This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | namespace Eccube\Controller\Admin\Setting\System; |
||
25 | |||
26 | use Eccube\Application; |
||
27 | use Eccube\Controller\AbstractController; |
||
28 | use Eccube\Event\EccubeEvents; |
||
29 | use Eccube\Event\EventArgs; |
||
30 | use Symfony\Component\HttpFoundation\Request; |
||
31 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
32 | |||
33 | class MemberController extends AbstractController |
||
34 | { |
||
35 | public function __construct() |
||
36 | { |
||
37 | } |
||
38 | |||
39 | 2 | public function index(Application $app, Request $request) |
|
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
40 | { |
||
41 | 2 | $Members = $app['eccube.repository.member']->findBy(array(), array('rank' => 'DESC')); |
|
42 | |||
43 | 2 | $builder = $app['form.factory']->createBuilder(); |
|
44 | |||
45 | 2 | $event = new EventArgs( |
|
46 | array( |
||
47 | 2 | 'builder' => $builder, |
|
48 | 2 | 'Members' => $Members, |
|
49 | ), |
||
50 | $request |
||
51 | ); |
||
52 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SYSTEM_MEMBER_INDEX_INITIALIZE, $event); |
|
53 | |||
54 | 2 | $form = $builder->getForm(); |
|
55 | |||
56 | 2 | return $app->render('Setting/System/member.twig', array( |
|
57 | 2 | 'form' => $form->createView(), |
|
58 | 2 | 'Members' => $Members, |
|
59 | )); |
||
60 | } |
||
61 | |||
62 | 9 | public function edit(Application $app, Request $request, $id = null) |
|
63 | { |
||
64 | 9 | $previous_password = null; |
|
65 | 9 | if ($id) { |
|
66 | 5 | $Member = $app['eccube.repository.member']->find($id); |
|
67 | 5 | if (!$Member) { |
|
68 | 1 | throw new NotFoundHttpException(); |
|
69 | } |
||
70 | 4 | $previous_password = $Member->getPassword(); |
|
71 | 4 | $Member->setPassword($app['config']['default_password']); |
|
72 | } else { |
||
73 | 4 | $Member = new \Eccube\Entity\Member(); |
|
74 | } |
||
75 | |||
76 | 8 | $LoginMember = clone $app->user(); |
|
77 | 8 | $app['orm.em']->detach($LoginMember); |
|
78 | |||
79 | 8 | $builder = $app['form.factory'] |
|
80 | 8 | ->createBuilder('admin_member', $Member); |
|
81 | |||
82 | 8 | $event = new EventArgs( |
|
83 | array( |
||
84 | 8 | 'builder' => $builder, |
|
85 | 8 | 'Member' => $Member, |
|
86 | ), |
||
87 | $request |
||
88 | ); |
||
89 | 8 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SYSTEM_MEMBER_EDIT_INITIALIZE, $event); |
|
90 | |||
91 | 8 | $form = $builder->getForm(); |
|
92 | |||
93 | 8 | if ('POST' === $request->getMethod()) { |
|
94 | 4 | $form->handleRequest($request); |
|
95 | 4 | if ($form->isValid()) { |
|
96 | 2 | if (!is_null($previous_password) |
|
97 | 2 | && $Member->getpassword() === $app['config']['default_password']) { |
|
98 | // 編集時にPWを変更していなければ |
||
99 | // 変更前のパスワード(暗号化済み)をセット |
||
100 | 1 | $Member->setPassword($previous_password); |
|
101 | } else { |
||
102 | 1 | $salt = $Member->getSalt(); |
|
103 | 1 | if (!isset($salt)) { |
|
104 | 1 | $salt = $app['eccube.repository.member']->createSalt(5); |
|
105 | 1 | $Member->setSalt($salt); |
|
106 | } |
||
107 | |||
108 | // 入力されたPWを暗号化してセット |
||
109 | 1 | $password = $app['eccube.repository.member']->encryptPassword($Member); |
|
110 | 1 | $Member->setPassword($password); |
|
111 | } |
||
112 | 2 | $status = $app['eccube.repository.member']->save($Member); |
|
113 | |||
114 | 2 | if ($status) { |
|
115 | 2 | $event = new EventArgs( |
|
116 | array( |
||
117 | 2 | 'form' => $form, |
|
118 | 2 | 'Member' => $Member, |
|
119 | ), |
||
120 | $request |
||
121 | ); |
||
122 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SYSTEM_MEMBER_EDIT_COMPLETE, $event); |
|
123 | |||
124 | 2 | $app->addSuccess('admin.member.save.complete', 'admin'); |
|
125 | |||
126 | 2 | return $app->redirect($app->url('admin_setting_system_member')); |
|
127 | } else { |
||
128 | $app->addError('admin.member.save.error', 'admin'); |
||
129 | } |
||
130 | } |
||
131 | } |
||
132 | |||
133 | 6 | $app['security']->getToken()->setUser($LoginMember); |
|
134 | |||
135 | 6 | return $app->render('Setting/System/member_edit.twig', array( |
|
136 | 6 | 'form' => $form->createView(), |
|
137 | 6 | 'Member' => $Member, |
|
138 | )); |
||
139 | |||
140 | } |
||
141 | |||
142 | 4 | View Code Duplication | public function up(Application $app, Request $request, $id) |
143 | { |
||
144 | 4 | $this->isTokenValid($app); |
|
145 | |||
146 | 4 | $TargetMember = $app['eccube.repository.member']->find($id); |
|
147 | |||
148 | 4 | if (!$TargetMember) { |
|
149 | 1 | throw new NotFoundHttpException(); |
|
150 | } |
||
151 | |||
152 | 3 | $status = false; |
|
153 | 3 | if ('PUT' === $request->getMethod()) { |
|
154 | 3 | $status = $app['eccube.repository.member']->up($TargetMember); |
|
155 | } |
||
156 | |||
157 | 3 | if ($status) { |
|
158 | 1 | $app->addSuccess('admin.member.up.complete', 'admin'); |
|
159 | } else { |
||
160 | 2 | $app->addError('admin.member.up.error', 'admin'); |
|
161 | } |
||
162 | |||
163 | 3 | return $app->redirect($app->url('admin_setting_system_member')); |
|
164 | } |
||
165 | |||
166 | 5 | View Code Duplication | public function down(Application $app, Request $request, $id) |
167 | { |
||
168 | 5 | $this->isTokenValid($app); |
|
169 | |||
170 | 5 | $TargetMember = $app['eccube.repository.member']->find($id); |
|
171 | |||
172 | 5 | if (!$TargetMember) { |
|
173 | 1 | throw new NotFoundHttpException(); |
|
174 | } |
||
175 | |||
176 | 4 | $status = false; |
|
177 | 4 | if ('PUT' === $request->getMethod()) { |
|
178 | 4 | $status = $app['eccube.repository.member']->down($TargetMember); |
|
179 | } |
||
180 | |||
181 | 4 | if ($status) { |
|
182 | 2 | $app->addSuccess('admin.member.down.complete', 'admin'); |
|
183 | } else { |
||
184 | 2 | $app->addError('admin.member.down.error', 'admin'); |
|
185 | } |
||
186 | |||
187 | 4 | return $app->redirect($app->url('admin_setting_system_member')); |
|
188 | } |
||
189 | |||
190 | 3 | public function delete(Application $app, Request $request, $id) |
|
191 | { |
||
192 | 3 | $this->isTokenValid($app); |
|
193 | |||
194 | 3 | $TargetMember = $app['eccube.repository.member']->find($id); |
|
195 | 3 | if (!$TargetMember) { |
|
196 | 1 | $app->deleteMessage(); |
|
197 | 1 | return $app->redirect($app->url('admin_setting_system_member')); |
|
198 | } |
||
199 | |||
200 | 2 | $event = new EventArgs( |
|
201 | array( |
||
202 | 2 | 'TargetMember' => $TargetMember, |
|
203 | ), |
||
204 | $request |
||
205 | ); |
||
206 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SYSTEM_MEMBER_DELETE_INITIALIZE, $event); |
|
207 | |||
208 | 2 | $status = $app['eccube.repository.member']->delete($TargetMember); |
|
209 | |||
210 | 2 | if ($status) { |
|
211 | 2 | $app->addSuccess('admin.member.delete.complete', 'admin'); |
|
212 | 2 | $event = new EventArgs( |
|
213 | 2 | array(), |
|
214 | $request |
||
215 | ); |
||
216 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SYSTEM_MEMBER_DELETE_COMPLETE, $event); |
|
217 | } else { |
||
218 | $app->addError('admin.member.delete.error', 'admin'); |
||
219 | } |
||
220 | |||
221 | 2 | return $app->redirect($app->url('admin_setting_system_member')); |
|
222 | } |
||
223 | } |