Input Validation: Maian Guardian Documentation

Overview

To ensure users enter the correct information when generating licenses, you can set up validation checking on user input data. This can also ensure that someone doesn't try and use certain code to adjust the license file data. Input validation is recommended where user input is required, such as on domain names, ip addresses or custom constants.

For example, you may have a custom constant called 'key' and this value can only be one of a set amount of values. You would set up an help instruction to let the visitor know what they should input and then use input validation to check it's valid.

Maian Guardian doesn't have pre-built input validation functions/methods as products and server data will be different. However, input validation for domain names and IP addresses is included. These can be modified to suit your needs.

Input Validation Class/Methods

The input validation class is located at "control/classes/class.validation.php". Here you assign methods for input validation when/where required. Each method is a function inside the validation class. The current domain() & ip() functions act as examples.

Function Parameter / Boolean Return Value

Each function created inside the validation class accepts a single parameter called '$input'. The value of this will be the input entered by the visitor. Each function should return a boolean value. ie, true or false. If true, validation has passed, if false it has failed. A simple example:

function domain($input) {
return ($input=='' ? false : true);
}

This simply checks if any data has been entered. If it has, validation is ok. Obviously you'll want slightly more advanced routines, but this is a simple example highlighting the parameter and the return. A more familiar way of writing the above would be:

function domain($input) {
  if ($input=='') {
    return false;
  } else {
    return true;
  }
}

Both do the same thing.

Methods/Function Names

Input validation function names should be the same as your constant key. In some instances you may have constant keys that begin with numeric characters. PHP cannot allow functions that start with a number, so in this instance prefix the function with the following:

guardian_

See below example.

Methods for Domain / IP Address / MAC Address

Validation methods/function for these should be named 'domain','ip' & 'mac' respectively.

function domain($input) {
}
function ip($input) {
}
function mac($input) {
}

Methods for License Constants

Methods for any constants that require user input should always be the same name as the constant key you have specified when adding a product. So, assume you have added a product with two constants and they both require user input.

So, here the methods should be named 'Param' & 'Key'. Example:

function Param($input) {
}
function Key($input) {
}

Inside these functions is your validation. So, lets say that the value of 'Key' can only be numeric, you might do:

function Key($input) {
return (ctype_digit($input) ? true : false);
}

This uses the ctype function. You might also do:

function Key($input) {
  if (is_numeric($input)) {
    return true;
  } else {
    return false;
  }
}

Regular expressions can also be used:

function Key($input) {
  if (preg_match('/^\d+$/', $input)) {
    return true;
  } else {
    return false;
  }
}

Prefix 'guardian_' to constant keys that begin with a number. So, lets say your constant key is '123key', for input validation use the following function name:

function guardian_123key($input) {
xxxx
}

More examples below.

Checking Set Values

You may have an instance when an entered value must be one of a range and nothing else. Lets take for instance a set of colours. The entered value must be one of either green, red or blue. We can check for this as follows:

function Key($input) {
  if (in_array($input,array('green','red','blue'))) {
    return true;
  } else {
    return false;
  }
}

Range of Numbers

Here's how you might check a range of numbers from 1-50.

function Key($input) {
  if (in_array($input,range(1,50))) {
    return true;
  } else {
    return false;
  }
}

Try / Catch

You should use try / catch blocks to catch potential errors.

try {
  // Code execution..
} catch(ErrorException $e) {
  // Catch error.
  $e->getMessage();
}

Conclusion

The above are only simple examples to help you get the idea of how this feature works. More advanced checking can be accomplished via PHP's PCRE regex functions.

Input validation is highly recommended for license creation. You can use any standard PHP functions to validate your data. Fully test the input before going live with your license system. Having good validation can cut down on the possibilities of users entering data incorrectly and you having to re-generate or update licenses.