This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller\Admin; |
||
26 | |||
27 | use Doctrine\ORM\NoResultException; |
||
28 | use Doctrine\ORM\Query\ResultSetMapping; |
||
29 | use Doctrine\ORM\QueryBuilder; |
||
30 | use Eccube\Application; |
||
31 | use Eccube\Common\Constant; |
||
32 | use Eccube\Controller\AbstractController; |
||
33 | use Eccube\Event\EccubeEvents; |
||
34 | use Eccube\Event\EventArgs; |
||
35 | use Symfony\Component\Form\Form; |
||
36 | use Symfony\Component\HttpFoundation\Request; |
||
37 | |||
38 | class AdminController extends AbstractController |
||
39 | 6 | { |
|
40 | public function login(Application $app, Request $request) |
||
41 | 6 | { |
|
42 | if ($app->isGranted('ROLE_ADMIN')) { |
||
43 | return $app->redirect($app->url('admin_homepage')); |
||
44 | } |
||
45 | |||
46 | 6 | /* @var $form \Symfony\Component\Form\FormInterface */ |
|
47 | 6 | $builder = $app['form.factory'] |
|
48 | ->createNamedBuilder('', 'admin_login'); |
||
49 | 6 | ||
50 | $event = new EventArgs( |
||
51 | 6 | array( |
|
52 | 'builder' => $builder, |
||
53 | ), |
||
54 | $request |
||
55 | 6 | ); |
|
56 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_LOGIN_INITIALIZE, $event); |
||
57 | 6 | ||
58 | $form = $builder->getForm(); |
||
59 | 6 | ||
60 | 6 | return $app->render('login.twig', array( |
|
61 | 6 | 'error' => $app['security.last_error']($request), |
|
62 | 'form' => $form->createView(), |
||
63 | )); |
||
64 | } |
||
65 | 3 | ||
66 | public function index(Application $app, Request $request) |
||
67 | { |
||
68 | 3 | // install.phpのチェック. |
|
69 | 3 | if (isset($app['config']['eccube_install']) && $app['config']['eccube_install'] == 1) { |
|
70 | 3 | $file = $app['config']['root_dir'] . '/html/install.php'; |
|
71 | 3 | View Code Duplication | if (file_exists($file)) { |
72 | 3 | $message = $app->trans('admin.install.warning', array('installphpPath' => 'html/install.php')); |
|
73 | $app->addWarning($message, 'admin'); |
||
74 | 3 | } |
|
75 | 3 | $fileOnRoot = $app['config']['root_dir'] . '/install.php'; |
|
76 | View Code Duplication | if (file_exists($fileOnRoot)) { |
|
77 | $message = $app->trans('admin.install.warning', array('installphpPath' => 'install.php')); |
||
78 | $app->addWarning($message, 'admin'); |
||
79 | } |
||
80 | } |
||
81 | |||
82 | 3 | // 受注マスター検索用フォーム |
|
83 | 3 | $searchOrderBuilder = $app['form.factory'] |
|
84 | ->createBuilder('admin_search_order'); |
||
85 | 3 | // 商品マスター検索用フォーム |
|
86 | 3 | $searchProductBuilder = $app['form.factory'] |
|
87 | ->createBuilder('admin_search_product'); |
||
88 | 3 | // 会員マスター検索用フォーム |
|
89 | 3 | $searchCustomerBuilder = $app['form.factory'] |
|
90 | ->createBuilder('admin_search_customer'); |
||
91 | 3 | ||
92 | $event = new EventArgs( |
||
93 | 3 | array( |
|
94 | 3 | 'searchOrderBuilder' => $searchOrderBuilder, |
|
95 | 3 | 'searchProductBuilder' => $searchProductBuilder, |
|
96 | 'searchCustomerBuilder' => $searchCustomerBuilder, |
||
97 | ), |
||
98 | $request |
||
99 | 3 | ); |
|
100 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_INITIALIZE, $event); |
||
101 | |||
102 | 3 | // 受注マスター検索用フォーム |
|
103 | $searchOrderForm = $searchOrderBuilder->getForm(); |
||
104 | |||
105 | 3 | // 商品マスター検索用フォーム |
|
106 | $searchProductForm = $searchProductBuilder->getForm(); |
||
107 | |||
108 | 3 | // 会員マスター検索用フォーム |
|
109 | $searchCustomerForm = $searchCustomerBuilder->getForm(); |
||
110 | |||
111 | /** |
||
112 | * 受注状況. |
||
113 | 3 | */ |
|
114 | 3 | $excludes = array(); |
|
115 | 3 | $excludes[] = $app['config']['order_pending']; |
|
116 | 3 | $excludes[] = $app['config']['order_processing']; |
|
117 | 3 | $excludes[] = $app['config']['order_cancel']; |
|
118 | $excludes[] = $app['config']['order_deliv']; |
||
119 | 3 | ||
120 | $event = new EventArgs( |
||
121 | 3 | array( |
|
122 | 'excludes' => $excludes, |
||
123 | ), |
||
124 | $request |
||
125 | 3 | ); |
|
126 | 3 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_ORDER, $event); |
|
127 | $excludes = $event->getArgument('excludes'); |
||
128 | |||
129 | 3 | // 受注ステータスごとの受注件数. |
|
130 | $Orders = $this->getOrderEachStatus($app['orm.em'], $excludes); |
||
131 | 3 | // 受注ステータスの一覧. |
|
132 | $OrderStatuses = $this->findOrderStatus($app['orm.em'], $excludes); |
||
133 | |||
134 | /** |
||
135 | * 売り上げ状況 |
||
136 | 3 | */ |
|
137 | 3 | $excludes = array(); |
|
138 | 3 | $excludes[] = $app['config']['order_processing']; |
|
139 | 3 | $excludes[] = $app['config']['order_cancel']; |
|
140 | $excludes[] = $app['config']['order_pending']; |
||
141 | 3 | ||
142 | $event = new EventArgs( |
||
143 | 3 | array( |
|
144 | 'excludes' => $excludes, |
||
145 | ), |
||
146 | $request |
||
147 | 3 | ); |
|
148 | 3 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_SALES, $event); |
|
149 | $excludes = $event->getArgument('excludes'); |
||
150 | |||
151 | 3 | // 今日の売上/件数 |
|
152 | $salesToday = $this->getSalesByDay($app['orm.em'], new \DateTime(), $excludes); |
||
153 | 3 | // 昨日の売上/件数 |
|
154 | $salesYesterday = $this->getSalesByDay($app['orm.em'], new \DateTime('-1 day'), $excludes); |
||
155 | 3 | // 今月の売上/件数 |
|
156 | $salesThisMonth = $this->getSalesByMonth($app['orm.em'], new \DateTime(), $excludes); |
||
157 | |||
158 | /** |
||
159 | * ショップ状況 |
||
160 | */ |
||
161 | 3 | // 在庫切れ商品数 |
|
162 | $countNonStockProducts = $this->countNonStockProducts($app['orm.em']); |
||
163 | 3 | // 本会員数 |
|
164 | $countCustomers = $this->countCustomers($app['orm.em']); |
||
165 | 3 | ||
166 | $event = new EventArgs( |
||
167 | 3 | array( |
|
168 | 3 | 'Orders' => $Orders, |
|
169 | 3 | 'OrderStatuses' => $OrderStatuses, |
|
170 | 3 | 'salesThisMonth' => $salesThisMonth, |
|
171 | 3 | 'salesToday' => $salesToday, |
|
172 | 3 | 'salesYesterday' => $salesYesterday, |
|
173 | 3 | 'countNonStockProducts' => $countNonStockProducts, |
|
174 | 'countCustomers' => $countCustomers, |
||
175 | ), |
||
176 | $request |
||
177 | 3 | ); |
|
178 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_COMPLETE, $event); |
||
179 | 3 | ||
180 | 3 | return $app->render('index.twig', array( |
|
181 | 3 | 'searchOrderForm' => $searchOrderForm->createView(), |
|
182 | 3 | 'searchProductForm' => $searchProductForm->createView(), |
|
183 | 3 | 'searchCustomerForm' => $searchCustomerForm->createView(), |
|
184 | 3 | 'Orders' => $Orders, |
|
185 | 3 | 'OrderStatuses' => $OrderStatuses, |
|
186 | 3 | 'salesThisMonth' => $salesThisMonth, |
|
187 | 3 | 'salesToday' => $salesToday, |
|
188 | 3 | 'salesYesterday' => $salesYesterday, |
|
189 | 3 | 'countNonStockProducts' => $countNonStockProducts, |
|
190 | 'countCustomers' => $countCustomers, |
||
191 | )); |
||
192 | } |
||
193 | |||
194 | /** |
||
195 | * パスワード変更画面 |
||
196 | * |
||
197 | * @param Application $app |
||
198 | * @param Request $request |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
199 | * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response |
||
200 | 3 | */ |
|
201 | public function changePassword(Application $app, Request $request) |
||
202 | 3 | { |
|
203 | 3 | $builder = $app['form.factory'] |
|
204 | ->createBuilder('admin_change_password'); |
||
205 | 3 | ||
206 | $event = new EventArgs( |
||
207 | 3 | array( |
|
208 | 'builder' => $builder, |
||
209 | ), |
||
210 | $request |
||
211 | 3 | ); |
|
212 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_CHANGE_PASSWORD_INITIALIZE, $event); |
||
213 | 3 | ||
214 | 3 | $form = $builder->getForm(); |
|
215 | $form->handleRequest($request); |
||
216 | 3 | ||
217 | 1 | if ($form->isSubmitted() && $form->isValid()) { |
|
218 | $password = $form->get('change_password')->getData(); |
||
219 | 1 | ||
220 | $Member = $app->user(); |
||
221 | 1 | ||
222 | 1 | $dummyMember = clone $Member; |
|
223 | 1 | $dummyMember->setPassword($password); |
|
224 | 1 | $salt = $dummyMember->getSalt(); |
|
225 | if (!isset($salt)) { |
||
226 | $salt = $app['eccube.repository.member']->createSalt(5); |
||
227 | $dummyMember->setSalt($salt); |
||
228 | } |
||
229 | 1 | ||
230 | $encryptPassword = $app['eccube.repository.member']->encryptPassword($dummyMember); |
||
231 | |||
232 | 1 | $Member |
|
233 | 1 | ->setPassword($encryptPassword) |
|
234 | ->setSalt($salt); |
||
235 | 1 | ||
236 | 1 | $status = $app['eccube.repository.member']->save($Member); |
|
237 | 1 | if ($status) { |
|
238 | $event = new EventArgs( |
||
239 | 1 | array( |
|
240 | 'form' => $form, |
||
241 | ), |
||
242 | $request |
||
243 | 1 | ); |
|
244 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIN_CHANGE_PASSWORD_COMPLETE, $event); |
||
245 | 1 | ||
246 | $app->addSuccess('admin.change_password.save.complete', 'admin'); |
||
247 | 1 | ||
248 | return $app->redirect($app->url('admin_change_password')); |
||
249 | } |
||
250 | |||
251 | $app->addError('admin.change_password.save.error', 'admin'); |
||
252 | } |
||
253 | 2 | ||
254 | 2 | return $app->render('change_password.twig', array( |
|
255 | 'form' => $form->createView(), |
||
256 | )); |
||
257 | } |
||
258 | |||
259 | /** |
||
260 | * 在庫なし商品の検索結果を表示する. |
||
261 | * |
||
262 | * @param Application $app |
||
263 | * @param Request $request |
||
264 | * @return \Symfony\Component\HttpFoundation\Response |
||
265 | 2 | */ |
|
266 | public function searchNonStockProducts(Application $app, Request $request) |
||
267 | { |
||
268 | 2 | // 商品マスター検索用フォーム |
|
269 | 2 | /* @var Form $form */ |
|
270 | 2 | $form = $app['form.factory'] |
|
271 | ->createBuilder('admin_search_product') |
||
272 | 2 | ->getForm(); |
|
273 | 2 | ||
274 | $form->handleRequest($request); |
||
275 | 2 | if ($form->isSubmitted() && $form->isValid()) { |
|
276 | // 在庫なし商品の検索条件をセッションに付与し, 商品マスタへリダイレクトする. |
||
277 | $searchData = array(); |
||
278 | $searchData['stock_status'] = Constant::DISABLED; |
||
279 | $session = $request->getSession(); |
||
280 | $session->set('eccube.admin.product.search', $searchData); |
||
281 | |||
282 | return $app->redirect($app->url('admin_product_page', array( |
||
283 | 'page_no' => 1, |
||
284 | 'status' => $app['config']['admin_product_stock_status']))); |
||
285 | } |
||
286 | |||
287 | return $app->redirect($app->url('admin_homepage')); |
||
288 | 2 | } |
|
289 | |||
290 | protected function findOrderStatus($em, array $excludes) |
||
291 | 3 | { |
|
292 | /* @var $qb QueryBuilder */ |
||
293 | $qb = $em |
||
294 | ->getRepository('Eccube\Entity\Master\OrderStatus') |
||
295 | 3 | ->createQueryBuilder('os'); |
|
296 | 3 | ||
297 | return $qb |
||
298 | ->where($qb->expr()->notIn('os.id', $excludes)) |
||
299 | 3 | ->orderBy('os.rank', 'ASC') |
|
300 | 3 | ->getQuery() |
|
301 | 3 | ->getResult(); |
|
302 | 3 | } |
|
303 | |||
304 | protected function getOrderEachStatus($em, array $excludes) |
||
305 | 3 | { |
|
306 | $sql = 'SELECT |
||
307 | t1.status as status, |
||
308 | COUNT(t1.order_id) as count |
||
309 | FROM |
||
310 | dtb_order t1 |
||
311 | WHERE |
||
312 | t1.del_flg = 0 |
||
313 | AND t1.status NOT IN (:excludes) |
||
314 | GROUP BY |
||
315 | t1.status |
||
316 | ORDER BY |
||
317 | t1.status'; |
||
318 | 3 | $rsm = new ResultSetMapping();; |
|
319 | 3 | $rsm->addScalarResult('status', 'status'); |
|
320 | 3 | $rsm->addScalarResult('count', 'count'); |
|
321 | 3 | $query = $em->createNativeQuery($sql, $rsm); |
|
322 | 3 | $query->setParameters(array(':excludes' => $excludes)); |
|
323 | 3 | $result = $query->getResult(); |
|
324 | 3 | $orderArray = array(); |
|
325 | 3 | foreach ($result as $row) { |
|
326 | 3 | $orderArray[$row['status']] = $row['count']; |
|
327 | 3 | } |
|
328 | |||
329 | return $orderArray; |
||
330 | 3 | } |
|
331 | |||
332 | View Code Duplication | protected function getSalesByMonth($em, $dateTime, array $excludes) |
|
333 | 3 | { |
|
334 | // concat... for pgsql |
||
335 | // http://stackoverflow.com/questions/1091924/substr-does-not-work-with-datatype-timestamp-in-postgres-8-3 |
||
336 | $dql = 'SELECT |
||
337 | SUBSTRING(CONCAT(o.order_date, \'\'), 1, 7) AS order_month, |
||
338 | SUM(o.payment_total) AS order_amount, |
||
339 | COUNT(o) AS order_count |
||
340 | FROM |
||
341 | Eccube\Entity\Order o |
||
342 | WHERE |
||
343 | o.del_flg = 0 |
||
344 | AND o.OrderStatus NOT IN (:excludes) |
||
345 | AND SUBSTRING(CONCAT(o.order_date, \'\'), 1, 7) = SUBSTRING(:targetDate, 1, 7) |
||
346 | GROUP BY |
||
347 | order_month'; |
||
348 | 3 | ||
349 | $q = $em |
||
350 | ->createQuery($dql) |
||
351 | 3 | ->setParameter(':excludes', $excludes) |
|
352 | 3 | ->setParameter(':targetDate', $dateTime); |
|
353 | 3 | ||
354 | $result = array(); |
||
355 | 3 | try { |
|
356 | $result = $q->getSingleResult(); |
||
357 | 3 | } catch (NoResultException $e) { |
|
358 | 2 | // 結果がない場合は空の配列を返す. |
|
359 | } |
||
360 | return $result; |
||
361 | 3 | } |
|
362 | |||
363 | View Code Duplication | protected function getSalesByDay($em, $dateTime, array $excludes) |
|
364 | 3 | { |
|
365 | // concat... for pgsql |
||
366 | // http://stackoverflow.com/questions/1091924/substr-does-not-work-with-datatype-timestamp-in-postgres-8-3 |
||
367 | $dql = 'SELECT |
||
368 | SUBSTRING(CONCAT(o.order_date, \'\'), 1, 10) AS order_day, |
||
369 | SUM(o.payment_total) AS order_amount, |
||
370 | COUNT(o) AS order_count |
||
371 | FROM |
||
372 | Eccube\Entity\Order o |
||
373 | WHERE |
||
374 | o.del_flg = 0 |
||
375 | AND o.OrderStatus NOT IN (:excludes) |
||
376 | AND SUBSTRING(CONCAT(o.order_date, \'\'), 1, 10) = SUBSTRING(:targetDate, 1, 10) |
||
377 | GROUP BY |
||
378 | order_day'; |
||
379 | 3 | ||
380 | $q = $em |
||
381 | ->createQuery($dql) |
||
382 | 3 | ->setParameter(':excludes', $excludes) |
|
383 | 3 | ->setParameter(':targetDate', $dateTime); |
|
384 | 3 | ||
385 | $result = array(); |
||
386 | 3 | try { |
|
387 | $result = $q->getSingleResult(); |
||
388 | 3 | } catch (NoResultException $e) { |
|
389 | 2 | // 結果がない場合は空の配列を返す. |
|
390 | } |
||
391 | return $result; |
||
392 | 3 | } |
|
393 | |||
394 | protected function countNonStockProducts($em) |
||
395 | 3 | { |
|
396 | /** @var $qb \Doctrine\ORM\QueryBuilder */ |
||
397 | $qb = $em->getRepository('Eccube\Entity\Product') |
||
398 | 3 | ->createQueryBuilder('p') |
|
399 | 3 | ->select('count(DISTINCT p.id)') |
|
400 | 3 | ->innerJoin('p.ProductClasses', 'pc') |
|
401 | 3 | ->where('pc.stock_unlimited = :StockUnlimited AND pc.stock = 0') |
|
402 | 3 | ->setParameter('StockUnlimited', Constant::DISABLED); |
|
403 | 3 | ||
404 | return $qb |
||
405 | ->getQuery() |
||
406 | 3 | ->getSingleScalarResult(); |
|
407 | 3 | } |
|
408 | |||
409 | protected function countCustomers($em) |
||
410 | 3 | { |
|
411 | $Status = $em |
||
412 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
||
413 | 3 | ->find(2); |
|
414 | 3 | ||
415 | /** @var $qb \Doctrine\ORM\QueryBuilder */ |
||
416 | $qb = $em->getRepository('Eccube\Entity\Customer') |
||
417 | 3 | ->createQueryBuilder('c') |
|
418 | 3 | ->select('count(c.id)') |
|
419 | 3 | ->where('c.Status = :Status') |
|
420 | 3 | ->setParameter('Status', $Status); |
|
421 | 3 | ||
422 | return $qb |
||
423 | ->getQuery() |
||
424 | 3 | ->getSingleScalarResult(); |
|
425 | } |
||
426 | } |