You are here

Home » API reference » Protected Submissions 7 » protected_submissions.module

function _protected_submissions_validate in Protected Submissions 7

Same name and namespace in other branches
  1. 8 protected_submissions.module \_protected_submissions_validate()

Validate the submitted text fields.

1 string reference to '_protected_submissions_validate'
protected_submissions_form_alter in ./protected_submissions.module
Implements hook_form_alter().

File

./protected_submissions.module, line 736
Blocks submissions from anonymous users that contain pre-defined strings.

Code

function _protected_submissions_validate($form, &$form_state) {
  $check_text = NULL;

  // Get user defined reject message.
  $reject_message = protected_submissions_variable_get('protected_submissions_reject_message');

  // Get list of user defined trigger patterns.
  $reject_patterns = protected_submissions_variable_get('protected_submissions_reject_patterns');
  $reject_patterns = strtolower($reject_patterns);

  // Get the quantity of previously rejected submissions.
  $rejected = protected_submissions_variable_get('protected_submissions_rejected');

  // Get user's choice if the rejected messages are logged or not.
  $log_rejected = protected_submissions_variable_get('protected_submissions_log_rejected');

  // Turn multiline string into a single comma-separated string.
  $reject_patterns = str_replace(array(
    "\r",
    "\n",
  ), ",", $reject_patterns);
  $reject_patterns = str_replace(',,', ',', $reject_patterns);

  // Escape delimiter.
  $reject_patterns = str_replace('@', '\\@', $reject_patterns);

  // Turn to array.
  $reject_patterns = explode(",", $reject_patterns);

  // Trim white spaces of array values in php.
  $reject_patterns = array_map('trim', $reject_patterns);

  // Remove empty array members.
  $reject_patterns = array_filter($reject_patterns);

  // Get submitted values;.
  $values = $form_state['values'];
  if (strpos($values['form_id'], 'webform_') !== FALSE) {

    // Webforms.
    if (isset($values['submitted'])) {
      foreach ($values['submitted'] as $key => $value) {
        if ($form['submitted'][$key]['#webform_component']['form_key'] == $key) {
          if ($form['submitted'][$key]['#webform_component']['type'] == 'textfield' || $form['submitted'][$key]['#webform_component']['type'] == 'textarea') {
            $check_text .= ' ' . $value;
          }
        }
        if (!empty($form['submitted'][$key]['#webform_component']['children'])) {
          foreach ($form['submitted'][$key]['#webform_component']['children'] as $cid => $component) {
            if ($component['type'] == 'textfield' || $component['type'] == 'textarea') {
              $check_text .= ' ' . $value[$component['form_key']];
            }
          }
        }
      }
    }
  }
  else {

    // Nodes, comments, contact forms.
    foreach ($values as $key => $value) {
      if (isset($form[$key])) {
        if (isset($form[$key]['#type'])) {

          // Node, comment or contact form title (textfield) and contact message (textarea).
          if ($form[$key]['#type'] == 'textfield' || $form[$key]['#type'] == 'textarea') {
            $check_text .= ' ' . $form[$key]['#value'];
          }
        }
        if (isset($form[$key][LANGUAGE_NONE][0]['value']['#type'])) {

          // Node text area or field.
          if ($form[$key][LANGUAGE_NONE][0]['value']['#type'] == 'textarea' || $form[$key][LANGUAGE_NONE][0]['value']['#type'] == 'textfield') {

            // Find all values.
            $array_shift = array_shift($values[$key]);
            foreach ($array_shift as $var) {
              if (!empty($var['value'])) {
                $check_text .= ' ' . $var['value'];
              }
            }
          }
        }
      }
    }
  }

  /**
   * Check if random UTF characters from the text belong to allowed
   * language scripts.
   */
  $stripped = strip_tags($check_text);
  $stripped = preg_replace('/[0-9]+/', '', $stripped);
  $stripped = preg_replace('/[[:punct:]]+/', '', trim($stripped));
  $stripped = preg_replace('/\\s+/', '', $stripped);

  // Get user defined language script.
  $allowed_scripts_raw = protected_submissions_variable_get('protected_submissions_allowed_scripts');

  // Clean up the array.
  foreach ($allowed_scripts_raw as $key => $value) {
    if ($value != FALSE) {
      $allowed_scripts[] = $value;
    }
  }
  $language_scripts = protected_submissions_variable_get('protected_submissions_language_scripts');

  // Get number of characters for language script validation.
  $check_quantity = protected_submissions_variable_get('protected_submissions_check_quantity');
  $language_failed = FALSE;
  for ($i = 0; $i < $check_quantity; $i++) {

    // Get a random letter from text stripped of all special characters and numbers.
    mb_internal_encoding("UTF-8");
    $random_char = mb_substr($stripped, rand(0, mb_strlen($stripped) - 1), 1);
    if (!empty(trim($random_char))) {
      if ($i < $check_quantity) {
        if (_if_char_allowed($random_char, $allowed_scripts, $language_scripts) == FALSE) {
          form_set_error("user", $reject_message);
          $rejected = $rejected + 1;

          // Save the new value.
          variable_set('protected_submissions_rejected', $rejected);
          if ($log_rejected == TRUE) {

            // Save the watchdog message.
            $check_text = str_replace($random_char, mb_strtoupper("<strong>{$random_char}</strong>"), $check_text);
            watchdog('rejected language', "Rejected:<em>{$check_text}</em>", $variables = array(), WATCHDOG_WARNING, $link = NULL);
          }

          // Since the first pattern found break the loop.
          $language_failed = TRUE;
          break;
        }
      }
    }
  }

  // Search for reject patterns in the concatenated text.
  if ($language_failed == FALSE) {
    $check_text = strtolower($check_text);
    foreach ($reject_patterns as $pattern) {
      $clean_pattern = preg_quote($pattern, '@');
      if (preg_match("@\\b{$clean_pattern}\\b@i", $check_text)) {
        form_set_error("user", $reject_message);
        $rejected = $rejected + 1;

        // Save the new value.
        variable_set('protected_submissions_rejected', $rejected);
        if ($log_rejected == TRUE) {

          // Save the watchdog message.
          $check_text = str_replace($pattern, mb_strtoupper("<strong>{$pattern}</strong>"), $check_text);
          watchdog('rejected pattern', "Rejected:<em>{$check_text}</em>", $variables = array(), WATCHDOG_WARNING, $link = NULL);
        }

        // Since the first pattern found break the loop.
        break;
      }
    }
  }
}