Issues in gfunctions.php (master) - Issues in master - Cyberbyte-Studios/CyberWorks - Measure and Improve Code Quality continuously with Scrutinizer

Issues (501)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

gfunctions.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
function encrypt($text)
{
    $settings = require('config/settings.php');
    return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $settings['key'], $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}

function decrypt($text)
{
    $settings = require('config/settings.php');
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $settings['key'], base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}

function masterConnect()
{
    $settings = require('config/settings.php');

    if (isset($settings['db']['port'])) {
        $db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']), decrypt($settings['db']['port']));
    } else {
        $db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']));
    }
    if (!$db_connection->set_charset("utf8")) {
        $db_connection->errors[] = $db_connection->error;
    }

    return $db_connection;
}

function serverConnect($dbid = NULL)
{
    if (isset($_SESSION['dbid']) && empty($dbid)) {
        $dbid = $_SESSION['dbid'];
    }
    $settings = require('config/settings.php');
    $db_connection = masterConnect();

    $sql = "SELECT `sql_host`, `sql_name`, `sql_pass`, `sql_user` FROM `db` WHERE `dbid` = '$dbid';";
    $server = $db_connection->query($sql);

    if ($server->num_rows === 1) {
        $server = $server->fetch_object();
        $host = decrypt($server->sql_host);

        if (strpos($host, ":")) {
            $SQL = explode(":", $host);
            $host = $SQL['0'];
            $port = $SQL['1'];
        }

        if (isset($port)) {
            $db_link = new mysqli($host, decrypt($server->sql_user), decrypt($server->sql_pass), decrypt($server->sql_name), $port);
        } else {
            $db_link = new mysqli($host, decrypt($server->sql_user), decrypt($server->sql_pass), decrypt($server->sql_name));
        }

        if (!$db_link->set_charset("utf8")) {
            $db_link->errors[] = $db_link->error;
        }

        return $db_link;
    } else {
        return false;
    }

}

function carType($car, $lang)
{
    switch ($car) {
        case 'Car':
            return $lang['car'];
            break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
        case 'Air':
            return $lang['air'];
            break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
        case 'Ship':
            return $lang['ship'];
            break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
    }
}

function yesNo($input, $lang)
{
    if ($input == 1) {
        return $lang['yes'];
    } else if ($input == 0) {
        return $lang['no'];
    } else {
        return $lang['error'];
    }
}

function select($val, $row)
{
    if ($row == $val) {
        return 'selected';
    }
}

function nameID($pId, $db_link)
{
    global $playerIdColumn;
function myFunction($a, $b) {
    // Do something
}
    $sql = "SELECT `name` FROM `players` WHERE `$playerIdColumn` LIKE '$pId';";
    $result_of_query = $db_link->query($sql);

    if ($result_of_query->num_rows > 0) {
        while ($row = mysqli_fetch_assoc($result_of_query)) {
            return $row['name'];
        }
    } else {
        return $pId;
    }
}

function uID($pId, $db_link)
{
    global $playerIdColumn;
function myFunction($a, $b) {
    // Do something
}
    $sql = "SELECT `uid` FROM `players` WHERE `$playerIdColumn` = '$pId';";
    $result_of_query = $db_link->query($sql);
    if ($result_of_query->num_rows > 0) {
        while ($row = mysqli_fetch_assoc($result_of_query)) {
            return $row['uid'];
        }
    } else {
        return $pId;
    }
}

function uIDname($uID, $db_link)
{
    $sql = "SELECT `name` FROM `players` WHERE `uid` = '$uID';";
    $result_of_query = $db_link->query($sql);
    if ($result_of_query->num_rows > 0) {
        while ($row = mysqli_fetch_assoc($result_of_query)) {
            return $row['name'];
        }
    } else {
        return $uID;
    }
}

function IDname($name, $db_link)
{
    global $playerIdColumn;
function myFunction($a, $b) {
    // Do something
}
    $sql = "SELECT `name`, $playerIdColumn as playerid FROM `players` WHERE `name` LIKE '%$name%';";
    $result_of_query = $db_link->query($sql);

    if ($result_of_query->num_rows > 0) {
        while ($row = mysqli_fetch_array($result_of_query)) {

        }
    } else {
        return $name;
    }
}

/**
 * @param string $action
 * @param integer $level
 */
function logAction($user, $action, $level)
{
    $settings = require('config/settings.php');

    if ($settings['logging']) {
        $db_connection = masterConnect();
        $sql = "INSERT INTO `logs` (`user`, `action`, `level`) VALUES ('$user', '$action', '$level');";
        $db_connection->query($sql);
    }
}

function message($text)
{
    echo "<br><div class='row'><div class='col-lg-12'>";
    echo "<div class='alert alert-danger alert-dismissable'>";
    echo "<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;</button>";
    echo "<i class='fa fa-info-circle'></i> " . $text . "</div></div></div>";
}

function error($errno, $errstr, $errfile, $errline)
{
    echo '<h4><b>PHP ERROR ' . $errno . '</b> ' . $errstr . ' - ' . $errfile . ':' . $errline . '</h4>';
}

/**
 * @param integer $code
 */
function errorMessage($code, $lang)
{
    switch ($code)
    {
        case 1:
            return $lang['lowVersion']; //Version too low
        case 2:
            return $lang['dbConnect']; //Db Connection
        case 3:
            return $lang['noRes']; //No Results
        case 4:
            return $lang['404']; //404 Not Found
        case 5:
            return $lang['noPerm']; //No Permissions
        case 6:
            return $lang['banned']; //User Banned
        case 7:
            return $lang['pluginNF']; //Pulgin Not Found
        case 8:
            return $lang['noID']; //No ID
        case 9:
            return $lang['noPlayers']; // RCON no players online
        case 10:
            return $lang['selDB']; // Select A DB
        case 11:
            return $lang['noServer']; // Select A DB
        case 31:
            return $lang['noHouse']; //No House
        case 32:
            return $lang['noVeh']; //No Vehicle
        case 33:
            return $lang['noGang']; //No Gang
        case 34:
            return $lang['noCrimes']; //No Crimes
        case 35:
            return $lang['noCrimes']; //No Crimes
        case 36:
            return $lang['noPlayer']; //No Player
        case 37:
            return $lang['noLic']; //No License
        case 371:
            return $lang['no'] . ' ' . $lang['civil'] . ' ' . $lang['licenses']; //No Civillian Licenses
        case 372:
            return $lang['no'] . ' ' . $lang['medic'] . ' ' . $lang['licenses']; //No Medic Licenses
        case 373:
            return $lang['no'] . ' ' . $lang['police'] . ' ' . $lang['licenses']; //No Police Licenses
        case 38:
            return $lang['no'] . ' ' . $lang['gear']; //No License
        case 381:
            return $lang['no'] . ' ' . $lang['civil'] . ' ' . $lang['gear']; //No Civillian Licenses
        case 382:
            return $lang['no'] . ' ' . $lang['medic'] . ' ' . $lang['gear']; //No Medic Licenses
        case 383:
            return $lang['no'] . ' ' . $lang['police'] . ' ' . $lang['gear']; //No Police Licenses
    }
}

function random($length)
{
    $max = ceil($length / 40);
    $random = '';
    for ($i = 0; $i < $max; $i++) {
        $random .= sha1(microtime(true) . mt_rand(10000, 90000));
    }
    return substr($random, 0, $length);
}

function steamBanned($PID)
{
    $settings = require('config/settings.php');
    if (!empty($settings['steamAPI'])) {
        $api = "http://api.steampowered.com/ISteamUser/GetPlayerBans/v1/?key=" . $settings['steamAPI'] . "&steamids=" . $PID;
        $bans = json_decode(file_get_contents($api), true);
        if ($bans['players']['0']['VACBanned']) {
            return '<h4><span class="label label-danger" style="margin-left:3px; line-height:2;">VAC BANNED</span></h4>';
        }
        //todo:formatting
    }
}

function multiDB()
{
    $db_connection = masterConnect();

    $sql = "SELECT `sid`,`dbid`,`type` FROM `servers`;";
    $db = $db_connection->query($sql);
    if ($db->num_rows == 1) {
        $iamDB = $db->fetch_object();
        $_SESSION['multiDB'] = false;
        $_SESSION['server_type'] = $iamDB->type;
        $_SESSION['dbid'] = $iamDB->dbid;
    } else {
        $_SESSION['multiDB'] = true;
    }
}

function tokenGen($length)
{
    return substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, $length);
}

function stripArray($input, $type)
{
    switch ($type) {
        case 0:
            $array = explode("],[", $input);
            $array = str_replace('"[[', '', $array);
            $array = str_replace(']]"', '', $array);
            return str_replace('`', '', $array);
        case 1:
            $array = explode(",", $input);
            $array = str_replace('"[', '', $array);
            $array = str_replace(']"', '', $array);
            return str_replace('`', '', $array);
        case 2:
            $array = explode(",", $input);
            $array = str_replace('"[', '', $array);
            $array = str_replace(']"', '', $array);
            return str_replace('`', '', $array);
        case 3:
            $input = str_replace('[`', '', $input);
            $input = str_replace('`]', '', $input);
            return explode("`,`", $input);
            break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
        default:
            return [];
    }
}

function clean($input, $type)
{
    if ($type == 'string') {
        return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_STRING);
    } elseif ($type == 'int') {
        $input = filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_NUMBER_INT);
        if ($input < 0) {
            return 0;
        }
        return $input;
    } elseif ($type == 'url') {
        return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_URL);
    } elseif ($type == 'email') {
        return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_EMAIL);
    } elseif ($type == 'boolean') {
        return ($input === 'true');
    } elseif ($type == 'intbool' && ($input == 1 || $input == 0)) {
            return $input;
    }
    return '';
}

function before($needle, $haystack)
{
    return substr($haystack, 0, strpos($haystack, $needle));
}

function after($needle, $haystack)
{
    if (!is_bool(strpos($haystack, $needle))) {
        return substr($haystack, strpos($haystack, $needle) + strlen($needle));
    }
}

function getGravatar($email, $s = 80, $d = 'mm', $r = 'x', $img = false, $atts = array() ) {
    $url = 'https://www.gravatar.com/avatar/';
    $url .= md5( strtolower( trim( $email ) ) );
    $url .= "?s=$s&d=$d&r=$r";
    if ( $img ) {
        $url = '<img src="' . $url . '"';
        foreach ( $atts as $key => $val )
            $url .= ' ' . $key . '="' . $val . '"';
        $url .= ' />';
    }
    return $url;
}


Issues (501)

Security Analysis not enabled

gfunctions.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
2		function encrypt($text)
3		{
4		$settings = require('config/settings.php');
5		return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $settings['key'], $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
6		}
7
8		function decrypt($text)
9		{
10		$settings = require('config/settings.php');
11		return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $settings['key'], base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
12		}
13
14		function masterConnect()
15		{
16		$settings = require('config/settings.php');
17
18		if (isset($settings['db']['port'])) {
19		$db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']), decrypt($settings['db']['port']));
20		} else {
21		$db_connection = new mysqli(decrypt($settings['db']['host']), decrypt($settings['db']['user']), decrypt($settings['db']['pass']), decrypt($settings['db']['name']));
22		}
23		if (!$db_connection->set_charset("utf8")) {
24		$db_connection->errors[] = $db_connection->error;
25		}
26
27		return $db_connection;
28		}
29
30		function serverConnect($dbid = NULL)
31		{
32		if (isset($_SESSION['dbid']) && empty($dbid)) {
33		$dbid = $_SESSION['dbid'];
34		}
35		$settings = require('config/settings.php');
36		$db_connection = masterConnect();
37
38		$sql = "SELECT `sql_host`, `sql_name`, `sql_pass`, `sql_user` FROM `db` WHERE `dbid` = '$dbid';";
39		$server = $db_connection->query($sql);
40
41		if ($server->num_rows === 1) {
42		$server = $server->fetch_object();
43		$host = decrypt($server->sql_host);
44
45		if (strpos($host, ":")) {
46		$SQL = explode(":", $host);
47		$host = $SQL['0'];
48		$port = $SQL['1'];
49		}
50
51		if (isset($port)) {
52		$db_link = new mysqli($host, decrypt($server->sql_user), decrypt($server->sql_pass), decrypt($server->sql_name), $port);
53		} else {
54		$db_link = new mysqli($host, decrypt($server->sql_user), decrypt($server->sql_pass), decrypt($server->sql_name));
55		}
56
57		if (!$db_link->set_charset("utf8")) {
58		$db_link->errors[] = $db_link->error;
59		}
60
61		return $db_link;
62		} else {
63		return false;
64		}
65
66		}
67
68		function carType($car, $lang)
69		{
70		switch ($car) {
71		case 'Car':
72		return $lang['car'];
73		break;
		0 ignored issues – show Unused Code introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
74		case 'Air':
75		return $lang['air'];
76		break;
		0 ignored issues – show Unused Code introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
77		case 'Ship':
78		return $lang['ship'];
79		break;
		0 ignored issues – show Unused Code introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
80		}
81		}
82
83		function yesNo($input, $lang)
84		{
85		if ($input == 1) {
86		return $lang['yes'];
87		} else if ($input == 0) {
88		return $lang['no'];
89		} else {
90		return $lang['error'];
91		}
92		}
93
94		function select($val, $row)
95		{
96		if ($row == $val) {
97		return 'selected';
98		}
99		}
100
101	View Code Duplication	function nameID($pId, $db_link)
102		{
103		global $playerIdColumn;
		0 ignored issues – show Compatibility Best Practice introduced 2016-12-12 15:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
104		$sql = "SELECT `name` FROM `players` WHERE `$playerIdColumn` LIKE '$pId';";
105		$result_of_query = $db_link->query($sql);
106
107		if ($result_of_query->num_rows > 0) {
108		while ($row = mysqli_fetch_assoc($result_of_query)) {
109		return $row['name'];
110		}
111		} else {
112		return $pId;
113		}
114		}
115
116	View Code Duplication	function uID($pId, $db_link)
117		{
118		global $playerIdColumn;
		0 ignored issues – show Compatibility Best Practice introduced 2016-12-12 15:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
119		$sql = "SELECT `uid` FROM `players` WHERE `$playerIdColumn` = '$pId';";
120		$result_of_query = $db_link->query($sql);
121		if ($result_of_query->num_rows > 0) {
122		while ($row = mysqli_fetch_assoc($result_of_query)) {
123		return $row['uid'];
124		}
125		} else {
126		return $pId;
127		}
128		}
129
130		function uIDname($uID, $db_link)
131		{
132		$sql = "SELECT `name` FROM `players` WHERE `uid` = '$uID';";
133		$result_of_query = $db_link->query($sql);
134		if ($result_of_query->num_rows > 0) {
135		while ($row = mysqli_fetch_assoc($result_of_query)) {
136		return $row['name'];
137		}
138		} else {
139		return $uID;
140		}
141		}
142
143		function IDname($name, $db_link)
144		{
145		global $playerIdColumn;
		0 ignored issues – show Compatibility Best Practice introduced 2016-12-12 15:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
146		$sql = "SELECT `name`, $playerIdColumn as playerid FROM `players` WHERE `name` LIKE '%$name%';";
147		$result_of_query = $db_link->query($sql);
148
149		if ($result_of_query->num_rows > 0) {
150		while ($row = mysqli_fetch_array($result_of_query)) {
		0 ignored issues – show Unused Code introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `while` loop is empty and can be removed. This check looks for `while` loops that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. Consider removing the loop. Loading history...
151		}
152		} else {
153		return $name;
154		}
155		}
156
157		/**
158		* @param string $action
159		* @param integer $level
160		*/
161		function logAction($user, $action, $level)
162		{
163		$settings = require('config/settings.php');
164
165		if ($settings['logging']) {
166		$db_connection = masterConnect();
167		$sql = "INSERT INTO `logs` (`user`, `action`, `level`) VALUES ('$user', '$action', '$level');";
168		$db_connection->query($sql);
169		}
170		}
171
172		function message($text)
173		{
174		echo "<br><div class='row'><div class='col-lg-12'>";
175		echo "<div class='alert alert-danger alert-dismissable'>";
176		echo "<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>×</button>";
177		echo "<i class='fa fa-info-circle'></i> " . $text . "</div></div></div>";
178		}
179
180		function error($errno, $errstr, $errfile, $errline)
181		{
182		echo '<h4><b>PHP ERROR ' . $errno . '</b> ' . $errstr . ' - ' . $errfile . ':' . $errline . '</h4>';
183		}
184
185		/**
186		* @param integer $code
187		*/
188		function errorMessage($code, $lang)
189		{
190		switch ($code)
191		{
192		case 1:
193		return $lang['lowVersion']; //Version too low
194		case 2:
195		return $lang['dbConnect']; //Db Connection
196		case 3:
197		return $lang['noRes']; //No Results
198		case 4:
199		return $lang['404']; //404 Not Found
200		case 5:
201		return $lang['noPerm']; //No Permissions
202		case 6:
203		return $lang['banned']; //User Banned
204		case 7:
205		return $lang['pluginNF']; //Pulgin Not Found
206		case 8:
207		return $lang['noID']; //No ID
208		case 9:
209		return $lang['noPlayers']; // RCON no players online
210		case 10:
211		return $lang['selDB']; // Select A DB
212		case 11:
213		return $lang['noServer']; // Select A DB
214		case 31:
215		return $lang['noHouse']; //No House
216		case 32:
217		return $lang['noVeh']; //No Vehicle
218		case 33:
219		return $lang['noGang']; //No Gang
220		case 34:
221		return $lang['noCrimes']; //No Crimes
222		case 35:
223		return $lang['noCrimes']; //No Crimes
224		case 36:
225		return $lang['noPlayer']; //No Player
226		case 37:
227		return $lang['noLic']; //No License
228	View Code Duplication	case 371:
229		return $lang['no'] . ' ' . $lang['civil'] . ' ' . $lang['licenses']; //No Civillian Licenses
230	View Code Duplication	case 372:
231		return $lang['no'] . ' ' . $lang['medic'] . ' ' . $lang['licenses']; //No Medic Licenses
232	View Code Duplication	case 373:
233		return $lang['no'] . ' ' . $lang['police'] . ' ' . $lang['licenses']; //No Police Licenses
234		case 38:
235		return $lang['no'] . ' ' . $lang['gear']; //No License
236	View Code Duplication	case 381:
237		return $lang['no'] . ' ' . $lang['civil'] . ' ' . $lang['gear']; //No Civillian Licenses
238	View Code Duplication	case 382:
239		return $lang['no'] . ' ' . $lang['medic'] . ' ' . $lang['gear']; //No Medic Licenses
240	View Code Duplication	case 383:
241		return $lang['no'] . ' ' . $lang['police'] . ' ' . $lang['gear']; //No Police Licenses
242		}
243		}
244
245	View Code Duplication	function random($length)
246		{
247		$max = ceil($length / 40);
248		$random = '';
249		for ($i = 0; $i < $max; $i++) {
250		$random .= sha1(microtime(true) . mt_rand(10000, 90000));
251		}
252		return substr($random, 0, $length);
253		}
254
255		function steamBanned($PID)
256		{
257		$settings = require('config/settings.php');
258		if (!empty($settings['steamAPI'])) {
259		$api = "http://api.steampowered.com/ISteamUser/GetPlayerBans/v1/?key=" . $settings['steamAPI'] . "&steamids=" . $PID;
260		$bans = json_decode(file_get_contents($api), true);
261		if ($bans['players']['0']['VACBanned']) {
262		return '<h4><span class="label label-danger" style="margin-left:3px; line-height:2;">VAC BANNED</span></h4>';
263		}
264		//todo:formatting
265		}
266		}
267
268		function multiDB()
269		{
270		$db_connection = masterConnect();
271
272		$sql = "SELECT `sid`,`dbid`,`type` FROM `servers`;";
273		$db = $db_connection->query($sql);
274		if ($db->num_rows == 1) {
275		$iamDB = $db->fetch_object();
276		$_SESSION['multiDB'] = false;
277		$_SESSION['server_type'] = $iamDB->type;
278		$_SESSION['dbid'] = $iamDB->dbid;
279		} else {
280		$_SESSION['multiDB'] = true;
281		}
282		}
283
284		function tokenGen($length)
285		{
286		return substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, $length);
287		}
288
289		function stripArray($input, $type)
290		{
291		switch ($type) {
292	View Code Duplication	case 0:
293		$array = explode("],[", $input);
294		$array = str_replace('"[[', '', $array);
295		$array = str_replace(']]"', '', $array);
296		return str_replace('`', '', $array);
297	View Code Duplication	case 1:
298		$array = explode(",", $input);
299		$array = str_replace('"[', '', $array);
300		$array = str_replace(']"', '', $array);
301		return str_replace('`', '', $array);
302	View Code Duplication	case 2:
303		$array = explode(",", $input);
304		$array = str_replace('"[', '', $array);
305		$array = str_replace(']"', '', $array);
306		return str_replace('`', '', $array);
307		case 3:
308		$input = str_replace('[`', '', $input);
309		$input = str_replace('`]', '', $input);
310		return explode("`,`", $input);
311		break;
		0 ignored issues – show Unused Code introduced 2016-12-12 15:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
312		default:
313		return [];
314		}
315		}
316
317		function clean($input, $type)
318		{
319		if ($type == 'string') {
320		return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_STRING);
321		} elseif ($type == 'int') {
322		$input = filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_NUMBER_INT);
323		if ($input < 0) {
324		return 0;
325		}
326		return $input;
327		} elseif ($type == 'url') {
328		return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_URL);
329		} elseif ($type == 'email') {
330		return filter_var(htmlspecialchars(trim($input)), FILTER_SANITIZE_EMAIL);
331		} elseif ($type == 'boolean') {
332		return ($input === 'true');
333		} elseif ($type == 'intbool' && ($input == 1 \|\| $input == 0)) {
334		return $input;
335		}
336		return '';
337		}
338
339		function before($needle, $haystack)
340		{
341		return substr($haystack, 0, strpos($haystack, $needle));
342		}
343
344		function after($needle, $haystack)
345		{
346		if (!is_bool(strpos($haystack, $needle))) {
347		return substr($haystack, strpos($haystack, $needle) + strlen($needle));
348		}
349		}
350
351		function getGravatar($email, $s = 80, $d = 'mm', $r = 'x', $img = false, $atts = array() ) {
352		$url = 'https://www.gravatar.com/avatar/';
353		$url .= md5( strtolower( trim( $email ) ) );
354		$url .= "?s=$s&d=$d&r=$r";
355		if ( $img ) {
356		$url = '<img src="' . $url . '"';
357		foreach ( $atts as $key => $val )
358		$url .= ' ' . $key . '="' . $val . '"';
359		$url .= ' />';
360		}
361		return $url;
362		}
363

Cyberbyte-Studios / CyberWorks

Issues (501)

Security Analysis not enabled

gfunctions.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like