Student application submit validation changes

24899d4c · Σταύρος Παπαδάκης · ed27fc4c · 24899d4c · 24899d4c
Commit 24899d4c authored Jun 15, 2017 by Σταύρος Παπαδάκης
6 changed files
--- a/drupal/modules/epal/src/Controller/ApplicationSubmit.php
+++ b/drupal/modules/epal/src/Controller/ApplicationSubmit.php
@@ -29,6 +29,15 @@ class ApplicationSubmit extends ControllerBase
    const CERT_GYM = 'Απολυτήριο Γυμνασίου';
    const CERT_LYK = 'Απολυτήριο Λυκείου';
+    const VALID_NAMES_PATTERN = '/^[A-Za-zΑ-ΩΆΈΉΊΙΎΌΏα-ωάέήίΐύόώ \-]*$/mu';
+    const VALID_UCASE_NAMES_PATTERN = '/^[A-ZΑ-Ω]{3,}[A-ZΑ-Ω \-]*$/mu';
+    const VALID_ADDRESS_PATTERN = '/^[0-9A-Za-zΑ-ΩΆΈΉΊΎΌΏα-ωάέήίύόώ\/\. \-]*$/mu';
+    const VALID_ADDRESSTK_PATTERN = '/^[0-9]{5}$/';
+    const VALID_DIGITS_PATTERN = '/^[0-9]*$/';
+    const VALID_TELEPHONE_PATTERN = '/^2[0-9]{9}$/';
+    const VALID_YEAR_PATTERN = '/^(19[6789][0-9]|20[0-1][0-9])$/';
+    const VALID_CAPACITY_PATTERN = '/[0-9]*$/';
    protected $entityTypeManager;
    protected $logger;
    protected $connection;
@@ -60,80 +69,77 @@ class ApplicationSubmit extends ControllerBase
        );
    }
-    public function appSubmit(Request $request) {
+    public function appSubmit(Request $request)
-    		if (!$request->isMethod('POST')) {
+    {
-    			return $this->respondWithStatus([
+        if (!$request->isMethod('POST')) {
-    					"error_code" => 2001
+            return $this->respondWithStatus([
-    				], Response::HTTP_METHOD_NOT_ALLOWED);
+                "error_code" => 2001
-        	}
+            ], Response::HTTP_METHOD_NOT_ALLOWED);
-    		$applicationForm = array();
+        }
+        $applicationForm = array();
-    		$content = $request->getContent();
+        $content = $request->getContent();
-    		if (!empty($content)) {
+        if (!empty($content)) {
-    			$applicationForm = json_decode($content, TRUE);
+            $applicationForm = json_decode($content, true);
-    		}
+        } else {
-    		else {
+            return $this->respondWithStatus([
-    			return $this->respondWithStatus([
+                "error_code" => 5002
-    					"error_code" => 5002
+            ], Response::HTTP_BAD_REQUEST);
-    				], Response::HTTP_BAD_REQUEST);
+        }
-    		}
+        $epalConfigs = $this->entityTypeManager->getStorage('epal_config')->loadByProperties(array('name' => 'epal_config'));
-            $epalConfigs = $this->entityTypeManager->getStorage('epal_config')->loadByProperties(array('name' => 'epal_config'));
+        $epalConfig = reset($epalConfigs);
-            $epalConfig = reset($epalConfigs);
+        if (!$epalConfig) {
-            if (!$epalConfig) {
+            return $this->respondWithStatus([
-                return $this->respondWithStatus([
+                "error_code" => 3001
-                        "error_code" => 3001
+            ], Response::HTTP_FORBIDDEN);
-                    ], Response::HTTP_FORBIDDEN);
+        }
-            }
+        if ($epalConfig->lock_application->value) {
-            if ($epalConfig->lock_application->value) {
+            return $this->respondWithStatus([
-                return $this->respondWithStatus([
+                "error_code" => 3002
-                        "error_code" => 3002
+            ], Response::HTTP_FORBIDDEN);
-                    ], Response::HTTP_FORBIDDEN);
+        }
-            }
        $crypt = new Crypt();
-        try  {
+        try {
-          $name_encoded = $crypt->encrypt($applicationForm[0]['name']);
+            $name_encoded = $crypt->encrypt($applicationForm[0]['name']);
-          $studentsurname_encoded = $crypt->encrypt($applicationForm[0]['studentsurname']);
+            $studentsurname_encoded = $crypt->encrypt($applicationForm[0]['studentsurname']);
-          $fatherfirstname_encoded = $crypt->encrypt($applicationForm[0]['fatherfirstname']);
+            $fatherfirstname_encoded = $crypt->encrypt($applicationForm[0]['fatherfirstname']);
-          $motherfirstname_encoded = $crypt->encrypt($applicationForm[0]['motherfirstname']);
+            $motherfirstname_encoded = $crypt->encrypt($applicationForm[0]['motherfirstname']);
-          $regionaddress_encoded = $crypt->encrypt($applicationForm[0]['regionaddress']);
+            $regionaddress_encoded = $crypt->encrypt($applicationForm[0]['regionaddress']);
-          $regiontk_encoded = $crypt->encrypt($applicationForm[0]['regiontk']);
+            $regiontk_encoded = $crypt->encrypt($applicationForm[0]['regiontk']);
-          $regionarea_encoded = $crypt->encrypt($applicationForm[0]['regionarea']);
+            $regionarea_encoded = $crypt->encrypt($applicationForm[0]['regionarea']);
-          //$certificatetype_encoded = $crypt->encrypt($applicationForm[0]['certificatetype']);
+            // $certificatetype_encoded = $crypt->encrypt($applicationForm[0]['certificatetype']);
-          $relationtostudent_encoded = $crypt->encrypt($applicationForm[0]['relationtostudent']);
+            $relationtostudent_encoded = $crypt->encrypt($applicationForm[0]['relationtostudent']);
-          $telnum_encoded = $crypt->encrypt($applicationForm[0]['telnum']);
+            $telnum_encoded = $crypt->encrypt($applicationForm[0]['telnum']);
-          $guardian_name_encoded = $crypt->encrypt($applicationForm[0]['cu_name']);
+            $guardian_name_encoded = $crypt->encrypt($applicationForm[0]['cu_name']);
-          $guardian_surname_encoded = $crypt->encrypt($applicationForm[0]['cu_surname']);
+            $guardian_surname_encoded = $crypt->encrypt($applicationForm[0]['cu_surname']);
-          $guardian_fathername_encoded = $crypt->encrypt($applicationForm[0]['cu_fathername']);
+            $guardian_fathername_encoded = $crypt->encrypt($applicationForm[0]['cu_fathername']);
-          $guardian_mothername_encoded = $crypt->encrypt($applicationForm[0]['cu_mothername']);
+            $guardian_mothername_encoded = $crypt->encrypt($applicationForm[0]['cu_mothername']);
-        }
+        } catch (\Exception $e) {
-        catch (\Exception $e) {
            print_r($e->getMessage());
-            unset($crypt);
+            $this->logger->warning($e->getMessage());
-      			$this->logger->warning($e->getMessage());
+            return $this->respondWithStatus([
-      			return $this->respondWithStatus([
+                "error_code" => 5001
-      					"error_code" => 5001
+            ], Response::HTTP_INTERNAL_SERVER_ERROR);
-      				], Response::HTTP_INTERNAL_SERVER_ERROR);
        }
        unset($crypt);
        $transaction = $this->connection->startTransaction();
-    		try {
+        try {
-    			//insert records in entity: epal_student
+            //insert records in entity: epal_student
-    			$authToken = $request->headers->get('PHP_AUTH_USER');
+            $authToken = $request->headers->get('PHP_AUTH_USER');
-    	        $epalUsers = $this->entityTypeManager->getStorage('epal_users')->loadByProperties(array('authtoken' => $authToken));
+            $epalUsers = $this->entityTypeManager->getStorage('epal_users')->loadByProperties(array('authtoken' => $authToken));
-    	        $epalUser = reset($epalUsers);
+            $epalUser = reset($epalUsers);
-                if (!$epalUser){
+            if (!$epalUser) {
-        			return $this->respondWithStatus([
+                return $this->respondWithStatus([
-        					"error_code" => 4003
+                    "error_code" => 4003
-        				], Response::HTTP_FORBIDDEN);
+                ], Response::HTTP_FORBIDDEN);
-        		}
+            }
-          $second_period = $this->retrievePeriod();
+            $second_period = $this->retrievePeriod();
-			    $student = array(
+            $student = array(
                'langcode' => 'el',
                'student_record_id' => 0,
                'sex' => 0,
@@ -148,23 +154,22 @@ class ApplicationSubmit extends ControllerBase
                'points' => 0,
                'user_id' => $epalUser->user_id->target_id,
                'epaluser_id' => $epalUser->id(),
                'name' => $name_encoded,
                'studentsurname' => $studentsurname_encoded,
-        				'birthdate' => $applicationForm[0]['studentbirthdate'],
+                'birthdate' => $applicationForm[0]['studentbirthdate'],
                'fatherfirstname' => $fatherfirstname_encoded,
                'motherfirstname' => $motherfirstname_encoded,
                'regionaddress' => $regionaddress_encoded,
                'regionarea' => $regionarea_encoded,
                'regiontk' => $regiontk_encoded,
-                //'certificatetype' => $certificatetype_encoded,
+                // 'certificatetype' => $certificatetype_encoded,
-        				//'graduation_year' => $applicationForm[0]['graduation_year'],
+                // 'graduation_year' => $applicationForm[0]['graduation_year'],
                'lastschool_registrynumber' => $applicationForm[0]['lastschool_registrynumber'],
                'lastschool_unittypeid' => $applicationForm[0]['lastschool_unittypeid'],
                'lastschool_schoolname' => $applicationForm[0]['lastschool_schoolname'],
                'lastschool_schoolyear' => $applicationForm[0]['lastschool_schoolyear'],
                'lastschool_class' => $applicationForm[0]['lastschool_class'],
-        				'currentclass' => $applicationForm[0]['currentclass'],
+                'currentclass' => $applicationForm[0]['currentclass'],
                'guardian_name' => $guardian_name_encoded,
                'guardian_surname' => $guardian_surname_encoded,
                'guardian_fathername' => $guardian_fathername_encoded,
@@ -172,11 +177,25 @@ class ApplicationSubmit extends ControllerBase
                'agreement' => $applicationForm[0]['disclaimer_checked'],
                'relationtostudent' => $relationtostudent_encoded,
                'telnum' => $telnum_encoded,
                'second_period' => $second_period,
-                    );
+            );
-            if (($errorCode = $this->validateStudent($student)) > 0) {
+            if (($errorCode = $this->validateStudent(array_merge(
+                    $student, [
+                        'name' => $applicationForm[0]['name'],
+                        'studentsurname' => $applicationForm[0]['studentsurname'],
+                        'fatherfirstname' => $applicationForm[0]['fatherfirstname'],
+                        'motherfirstname' => $applicationForm[0]['motherfirstname'],
+                        'regionaddress' => $applicationForm[0]['regionaddress'],
+                        'regiontk' => $applicationForm[0]['regiontk'],
+                        'regionarea' => $applicationForm[0]['regionarea'],
+                        'relationtostudent' => $applicationForm[0]['relationtostudent'],
+                        'telnum' => $applicationForm[0]['telnum'],
+                        'guardian_name' => $applicationForm[0]['cu_name'],
+                        'guardian_surname' => $applicationForm[0]['cu_surname'],
+                        'guardian_fathername' => $applicationForm[0]['cu_fathername'],
+                        'guardian_mothername' => $applicationForm[0]['cu_mothername']
+                    ]))) > 0) {
                return $this->respondWithStatus([
                    "error_code" => $errorCode
                ], Response::HTTP_OK);
@@ -187,11 +206,11 @@ class ApplicationSubmit extends ControllerBase
            if ((int)date("Y") === $lastSchoolYear && (int)$student['lastschool_unittypeid'] === 5) {
                $epalSchools = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('registry_no' => $lastSchoolRegistryNumber));
                $epalSchool = reset($epalSchools);
-            /*  if (!$epalSchool){
+                /*  if (!$epalSchool){
-        			return $this->respondWithStatus([
+                return $this->respondWithStatus([
-        					"error_code" => 4004
+                        "error_code" => 4004
-        				], Response::HTTP_FORBIDDEN);
+                    ], Response::HTTP_FORBIDDEN);
-        		} else { */
+                } else { */
                if ($epalSchool) {
                    $student['currentepal'] = $epalSchool->id();
                } else {
@@ -218,7 +237,6 @@ class ApplicationSubmit extends ControllerBase
                $entity_storage_epalchosen->save($entity_object);
            }
            if ($applicationForm[0]['currentclass'] === "3" || $applicationForm[0]['currentclass'] === "4") {
                $course = array(
                    'student_id' => $created_student_id,
@@ -256,19 +274,17 @@ class ApplicationSubmit extends ControllerBase
        return $res;
    }
+    private function retrievePeriod()
-    private function retrievePeriod() {
+    {
+        $config_storage = $this->entityTypeManager->getStorage('epal_config');
-      $config_storage = $this->entityTypeManager->getStorage('epal_config');
+        $epalConfigs = $config_storage->loadByProperties(array('name' => 'epal_config'));
-      $epalConfigs = $config_storage->loadByProperties(array('name' => 'epal_config'));
+        $epalConfig = reset($epalConfigs);
-      $epalConfig = reset($epalConfigs);
+        if (!$epalConfig) {
-      if (!$epalConfig)
+            $secondPeriodEnabled = 0;
-         return 0;
+        } else {
-      else
+            $secondPeriodEnabled = $epalConfig->activate_second_period->getString();
-         $secondPeriodEnabled = $epalConfig->activate_second_period->getString();
+        }
+        return $secondPeriodEnabled;
-      return $secondPeriodEnabled;
    }
    /**
@@ -299,58 +315,51 @@ class ApplicationSubmit extends ControllerBase
            (checkdate($date_parts[1], $date_parts[2], $date_parts[0]) !== true)) {
            return 1003;
        }
-        if (intval($date_parts[0]) >= 2003)
+        if (intval($date_parts[0]) >= 2003) {
            return 1003;
+        }
        $birthdate = "{$date_parts[2]}-{$date_parts[1]}-{$date_parts[0]}";
-        if (!$student["name"]) {
+        if (preg_match(self::VALID_UCASE_NAMES_PATTERN, $student["name"]) !== 1) {
            return 1004;
        }
-        if (!$student["studentsurname"]) {
+        if (preg_match(self::VALID_UCASE_NAMES_PATTERN, $student["studentsurname"]) !== 1) {
            return 1005;
        }
-        if (!$student["fatherfirstname"]) {
+        if (preg_match(self::VALID_UCASE_NAMES_PATTERN, $student["fatherfirstname"]) !== 1) {
            return 1006;
        }
-        if (!$student["motherfirstname"]) {
+        if (preg_match(self::VALID_UCASE_NAMES_PATTERN, $student["motherfirstname"]) !== 1) {
            return 1007;
        }
-        if (!$student["regionaddress"]) {
+        if (preg_match(self::VALID_ADDRESS_PATTERN, $student["regionaddress"]) !== 1) {
            return 1008;
        }
-        if (!$student["regiontk"]) {
+        if (preg_match(self::VALID_ADDRESSTK_PATTERN, $student["regiontk"]) !== 1) {
            return 1009;
        }
-        if (!$student["regionarea"]) {
+        if (preg_match(self::VALID_NAMES_PATTERN, $student["regionarea"]) !== 1) {
            return 1010;
        }
-        /*
+        if (!$student["currentclass"] || ($student["currentclass"] !== "1" && $student["currentclass"] !== "2" && $student["currentclass"] !== "3" && $student["currentclass"] !== "4")) {
-        if (!$student["certificatetype"]) {
-            return 1011;
-        }
-        if (!$student["graduation_year"]) {
-            return 1012;
-        }
-        */
-        if (!$student["currentclass"] || ($student["currentclass"] !== "1" && $student["currentclass"] !== "2" && $student["currentclass"] !== "3" && $student["currentclass"] !== "4") ) {
            return 1013;
        }
        if (!$student["relationtostudent"]) {
            return 1014;
        }
-        if (!$student["telnum"]) {
+        if (preg_match(self::VALID_TELEPHONE_PATTERN, $student["telnum"]) !== 1) {
            return 1015;
        }
-        if (!$student["guardian_name"]) {
+        if (preg_match(self::VALID_NAMES_PATTERN, $student["guardian_name"]) !== 1) {
            return 1016;
        }
-        if (!$student["guardian_surname"]) {
+        if (preg_match(self::VALID_NAMES_PATTERN, $student["guardian_surname"]) !== 1) {
            return 1017;
        }
-        if (!$student["guardian_fathername"]) {
+        if (preg_match(self::VALID_NAMES_PATTERN, $student["guardian_fathername"]) !== 1) {
            return 1018;
        }
-        if (!$student["guardian_mothername"]) {
+        if (preg_match(self::VALID_NAMES_PATTERN, $student["guardian_mothername"]) !== 1) {
            return 1019;
        }
        if (!$student["lastschool_registrynumber"]) {

--- a/drupal/modules/epal/src/Controller/DirectorView.php
+++ b/drupal/modules/epal/src/Controller/DirectorView.php
@@ -16,13 +16,11 @@ class DirectorView extends ControllerBase
 {
    protected $entityTypeManager;
    protected $logger;
-  //  protected $testSchoolId='0640050';
    public function __construct(
        EntityTypeManagerInterface $entityTypeManager,
        LoggerChannelFactoryInterface $loggerChannel
    ) {
        $this->entityTypeManager = $entityTypeManager;
        $this->logger = $loggerChannel->get('epal-school');
    }
@@ -35,8 +33,6 @@ class DirectorView extends ControllerBase
        );
    }
    public function getStudentPerSchool(Request $request, $classId, $sector, $specialit)
    {
        try {
@@ -68,7 +64,6 @@ class DirectorView extends ControllerBase
                    ], Response::HTTP_FORBIDDEN);
                }
                $userRoles = $user->getRoles();
                $userRole = '';
                foreach ($userRoles as $tmpRole) {
@@ -91,13 +86,12 @@ class DirectorView extends ControllerBase
                    }
                    $studentPerSchool = $this->entityTypeManager->getStorage('epal_student_class')->loadByProperties(array('epal_id' => $epalId, 'specialization_id' => $selectIdNew, 'currentclass' => $classId));
                }
-                $i = 0;
                if ($studentPerSchool) {
                    $list = array();
                    foreach ($studentPerSchool as $object) {
-                            $studentId = intval($object->student_id ->getString());
+                        $studentId = intval($object->student_id->getString());
-                            $epalStudents = $this->entityTypeManager->getStorage('epal_student')->loadByProperties(array('id' => $studentId));
+                        $epalStudents = $this->entityTypeManager->getStorage('epal_student')->loadByProperties(array('id' => $studentId));
-                            $epalStudent = reset($epalStudents);
+                        $epalStudent = reset($epalStudents);
                        if ($epalStudents) {
                            $studentIdNew = $epalStudent->id();
                            $checkstatus = $this->entityTypeManager->getStorage('epal_student_class')->loadByProperties(array('student_id' => $studentIdNew));
@@ -118,8 +112,7 @@ class DirectorView extends ControllerBase
                                }
                            }
+                            $crypt = new Crypt();
-                                $crypt = new Crypt();
                            try {
                                $name_decoded = $crypt->decrypt($epalStudent->name->value);
                                $studentsurname_decoded = $crypt->decrypt($epalStudent->studentsurname->value);
@@ -142,8 +135,7 @@ class DirectorView extends ControllerBase
                                ], Response::HTTP_INTERNAL_SERVER_ERROR);
                            }
+                            $list[] = array(
-                                $list[] = array(
                                'id' => $epalStudent->id(),
                                'name' => $name_decoded,
                                'studentsurname' => $studentsurname_decoded,
@@ -173,7 +165,6 @@ class DirectorView extends ControllerBase
                            );
                        }
-                                ++$i;
                    }
                    return $this->respondWithStatus(
                     $list, Response::HTTP_OK);
@@ -251,8 +242,6 @@ class DirectorView extends ControllerBase
        }
    }
    public function SaveCapacity(Request $request, $taxi, $tomeas, $specialit)
    {
        if (!$request->isMethod('POST')) {
@@ -365,8 +354,6 @@ class DirectorView extends ControllerBase
        }
    }
    public function getSchools(Request $request)
    {
        $authToken = $request->headers->get('PHP_AUTH_USER');
@@ -402,8 +389,6 @@ class DirectorView extends ControllerBase
                                    'name' => $object->name->value,
                                    'status' => $status,
                                    );
-                    ++$i;
                }
                return $this->respondWithStatus(
@@ -420,7 +405,6 @@ class DirectorView extends ControllerBase
        }
    }
    public function getCoursesPerSchool(Request $request, $schoolid)
    {
        $authToken = $request->headers->get('PHP_AUTH_USER');
@@ -446,7 +430,6 @@ class DirectorView extends ControllerBase
                $SchoolCats = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('id' => $schoolid, 'edu_admin_id' => $newid));
            }
            $SchoolCat = reset($SchoolCats);
            if ($SchoolCat) {
                $list = array();
@@ -455,8 +438,6 @@ class DirectorView extends ControllerBase
            }
            $CourseA = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('id' => $schoolid));
            if ($CourseA) {
                $limit_down = $this->entityTypeManager->getStorage('epal_class_limits')->loadByProperties(array('name' => 1, 'category' => $categ));
                $limitdown = reset($limit_down);
@@ -522,7 +503,7 @@ class DirectorView extends ControllerBase
                          );
                }
            }
-            if ($CourseC && $operation_shift != 'ΗΜΕΡΗΣΙΟ' ) {
+            if ($CourseC && $operation_shift != 'ΗΜΕΡΗΣΙΟ') {
                $limit_down = $this->entityTypeManager->getStorage('epal_class_limits')->loadByProperties(array('name' => 4, 'category' => $categ));
                $limitdown = reset($limit_down);
                if ($limitdown) {
@@ -568,8 +549,8 @@ class DirectorView extends ControllerBase
        if ($SchoolCat) {
            $categ = $SchoolCat->metathesis_region->value;
        }
-        $CourseA = $this->entityTypeManager->getStorage('epal_student')->loadByProperties(array('id' => $schoolid));
+        $CourseA = $this->entityTypeManager->getStorage('epal_student')->loadByProperties(array('id' => $schoolid));
        if ($CourseA) {
            $limit_down = $this->entityTypeManager->getStorage('epal_class_limits')->loadByProperties(array('name' => 1, 'category' => $categ));
            $limitdown = reset($limit_down);
@@ -578,14 +559,12 @@ class DirectorView extends ControllerBase
            }
            $studentPerSchool = $this->entityTypeManager->getStorage('epal_student_class')->loadByProperties(array('epal_id' => $schoolid, 'specialization_id' => -1, 'currentclass' => 1));
-                    //foreach ($CourseA as $object) {
            if (sizeof($studentPerSchool) < $limit) {
                return false;
-//                                exit;
            }
-        }          //  }
+        }
-                $CourseB = $this->entityTypeManager->getStorage('eepal_sectors_in_epal')->loadByProperties(array('epal_id' => $schoolid));
+        $CourseB = $this->entityTypeManager->getStorage('eepal_sectors_in_epal')->loadByProperties(array('epal_id' => $schoolid));
        if ($CourseB) {
            $limit_down = $this->entityTypeManager->getStorage('epal_class_limits')->loadByProperties(array('name' => 2, 'category' => $categ));
            $limitdown = reset($limit_down);
@@ -598,10 +577,10 @@ class DirectorView extends ControllerBase
                $studentPerSchool = $this->entityTypeManager->getStorage('epal_student_class')->loadByProperties(array('epal_id' => $schoolid, 'specialization_id' => $sectorid, 'currentclass' => 2));
                if (sizeof($studentPerSchool) < $limit) {
                    return false;
-                    exit;
                }
            }
        }
        $CourseC = $this->entityTypeManager->getStorage('eepal_specialties_in_epal')->loadByProperties(array('epal_id' => $schoolid));
        if ($CourseC) {
            $limit_down = $this->entityTypeManager->getStorage('epal_class_limits')->loadByProperties(array('name' => 3, 'category' => $categ));
@@ -616,7 +595,6 @@ class DirectorView extends ControllerBase
                if (sizeof($studentPerSchool) < $limit) {
                    return false;
-                    exit;
                }
            }
        }
@@ -638,14 +616,10 @@ class DirectorView extends ControllerBase
            $school = reset($schools);
            if (!$school) {
                $this->logger->warning('no access to this school='.$user->id());