I realize LiveZilla has their own suggestion for performing input field validation, but here is my spin on the process.
Create `validation.php` in your main LiveZilla folder with the following code (update input field IDs accordingly)…
<?php $debug = true; if (isset($_GET['id']) && isset($_GET['value'])) { switch ($_GET['id']) { case '112': $field = 'Email'; $valid = filter_var($_GET['value'], FILTER_VALIDATE_EMAIL); break; default: $field = 'Unknown'; $valid = false; } if ($debug) { date_default_timezone_set('America/New_York'); file_put_contents('./validation.log', sprintf("%s - %s (%d): %s (%s)\n", date('Y-m-d G:i:s'), $field, $_GET['id'], $_GET['value'], $valid ? 'pass' : 'fail'), FILE_APPEND); } echo sprintf('lz_validate_input_result(%s,%d);', $valid ? 'true' : 'false', $_GET['id']); }
Note: Includes optional debug logging in case you need to test new fields and encounter unexpected results.
Configure LiveZilla…
- Server Configuration > Input Fields > Email > Validation
- Validation Active: Checked
- Validation URL:
/livezilla/validation.php?id=112&value=<!–value–>
Change “livezilla” to match your installation folder - Timeout: 5
- Pass on timeout / error: Checked
- Click Ok
- Click Ok or Apply
Hello Robert,
I copy and modified your code on FILTER_VALIDATE_EMAIL part. I’d like to validate user input on phone field. This field only allow numeric character so I change FILTER_VALIDATE_EMAIL to FILTER_VALIDATE_INT but the validation always fail
Here is the log:
2021-09-29 5:49:51 – Phone (116): (fail)
Am I missing something?
And is it possible to add PHP sanitize filters to prevent XSS attack?
Instead of `filter_var` maybe try `preg_replace` with something like…
case '116':
$field = 'Phone';
$valid = (empty($_GET['value']) || $_GET['value'] === '<!-value->' || trim(preg_replace('/[^\+0-9\(\)\s-\.x]/i', '', $_GET['value'])));
break;
Input…
Phone +1 (800) 555-1212 extension 612
Result…
+1 (800) 555-1212 x 612
Extending validation on your input fields should prevent XSS anyhow.
Did not test that code and realize setting $valid in one line is not going to produce the expected result…
$field = 'Phone';
if (empty($_GET['value']) || $_GET['value'] === '') {
$valid = true; // Tip: set to false if required field
} else {
$valid = trim(preg_replace('/[^\+0-9\(\)\s-\.x]/i', '', $_GET['value']));
}
Hi robert, thanks for the suggestion
I tried both code above, the validation still fail. Here is the log
2021-09-30 15:20:34 – Phone (116): abc (fail)
2021-09-30 15:20:42 – Phone (116): 12345 (fail)
The validation process took longer and it trigger “pass on timeout” function after 10 seconds. I don’t know why but I think the validation script is not working
The code you wrote on the blog post is able to validate the field instantly, but no matter what I type, the result is fail
Tinker with preg-replaceā¦ if $valid evaluates to true (non-empty in most cases) it should pass