LiveZilla Input Field Validation (eg: Require Email)

I realize LiveZilla has their own suggestion for performing input field validation, but here is my spin on the process.

Create `validation.php` in your main LiveZilla folder with the following code (update input field IDs accordingly)…


$debug = true;

if (isset($_GET['id']) && isset($_GET['value'])) {
    switch ($_GET['id']) {
        case '112':
            $field = 'Email';
            $valid = filter_var($_GET['value'], FILTER_VALIDATE_EMAIL);
            $field = 'Unknown';
            $valid = false;

    if ($debug) {
        file_put_contents('./validation.log', sprintf("%s - %s (%d): %s (%s)\n", date('Y-m-d G:i:s'), $field, $_GET['id'], $_GET['value'], $valid ? 'pass' : 'fail'), FILE_APPEND);
    echo sprintf('lz_validate_input_result(%s,%d);', $valid ? 'true' : 'false', $_GET['id']);

Note: Includes optional debug logging in case you need to test new fields and encounter unexpected results.

Configure LiveZilla…

  1. Server Configuration > Input Fields > Email > Validation
    • Validation Active: Checked
    • Validation URL:
      Change “livezilla” to match your installation folder
    • Timeout: 5
    • Pass on timeout / error: Checked
    • Click Ok
  2. Click Ok or Apply

5 thoughts on “LiveZilla Input Field Validation (eg: Require Email)

  1. Rangga

    Hello Robert,

    I copy and modified your code on FILTER_VALIDATE_EMAIL part. I’d like to validate user input on phone field. This field only allow numeric character so I change FILTER_VALIDATE_EMAIL to FILTER_VALIDATE_INT but the validation always fail

    Here is the log:
    2021-09-29 5:49:51 – Phone (116): (fail)

    Am I missing something?

    And is it possible to add PHP sanitize filters to prevent XSS attack?

    1. admin Post author

      Instead of `filter_var` maybe try `preg_replace` with something like…

      case '116':
      $field = 'Phone';
      $valid = (empty($_GET['value']) || $_GET['value'] === '<!-value->' || trim(preg_replace('/[^\+0-9\(\)\s-\.x]/i', '', $_GET['value'])));

      Phone +1 (800) 555-1212 extension 612

      +1 (800) 555-1212 x 612

      Extending validation on your input fields should prevent XSS anyhow.

      1. Robert M. Post author

        Did not test that code and realize setting $valid in one line is not going to produce the expected result…

        $field = 'Phone';
        if (empty($_GET['value']) || $_GET['value'] === '') {
        $valid = true; // Tip: set to false if required field
        } else {
        $valid = trim(preg_replace('/[^\+0-9\(\)\s-\.x]/i', '', $_GET['value']));

        1. Rangga

          Hi robert, thanks for the suggestion

          I tried both code above, the validation still fail. Here is the log
          2021-09-30 15:20:34 – Phone (116): abc (fail)
          2021-09-30 15:20:42 – Phone (116): 12345 (fail)

          The validation process took longer and it trigger “pass on timeout” function after 10 seconds. I don’t know why but I think the validation script is not working

          The code you wrote on the blog post is able to validate the field instantly, but no matter what I type, the result is fail


Leave a Reply

Your email address will not be published. Required fields are marked *