Issues in signup.php - Fixed Issues - Inspection of "Remove unused debug code" - BurningFlipside/VolunteerSystem - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — FVSv2 ( ae4b85...bd131d )

by Patrick

created 2019-06-20 21:18 UTC

signup.php (1 issue)

Labels

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
require_once('class.VolunteerPage.php');
require_once('api/v1/class.Processor.php');
require_once('app/VolunteerAutoload.php');

class ProcessorUser
{
  use Processor;

  protected $isAdmin;

  public function __construct($isAdmin)
  {
      $this->isAdmin = $isAdmin;
  }
}

$page = new VolunteerPage('Burning Flipside - Flipside Volunteer System');
$page->addJS('js/signup.js');
$processor = new ProcessorUser($page->user->isInGroupNamed('VolunteerAdmins'));

$page->body = '<div class="row"><h1>Shift Signup</h1></div>';

if(!isset($_GET['shiftID']))
{
  $page->body .= 'Error! Missing Shift ID. You must have followed a bad link!';
  $page->printPage();
  return;
}

$shiftID = $_GET['shiftID'];
$dataTable = DataSetFactory::getDataTableByNames('fvs', 'shifts');
$filter = new \Data\Filter('_id eq '.$shiftID);
$shifts = $dataTable->read($filter);
if(empty($shifts))
{
  $page->body .= 'Error! Could not locate shift. You must have followed an old link!';
  $page->printPage();
  return;
}
$shift = $shifts[0];
$myShift = new \VolunteerShift(false, $shift);

$dataTable = DataSetFactory::getDataTableByNames('fvs', 'participants');
$profiles = $dataTable->read(new \Data\Filter('uid eq '.$page->user->uid));
if(empty($profiles))
{
  $page->body .= 'Error! Could not locate user profile!';
  $page->printPage();
  return;
}
$profile = $profiles[0];

if($processor->isAdminForShift($shift, $page->user))
{
  if(isset($shift['groupID']) && strlen($shift['groupID'] > 0))
  {
    $page->body .= '
    <div class="alert alert-info" role="alert">
      You are an administrator for this shift. You can edit the shift <a href="_admin/shifts.php?shiftID='.$shiftID.'" class="alert-link">here</a>.
      Or you can edit the shift group <a href="_admin/shifts.php?groupID='.$shift['groupID'].'" class="alert-link">here</a>.
    </div>
    ';
  }
  else
  {
    $page->body .= '
    <div class="alert alert-info" role="alert">
      You are an administrator for this shift. You can edit the shift <a href="_admin/shifts.php?shiftID='.$shiftID.'" class="alert-link">here</a>.
    </div>
    ';
  }
}

//Is shift already taken?
if(isset($entry['status']) && ($entry['status'] === 'pending' || $entry['status'] === 'filled'))
{
  if(isset($shift['participant']) && $shift['participant'] === $page->user->uid)
  {
    $page->body .= '<div class="alert alert-success" role="alert">
      You already have this shift!
    </div>
    <div class="row">
      <button type="button" class="btn btn-secondary mr-auto" onClick="window.history.back();">Cancel</button>
      <button type="button" class="btn btn-primary" onclick="abandon();">Abandon Shift</button>
    </div>';
  }
  else
  {
    $page->body .= '<div class="alert alert-danger" role="alert">
      Someone else took this shift!
    </div>';
  }
  $page->printPage();
  return;
}

$overlap = false;
if($myShift->findOverlaps($page->user->uid, true))
{
    $page->body .= '<div class="alert alert-warning" role="alert">
      You already have a shift during this time. If you choose to signup for this shift the lead(s) for the departments will be notified and must approve.
    </div>
    <div class="row">
      <label for="department" class="col-sm-10 col-form-label">I understand I am signing up for multiple shifts at the same time.</label>
      <div class="col-sm-2">
        <input type="checkbox" class="form-control" onChange="revealPage();">
      </div>
    </div>';
    $overlap = true;
}

$deptName = $shift['departmentID'];
$roleName = $shift['roleID'];

$dataTable = DataSetFactory::getDataTableByNames('fvs', 'departments');
$depts = $dataTable->read(new \Data\Filter('departmentID eq '.$shift['departmentID']));
if(!empty($depts))
{
  $deptName = $depts[0]['departmentName'];
}

$dataTable = DataSetFactory::getDataTableByNames('fvs', 'events');
$events = $dataTable->read(new \Data\Filter('_id eq '.$shift['eventID']));
if(!empty($events))
{
  if($events[0]['tickets'])
  {
    //TODO... Event requires tickets. Does this account have tickets?
  }
}

$dataTable = DataSetFactory::getDataTableByNames('fvs', 'roles');
$roles = $dataTable->read(new \Data\Filter('short_name eq '.$shift['roleID']));
if(!empty($roles))
{
  $roleName = $roles[0]['display_name'];
}

//Is user eligible for shift?
$canDo = $processor->canUserDoRole($profile, $roles[0]);
if($canDo !== true)
{
  $page->body .= '<div class="alert alert-danger" role="alert">';
  switch($canDo['whyClass'])
  {
    case 'INVITE':
      $page->body .= 'This shift requires an invite from the department lead. If you think you should have recieved such an invite please <a href="https://www.burningflipside.com/contact" class="alert-link">contact the lead</a>.';
      break;
    case 'CERT':
       $page->body .= $canDo['whyMsg'].' If you have this certification it is not recorded in your profile. You can <a href="certiciation.php" class="alert-link">record that certification</a> to sign up.';
       break;
    default:
      $page->body .= 'You are not eligible for this shift because: '.$canDo['whyMsg'];
      break;
  }
  $page->body .= '</div>';
  $page->printPage();
  return;  
  var_dump($canDo); die();

}

$start = new \DateTime($shift['startTime']);
$end = new \DateTime($shift['endTime']);
$diff = $end->diff($start);
$shiftLength = $diff->h + ($diff->i / 60.0);

$page->body .= '<div id="signupContent" ';
if($overlap)
{
  $page->body .= 'class="d-none" ';
}
$page->body .= '/>';
$page->body .= '
<div class="row">
  <input type="hidden" id="shiftID" name="shiftID" value="'.$shiftID.'"/>
  <label for="department" class="col-sm-2 col-form-label">Department:</label>
  <div class="col-sm-10">
    <input type="text" name="department" id="department" class="form-control" readonly="readonly" value="'.$deptName.'">
  </div>
  <label for="role" class="col-sm-2 col-form-label">Role:</label>
  <div class="col-sm-10">
    <input type="text" name="role" id="role" class="form-control" readonly="readonly" value="'.$roleName.'">
  </div>
  <label for="startTime" class="col-sm-2 col-form-label">Start Time:</label>
  <div class="col-sm-10">
    <input type="datetime-local" name="startTime" id="startTime" class="form-control" readonly="readonly" value="'.$shift['startTime'].'">
  </div>
  <label for="endTime" class="col-sm-2 col-form-label">End Time:</label>
  <div class="col-sm-10">
    <input type="datetime-local" name="endTime" id="endTime" class="form-control" readonly="readonly" value="'.$shift['endTime'].'">
  </div>
  <label for="length" class="col-sm-2 col-form-label">Length:</label>
  <div class="col-sm-10">
    <input type="text" name="length" id="length" class="form-control" readonly="readonly" value="'.$shiftLength.' hours">
  </div>
</div>
<div class="row">
  <div class="alert alert-info" role="alert">
    By signing up for a Burning Flipside shift you are commiting to showing up on time for your shift prepared to work. Please make sure you are prepared to make this commitment before clicking signup below.
  </div>
</div>
<div class="row">
  <button type="button" class="btn btn-secondary mr-auto" onClick="window.history.back();">Cancel</button>
  <button type="button" class="btn btn-primary" onclick="signup();">Signup</button>
</div></div>
';

//Is group eligible?
if(isset($shift['groupID']) && isset($roles[0]['groups_allowed']) && $roles[0]['groups_allowed'])
{
  $page->body .= '
  <div class="row">
    <div class="alert alert-primary" role="alert">
      You have selected a group eligible shift. This means you can generate a link for your friends to sign up on the shift with you. Would you like to sign up for the shift and generate that link now?
    </div>
  </div>
  <div class="row">
    <button type="button" class="btn btn-secondary" onclick="groupSignup();">Signup and Generate Group Link</button>
  </div>
  ';
}

$page->printPage();


1			<?php
2			require_once('class.VolunteerPage.php');
3			require_once('api/v1/class.Processor.php');
4			require_once('app/VolunteerAutoload.php');
5
6			class ProcessorUser
7			{
8			use Processor;
9
10			protected $isAdmin;
11
12			public function __construct($isAdmin)
13			{
14			$this->isAdmin = $isAdmin;
15			}
16			}
17
18			$page = new VolunteerPage('Burning Flipside - Flipside Volunteer System');
19			$page->addJS('js/signup.js');
20			$processor = new ProcessorUser($page->user->isInGroupNamed('VolunteerAdmins'));
21
22			$page->body = '<div class="row"><h1>Shift Signup</h1></div>';
23
24			if(!isset($_GET['shiftID']))
25			{
26			$page->body .= 'Error! Missing Shift ID. You must have followed a bad link!';
27			$page->printPage();
28			return;
29			}
30
31			$shiftID = $_GET['shiftID'];
32			$dataTable = DataSetFactory::getDataTableByNames('fvs', 'shifts');
33			$filter = new \Data\Filter('_id eq '.$shiftID);
34			$shifts = $dataTable->read($filter);
35			if(empty($shifts))
36			{
37			$page->body .= 'Error! Could not locate shift. You must have followed an old link!';
38			$page->printPage();
39			return;
40			}
41			$shift = $shifts[0];
42			$myShift = new \VolunteerShift(false, $shift);
43
44			$dataTable = DataSetFactory::getDataTableByNames('fvs', 'participants');
45			$profiles = $dataTable->read(new \Data\Filter('uid eq '.$page->user->uid));
46			if(empty($profiles))
47			{
48			$page->body .= 'Error! Could not locate user profile!';
49			$page->printPage();
50			return;
51			}
52			$profile = $profiles[0];
53
54			if($processor->isAdminForShift($shift, $page->user))
55			{
56			if(isset($shift['groupID']) && strlen($shift['groupID'] > 0))
57			{
58			$page->body .= '
59			<div class="alert alert-info" role="alert">
60			You are an administrator for this shift. You can edit the shift <a href="_admin/shifts.php?shiftID='.$shiftID.'" class="alert-link">here</a>.
61			Or you can edit the shift group <a href="_admin/shifts.php?groupID='.$shift['groupID'].'" class="alert-link">here</a>.
62			</div>
63			';
64			}
65			else
66			{
67			$page->body .= '
68			<div class="alert alert-info" role="alert">
69			You are an administrator for this shift. You can edit the shift <a href="_admin/shifts.php?shiftID='.$shiftID.'" class="alert-link">here</a>.
70			</div>
71			';
72			}
73			}
74
75			//Is shift already taken?
76			if(isset($entry['status']) && ($entry['status'] === 'pending' \|\| $entry['status'] === 'filled'))
77			{
78			if(isset($shift['participant']) && $shift['participant'] === $page->user->uid)
79			{
80			$page->body .= '<div class="alert alert-success" role="alert">
81			You already have this shift!
82			</div>
83			<div class="row">
84			<button type="button" class="btn btn-secondary mr-auto" onClick="window.history.back();">Cancel</button>
85			<button type="button" class="btn btn-primary" onclick="abandon();">Abandon Shift</button>
86			</div>';
87			}
88			else
89			{
90			$page->body .= '<div class="alert alert-danger" role="alert">
91			Someone else took this shift!
92			</div>';
93			}
94			$page->printPage();
95			return;
96			}
97
98			$overlap = false;
99			if($myShift->findOverlaps($page->user->uid, true))
100			{
101			$page->body .= '<div class="alert alert-warning" role="alert">
102			You already have a shift during this time. If you choose to signup for this shift the lead(s) for the departments will be notified and must approve.
103			</div>
104			<div class="row">
105			<label for="department" class="col-sm-10 col-form-label">I understand I am signing up for multiple shifts at the same time.</label>
106			<div class="col-sm-2">
107			<input type="checkbox" class="form-control" onChange="revealPage();">
108			</div>
109			</div>';
110			$overlap = true;
111			}
112
113			$deptName = $shift['departmentID'];
114			$roleName = $shift['roleID'];
115
116			$dataTable = DataSetFactory::getDataTableByNames('fvs', 'departments');
117			$depts = $dataTable->read(new \Data\Filter('departmentID eq '.$shift['departmentID']));
118			if(!empty($depts))
119			{
120			$deptName = $depts[0]['departmentName'];
121			}
122
123			$dataTable = DataSetFactory::getDataTableByNames('fvs', 'events');
124			$events = $dataTable->read(new \Data\Filter('_id eq '.$shift['eventID']));
125			if(!empty($events))
126			{
127			if($events[0]['tickets'])
128			{
129			//TODO... Event requires tickets. Does this account have tickets?
130			}
131			}
132
133			$dataTable = DataSetFactory::getDataTableByNames('fvs', 'roles');
134			$roles = $dataTable->read(new \Data\Filter('short_name eq '.$shift['roleID']));
135			if(!empty($roles))
136			{
137			$roleName = $roles[0]['display_name'];
138			}
139
140			//Is user eligible for shift?
141			$canDo = $processor->canUserDoRole($profile, $roles[0]);
142			if($canDo !== true)
143			{
144			$page->body .= '<div class="alert alert-danger" role="alert">';
145			switch($canDo['whyClass'])
146			{
147			case 'INVITE':
148			$page->body .= 'This shift requires an invite from the department lead. If you think you should have recieved such an invite please <a href="https://www.burningflipside.com/contact" class="alert-link">contact the lead</a>.';
149			break;
150			case 'CERT':
151			$page->body .= $canDo['whyMsg'].' If you have this certification it is not recorded in your profile. You can <a href="certiciation.php" class="alert-link">record that certification</a> to sign up.';
152			break;
153			default:
154			$page->body .= 'You are not eligible for this shift because: '.$canDo['whyMsg'];
155			break;
156			}
157			$page->body .= '</div>';
158			$page->printPage();
159			return;
160			var_dump($canDo); die();
			0 ignored issues – show Security Debugging Code introduced 2019-06-20 21:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `var_dump($canDo);` looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data. Loading history...
161			}
162
163			$start = new \DateTime($shift['startTime']);
164			$end = new \DateTime($shift['endTime']);
165			$diff = $end->diff($start);
166			$shiftLength = $diff->h + ($diff->i / 60.0);
167
168			$page->body .= '<div id="signupContent" ';
169			if($overlap)
170			{
171			$page->body .= 'class="d-none" ';
172			}
173			$page->body .= '/>';
174			$page->body .= '
175			<div class="row">
176			<input type="hidden" id="shiftID" name="shiftID" value="'.$shiftID.'"/>
177			<label for="department" class="col-sm-2 col-form-label">Department:</label>
178			<div class="col-sm-10">
179			<input type="text" name="department" id="department" class="form-control" readonly="readonly" value="'.$deptName.'">
180			</div>
181			<label for="role" class="col-sm-2 col-form-label">Role:</label>
182			<div class="col-sm-10">
183			<input type="text" name="role" id="role" class="form-control" readonly="readonly" value="'.$roleName.'">
184			</div>
185			<label for="startTime" class="col-sm-2 col-form-label">Start Time:</label>
186			<div class="col-sm-10">
187			<input type="datetime-local" name="startTime" id="startTime" class="form-control" readonly="readonly" value="'.$shift['startTime'].'">
188			</div>
189			<label for="endTime" class="col-sm-2 col-form-label">End Time:</label>
190			<div class="col-sm-10">
191			<input type="datetime-local" name="endTime" id="endTime" class="form-control" readonly="readonly" value="'.$shift['endTime'].'">
192			</div>
193			<label for="length" class="col-sm-2 col-form-label">Length:</label>
194			<div class="col-sm-10">
195			<input type="text" name="length" id="length" class="form-control" readonly="readonly" value="'.$shiftLength.' hours">
196			</div>
197			</div>
198			<div class="row">
199			<div class="alert alert-info" role="alert">
200			By signing up for a Burning Flipside shift you are commiting to showing up on time for your shift prepared to work. Please make sure you are prepared to make this commitment before clicking signup below.
201			</div>
202			</div>
203			<div class="row">
204			<button type="button" class="btn btn-secondary mr-auto" onClick="window.history.back();">Cancel</button>
205			<button type="button" class="btn btn-primary" onclick="signup();">Signup</button>
206			</div></div>
207			';
208
209			//Is group eligible?
210			if(isset($shift['groupID']) && isset($roles[0]['groups_allowed']) && $roles[0]['groups_allowed'])
211			{
212			$page->body .= '
213			<div class="row">
214			<div class="alert alert-primary" role="alert">
215			You have selected a group eligible shift. This means you can generate a link for your friends to sign up on the shift with you. Would you like to sign up for the shift and generate that link now?
216			</div>
217			</div>
218			<div class="row">
219			<button type="button" class="btn btn-secondary" onclick="groupSignup();">Signup and Generate Group Link</button>
220			</div>
221			';
222			}
223
224			$page->printPage();
225

BurningFlipside / VolunteerSystem

Push — FVSv2 ( ae4b85...bd131d )

signup.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like