Newer
Older
<?php
function checkRequest($expectedParams){
foreach ($expectedParams as $param) {
if (!isset($_POST[$param])){
return "Formulardaten ungültig";
}
if ($param == 'sessionId' && preg_match('/^[0-9a-zA-Z.]*$/', $_POST['sessionId']) != 1){
return "sessionId ungültig";
}
if ($param == 'title' && preg_match('/^[a-zA-z0-9\-_]+$/', $_POST['title']) != 1){
}
if ($param == 'directory' && preg_match('/^\/[a-zA-z0-9\-_]*(?:\/[a-zA-z0-9\-_]+)*$/', $_POST['directory']) != 1) {
return "directory ungültig";
}
if ($param == 'fileId' && preg_match('/^\/[a-zA-z0-9\-_]*(?:\/[a-zA-z0-9\-_]+)*$/', $_POST['fileId']) != 1){
return "fileId ungültig";
}
if ($param == 'accountname' && preg_match('/^[0-9a-zA-Z_\-]+$/', $_POST['accountname']) != 1){
return "accountname ungültig";
}
if ($param == 'nickname' && preg_match('/^[0-9a-zA-Z_\- ]+$/', $_POST['nickname']) != 1){
return "nickname ungültig";
}
if ($param == 'email' && ($_POST['email'] != '' && preg_match('/.+@.+/', $_POST['email']) != 1)){
return "email ungültig";