Issue With Validation

I've got a live site with validation issues. Someone I know is trying to make a user account, but it's throwing error "first name incorrect format."

I just removed a erroneous handling for city field check special characters and throwing same error as name, but not sure if that's the only error.

$validator = new Validator;
  
    foreach($_POST as $key => $val)
    {
      
        $_POST[$key] = trim($_POST[$key]);
      
    }
  
    $validator->validate_alpha($_POST['firstName'], 'first name');
    $validator->validate_alpha($_POST['lastName'], 'last name');
  
    $validator->validate_length($_POST['firstName'], 1, 28, 'first name');
    $validator->validate_length($_POST['lastName'], 1, 28, 'last name');
    $validator->validate_length($_POST['city'], 1, 28, 'city');
    $validator->validate_length($_POST['username'], 4, 16, 'username');
    $validator->validate_length($_POST['password'], 4, 16, 'password');
    $validator->validate_length($_POST['securityAnswer'], 1, 246, 'securty answer');
    $validator->validate_email($_POST['email'], 'email');
  
    $validator->spec($_POST['firstName'], 'first name');
    $validator->spec($_POST['lastName'], 'last name');
    $validator->spec_username($_POST['username'], 'username');
    $validator->spec($_POST['password'], 4, 16, 'password');
  
    $errors = $validator->return_errors();

Code (markup):

These are the only functions that throw incorrect format

Email

function validate_email($val, $key)
    {
      
        if(!filter_var($val, FILTER_VALIDATE_EMAIL))
        {
          
            array_push($this->errors, ucfirst($key) . ' incorrect format');
          
        }
      
    }

Code (markup):

function spec_username($val, $key)
    {
      
      
            $illegal = "`!@#$%^&*()=+[]{};'\:\"|,./<>?";
            if(strpbrk($val, $illegal))
            {
              
                array_push($this->errors, ucfirst($key) . ' incorrect format');
              
            }
      
    }

Code (markup):

function spec_comma($val, $key)
    {
      
      
            $illegal = "`!@#$%^&*()-_=+[]{};'\:\"|./<>?";
            if(strpbrk($val, $illegal))
            {
              
                array_push($this->errors, ucfirst($key) . ' incorrect format');
              
            }
      
    }

Code (markup):

 

It looks like this function: spec_username
is throwing the error.

If the name has any of these characters in it, that will throw the error:
`!@#$%^&*()=+[]{};'\:\"|,./<>?
\ are escapes so they don't count.
That includes a ' which may well be the culprit.

 

Beware that filter_var on e-mail only checks for characterspace, but NOT for valid lengths. Here, try mine.

function isValidEmail($address) {

	if (filter_var($address,FILTER_VALIDATE_EMAIL) == FALSE) return false;

	/* explode out local and domain */
	list($local, $domain) = explode('@', $address);
	
	$localLength = strlen($local);
	$domainLength = strlen($domain);
	
	return (
		/* check for proper lengths */
		($localLength > 0 && $localLength < 65) &&
		($domainLength > 3 && $domainLength < 256) &&
		(
			checkdnsrr($domain, 'MX') ||
			checkdnsrr($domain, 'A')
		)
	);

}

Code (markup):

Not only checks for valid characters and lengths, but that the domain has a MX or A entry. That last check can add a wee bit of overhead, but IMHO it's worth doing just so people can't type in some BS made up fairy tale domain.