From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: ** X-Spam-Status: No, score=2.2 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by gnuweeb.org (Postfix) with ESMTPS id B5DA181722 for ; Sun, 27 Nov 2022 20:32:55 +0000 (UTC) Received: by mail-pf1-f181.google.com with SMTP id l7so6180037pfl.7 for ; Sun, 27 Nov 2022 12:32:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VPm+dax1bgy4a/kWPW2nYsk+ru3jUdcW+oplYsVDJEw=; b=PthQQ/GulYVPvn+9EdGNFcmS0+t0wcJNsdw8niil5omxDDve7ZzoNodDD0HiAr6hWS obcZQcYmN2mSju+l93PXNcxlDfM2T6Jq6+36JX5uJVQ1adKDhpfTbMpb3TuLYL3hbc2I i/Ap5F7fkmRBAtXq0Smor269Ww9i5ifw5Vxis2PC/T6n75e6CksXxylpAgeo+G/IJMwk vVv3Jg+iwFm9vI1V/0Ue6L/ew8VnqNsEp6A6NS3ytPbd2FbdiOl57AosZ+sn1aNczT9C fBzk8q79q2BmVRYFoJCXpzNsecAbJcqiiAPiULWWTLJAbFQJCCC+AfMGRbuaPmjKIB2q A3TA== X-Gm-Message-State: ANoB5pktmW362x7rRIDW+2lr81Cvc+aucoSxgo4+bL1hgU8RjKUADe4t joMB3IxqlaA0W87SgSZmfmH+fG4YbgR2pQ== X-Google-Smtp-Source: AA0mqf7n65+BQCNKEF7hKOQuMyKd6ISY1axvPfD9k+2N3o/jowT3oupk1u8+PyCOTnlwWNEm8pWgTw== X-Received: by 2002:a63:f925:0:b0:470:88:8c18 with SMTP id h37-20020a63f925000000b0047000888c18mr25999689pgi.23.1669581175243; Sun, 27 Nov 2022 12:32:55 -0800 (PST) Received: from localhost.localdomain ([2404:8000:1021:2a9:da99:231d:4dfa:7f54]) by smtp.gmail.com with ESMTPSA id ij13-20020a170902ab4d00b0018685257c0dsm7234904plb.58.2022.11.27.12.32.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 27 Nov 2022 12:32:54 -0800 (PST) From: Ammar Faizi To: Gilang Fachrezy Cc: Ammar Faizi , Taufiq Pohan , Aldy Prastyo , Muhammad Fitrah Pandjalu , Nauvalsa Yanandana , GNU/Weeb Mailing List , VNLX Kernel Department Subject: [PATCH v1 10/13] Add input form validation Date: Mon, 28 Nov 2022 03:32:13 +0700 Message-Id: <20221127203216.408808-11-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221127203216.408808-1-ammarfaizi2@gnuweeb.org> References: <20221127203216.408808-1-ammarfaizi2@gnuweeb.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: This validates the user inputs. Co-authored-by: Muhammad Fitrah Pandjalu Signed-off-by: Muhammad Fitrah Pandjalu Co-authored-by: Taufiq Pohan Signed-off-by: Taufiq Pohan Signed-off-by: Ammar Faizi --- public/api.php | 25 +++++++++++++------ public/index.php | 65 +++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 81 insertions(+), 9 deletions(-) diff --git a/public/api.php b/public/api.php index 97d8e4d..8305552 100644 --- a/public/api.php +++ b/public/api.php @@ -18,6 +18,13 @@ if (!isset($_GET["action"]) || !is_string($_GET["action"])) { goto out; } +const SOCIAL_MEDIA = [ + "facebook_id", + "twitter_username", + "discord_username", + "github_username", +]; + function submit_attendance(): array { if ($_SERVER["REQUEST_METHOD"] !== "POST") @@ -39,17 +46,19 @@ function submit_attendance(): array if (!isset($j["email"]) || !is_string($j["email"])) return [400, err_msg(400, "Missing \"email\" string argument!")]; - if (!isset($j["facebook_id"])) - return [400, err_msg(400, "Missing \"facebook_id\" argument!")]; + $social_media_is_filled = false; + foreach (SOCIAL_MEDIA as $sc) { + if (!isset($j[$sc])) + continue; - if (!isset($j["twitter_username"])) - return [400, err_msg(400, "Missing \"twitter_username\" argument!")]; + if (!is_string($j[$sc])) + return [400, err_msg(400, "Argument \"{$sc}\" has to be a string")]; - if (!isset($j["discord_username"])) - return [400, err_msg(400, "Missing \"discord_username\" argument!")]; + $social_media_is_filled = true; + } - if (!isset($j["github_username"])) - return [400, err_msg(400, "Missing \"github_username\" argument!")]; + if (!$social_media_is_filled) + return [400, err_msg(400, "Social media accounts must be filled at least one")]; try { $pdo = pdo(); diff --git a/public/index.php b/public/index.php index 411f6df..abb016f 100644 --- a/public/index.php +++ b/public/index.php @@ -8,6 +8,7 @@

VNL Member Attendance Form

+

3th and 4th Dec 2022 (VNL Booth Senayan Park)

@@ -67,6 +68,52 @@ success: load_select2_city }); + function form_err(msg) + { + alert(msg); + } + + function form_ok() + { + alert("Terima kasih telah melakukan presensi, data Anda sudah dicatat dan dijamin aman!"); + } + + function validate_form(j) + { + if (!j.full_name.match(/^[a-z\.\'\ ]+$/i)) { + form_err("The full name must match with /^[a-z\\.\\'\\ ]+$/i regex pattern!"); + return false; + } + + if (!j.phone_number.match(/^((\+?62)|(0))\d+$/i)) { + form_err("The phone number must match with /^((\\+?62)|(0))\\d+$/i regex pattern!"); + return false; + } + + const social_media = [ + "facebook_id", + "twitter_username", + "discord_username", + "github_username", + ]; + let social_media_is_filled = false; + let i; + + for (i in social_media) { + if (j[social_media[i]] !== null) { + social_media_is_filled = true; + break; + } + } + + if (!social_media_is_filled) { + form_err("Social media accounts must be filled at least one"); + return false; + } + + return true; + } + let form = $("#attendance_form"); form.submit(function () { let data = form.serializeArray(); @@ -77,17 +124,33 @@ let key = data[i].name; let val = data[i].value; + val = val.trim(); if (key === "city") val = parseInt(val); + if (val === "") + val = null; + json[key] = val; } + if (!validate_form(json)) + return; + $.post({ url: "api.php?action=submit_attendance", data: JSON.stringify(json), success: function () { - alert("success!"); + form_ok(); + window.location = ""; + }, + error: function (res) { + let j = res.responseJSON; + + if ("error" in j) + form_err(j.error); + else + form_err("Unknown error!"); } }); }); -- Ammar Faizi