one");
+				return false;
+			}
+
+			return true;
+		}
+
 		let form = $("#attendance_form");
 		form.submit(function () {
 			let data = form.serializeArray();
@@ -77,17 +124,33 @@
 				let key = data[i].name;
 				let val = data[i].value;
 
+				val = val.trim();
 				if (key === "city")
 					val = parseInt(val);
 
+				if (val === "")
+					val = null;
+
 				json[key] = val;
 			}
 
+			if (!validate_form(json))
+				return;
+
 			$.post({
 				url: "api.php?action=submit_attendance",
 				data: JSON.stringify(json),
 				success: function () {
-					alert("success!");
+					form_ok();
+					window.location = "";
+				},
+				error: function (res) {
+					let j = res.responseJSON;
+
+					if ("error" in j)
+						form_err(j.error);
+					else
+						form_err("Unknown error!");
 				}
 			});
 		});
-- 
Ammar Faizi