<?php
// SANITIZE DATA
// 2005-10-25

class SanitizeData
{
	function SanitizeData()
	{
		$register_globals = (bool) ini_get('register_gobals');
		if ($register_globals == true)
		{
			define('SANITIZE_REGISTER_GLOBALS', 1);
		}
		else
		{
			define('SANITIZE_REGISTER_GLOBALS', 0);
		}
		$magic_quotes = (bool) ini_get('magic_quotes_gpc');
		if ($magic_quotes == true)
		{
			define('SANITIZE_MAGIC_QUOTES', 1);
		}
		else
		{
			define('SANITIZE_MAGIC_QUOTES', 0);
		}
		$this->data = array();	
	}
	function my_utf8_decode($string)
	{
		return strtr($string,
		  '???????��������������������������������������������������������������',
		  'SOZsozYYuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy');
	}
	function sanitize_email($email)
	{
		$email = $this->sanitize_system_string(strtolower(trim($email)));
		$pattern = '/^[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}$/i';
		if (preg_match($pattern, $email)) 
		{ 
			return $email;
		}
		return false;
	}
	function sanitize_date($date, $sep = '-')
	{
		// range year: 1900 - 2099
		$pattern = 
		"/^(19[\d]{2}|20[\d]{2})".
		'('. $sep .')'.
		"(0[1-9]{1}|[1-9]{1}|1[0-2]{1})".
		'('. $sep .')'.
		"(0[1-9]|[1-9]{1}|[1-2]{1}[0-9]{1}|3[0-1]{1})$/";
		if (preg_match($pattern, $date, $matchs))
		{
			$year = (strlen($matchs['1']) < 4) ? '20' . $matchs['1'] : $matchs['1'];
			$month = (strlen($matchs['3']) < 2) ? '0' . $matchs['3'] : $matchs['3'];
			$day = (strlen($matchs['5']) < 2) ? '0' . $matchs['5'] : $matchs['5'];
			return $year .'-'. $month .'-'. $day;
		}
		return false;
	}
	function sanitize_url($url = '')
	{
		$pattern = '/(;|\||`|>|<|^|"|' . "\n|\r|". '|{|}|[|]|\)|\()/i';
		$url = preg_replace($pattern, '', $url);
		if ( is_int(strpos($url, '../')) || is_int(strpos($url, './')) )
		{
			$url = str_replace('./', '', str_replace('../', '', $url));
		}
		if (substr($url, 0, 1) == '/')
		{
			$url = substr($url, 1);
		}
		return $url;
	}
	function sanitize_alfanum_string($string, $min = '', $max = '')
	{
		$string = preg_replace('/[^a-zA-Z0-9]/', '', trim($string));
		$len = strlen($string);
		if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
		{
			return false;
		}
		return $string;
	}
	function sanitize_alfa_string($string, $min = '', $max = '')
	{
		$string = preg_replace('/[^a-zA-Z]/', '', trim($string));
		$len = strlen($string);
		if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
		{
			return false;
		}
		return $string;
	}
	function sanitize_system_string($string, $min = '', $max = '')
	{
		$pattern = '/(;|\||`|>|<|&|^|"|' . "\n|\r|'" . '|{|}|[|]|\)|\()/i';
		$string = preg_replace($pattern, '', $string);
		//$string = '"'. preg_replace('/\$/', '\\\$', $string) .'"';
		$len = strlen($string);
		if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
		{
			return false;
		}
		return $str;
	}
	function sanitize_sql_string($string, $min = '', $max = '')
	{
		$string = $this->_addslashes($string);
		$len = strlen($str);
		if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
		{
			return false;
		}
		$pattern = '/;/';
		return preg_replace($pattern, '', $string);
	}
	function sanitize_html_string($string)
	{
		$pattern = array(
			'/\&/', '/</', '/>/','/\n/', '/"/', "/'/", "/%/", '/\(/', '/\)/', '/\+/', '/-/'
		);
		$replacement = array(
			'&amp;', '&lt;', '&gt;', "\n", '&quot;', '&#39;', '&#37;', '&#40;', '&#41;', '&#43;', '&#45;'
		);
		return preg_replace($pattern, $replacement, $string);
	}
	
	function sanitize_int($integer, $min = '', $max = '')
	{
		$int = intval($integer);
		if ((($min != '') && ($int < $min)) || (($max != '') && ($int > $max)))
		{
			return false;
		}
		return $int;
	}
	function sanitize_float($float, $min = '', $max = '')
	{
		$float = floatval($float);
		if ((($min != '') && ($float < $min)) || (($max != '') && ($float > $max)))
		{
			return false;
		}
		return $float;
	}
	function _addslashes($string)
	{
		if (SANITIZE_MAGIC_QUOTES)
		{
		    return $string;
		}
		else
		{
			return addslashes($string);
		}
	}
}

// EXEMPLO
$filtro = new SanitizeData();
$dado_limpo = array(
	'nome' => $filtro->sanitize_alfa_string($_POST['nome'], 4, 30),
	'idade' => $filtro->sanitize_int($_POST['nome'], 1, 100),
	'email' => $filtro->sanitize_email($_POST['email']),
	'comentarios' => $filtro->sanitize_html_string($_POST['comentarios'])
);


?>