class design - validating user input

Question

I use the clas below to validate user input. Originally it was just a collection of static functions grouped together.

However, I modifed it to an object style and added in a private memeber to hold the user input array. What is the next step to making this class adaptable, i.e. more generic so that it can be used by others as part of a library?

$message is the text displayed to the user on a validation fail.

Library Code:

class validate
  {
  private $input;
  function __construct($input_arg)
    {
    $this->input=$input_arg;
    } 
  function empty_user($message)    
    {
    if((int)!in_array('',$this->input,TRUE)) return 1;
    echo $message;return 0; 
    }
  function name($message)          
    {
    if(preg_match('/^[a-zA-Z-\.]{1,40}$/',$this->input['name'])) return 1;
    echo $message;return 0; 
    }
  function email($message)
    {
    if(preg_match('/^[a-zA-Z0-9._s-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{1,4}$/',$this->input['email'])) return 1;
    echo $message;return 0; 
    }
  function pass($message)
    {
    if(preg_match('/^[a-zA-Z0-9!@#$%^&*]{6,20}$/',$this->input['pass'])) return 1;
    echo $message;return 0;
    }
  }

Application Code:

  function __construct()
    {
    parent::__construct();
    $obj=check_new($this->_protected_arr);
    $a='<si_f>Please enter both an email and a password!';
    $b='<si_f>Please enter a valid email!';
    $c='<si_f>Please enter a valid password!';
    if($obj->empty_user($a) && $obj->email($b) && $obj->pass($c) && self::validate())
      {
      self::activate_session();
      echo "<si_p>";
      }
    }

Answer 1

I'd not write all these function in a generic class. I'd rather have separate functions that perform specific checks, and maybe a specific class that calls these checks on my specific input.

This class now echo's, which is never a good solution for a class like this. Just let it perform the check and raise an exception if something's wrong. If exceptions are too hard, or don't fit in your achitecture, let your function return false, and set a property that can be read afterwards.

About your specific checks:

• Your e-mail check is very strict and doesn't allow all e-mail addresses. The domain, for instance, can be an IP address too, and the username (the part before the @) can include many obscure characters, including an @. Yes, really!

• Why must a password be 6 characters at least? And why on earth would you limit the password to 20 characters? I use passwords of over 20 characters, and I know many other people that do too. Just let everybody type everything they want. Anything. Let them post 3MB of text if they like. Let them include unicode characters if they want. What is a better protection that having a bunch of chinese characters as a password? And if they want to enter just a, that's their responsibility too. You should never ever store the password itself anyway, so just hash whatever they input and store the 32 characters that gives you (if you use MD5 hashing). The only password that you may refuse is an empty password. Anything else should go.

• Same goes for name. 40 characters? Really. I can imagine people having names that long. Add a little more space. Bytes aren't that expensive, and it's not that you're gonna have 2 billion users.

Answer 2

Maybe it's worth having a look at Zend Validate? Or any other PHP frameworks validate classes. Just then extend them to add the functionality you want.

In answer to your question, is it worth having another variable in the class so you can check the error?

  class validate
  {
  private $input;
  public $error = false;
  function __construct($input_arg)
    {
    $this->input=$input_arg;
    } 
  function empty_user($message)    
    {
    if((int)!in_array('',$this->input,TRUE)) return 1;
    echo $message;$this->error = "Empty message";
    }
 ... else
  }
$validate = new validate($empty_message);
if( !$validate->empty_user('this input is empty') === false)
{
    echo "Was not empty";
}