This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Repository; |
||
26 | |||
27 | use Doctrine\ORM\EntityRepository; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Entity\Customer; |
||
30 | use Eccube\Entity\Master\CustomerStatus; |
||
31 | use Eccube\Util\Str; |
||
32 | use Symfony\Component\Security\Core\Exception\UnsupportedUserException; |
||
33 | use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
||
34 | use Symfony\Component\Security\Core\User\UserInterface; |
||
35 | use Symfony\Component\Security\Core\User\UserProviderInterface; |
||
36 | use Symfony\Component\Security\Core\Util\SecureRandom; |
||
37 | |||
38 | /** |
||
39 | * CustomerRepository |
||
40 | * |
||
41 | * This class was generated by the Doctrine ORM. Add your own custom |
||
42 | * repository methods below. |
||
43 | */ |
||
44 | class CustomerRepository extends EntityRepository implements UserProviderInterface |
||
45 | { |
||
46 | protected $app; |
||
47 | |||
48 | public function setApplication($app) |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
49 | { |
||
50 | $this->app = $app; |
||
51 | } |
||
52 | |||
53 | 11 | public function newCustomer() |
|
0 ignored issues
–
show
|
|||
54 | { |
||
55 | 11 | $Customer = new \Eccube\Entity\Customer(); |
|
56 | 11 | $Status = $this->getEntityManager() |
|
57 | 11 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
|
58 | 11 | ->find(1); |
|
59 | |||
60 | $Customer |
||
61 | 11 | ->setStatus($Status) |
|
62 | 11 | ->setDelFlg(0); |
|
63 | |||
64 | 11 | return $Customer; |
|
65 | } |
||
66 | |||
67 | /** |
||
68 | * Loads the user for the given username. |
||
69 | * |
||
70 | * This method must throw UsernameNotFoundException if the user is not |
||
71 | * found. |
||
72 | * |
||
73 | * @param string $username The username |
||
74 | * |
||
75 | * @return UserInterface |
||
76 | * |
||
77 | * @see UsernameNotFoundException |
||
78 | * |
||
79 | * @throws UsernameNotFoundException if the user is not found |
||
80 | */ |
||
81 | 131 | public function loadUserByUsername($username) |
|
82 | { |
||
83 | // 本会員ステータスの会員のみ有効. |
||
84 | $CustomerStatus = $this |
||
85 | 131 | ->getEntityManager() |
|
86 | 131 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
|
87 | 131 | ->find(CustomerStatus::ACTIVE); |
|
88 | |||
89 | 131 | $query = $this->createQueryBuilder('c') |
|
90 | 131 | ->where('c.email = :email') |
|
91 | 131 | ->andWhere('c.del_flg = :delFlg') |
|
92 | 131 | ->andWhere('c.Status =:CustomerStatus') |
|
93 | 131 | ->setParameters(array( |
|
94 | 131 | 'email' => $username, |
|
95 | 131 | 'delFlg' => Constant::DISABLED, |
|
96 | 131 | 'CustomerStatus' => $CustomerStatus, |
|
97 | )) |
||
98 | 131 | ->setMaxResults(1) |
|
99 | 131 | ->getQuery(); |
|
100 | 131 | $Customer = $query->getOneOrNullResult(); |
|
101 | 131 | if (!$Customer) { |
|
102 | 1 | throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username)); |
|
103 | } |
||
104 | |||
105 | 130 | return $Customer; |
|
106 | } |
||
107 | |||
108 | /** |
||
109 | * Refreshes the user for the account interface. |
||
110 | * |
||
111 | * It is up to the implementation to decide if the user data should be |
||
112 | * totally reloaded (e.g. from the database), or if the UserInterface |
||
113 | * object can just be merged into some internal array of users / identity |
||
114 | * map. |
||
115 | * |
||
116 | * @param UserInterface $user |
||
117 | * |
||
118 | * @return UserInterface |
||
119 | * |
||
120 | * @throws UnsupportedUserException if the account is not supported |
||
121 | */ |
||
122 | 128 | View Code Duplication | public function refreshUser(UserInterface $user) |
123 | { |
||
124 | 128 | if (!$user instanceof Customer) { |
|
125 | 1 | throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); |
|
126 | } |
||
127 | |||
128 | 127 | return $this->loadUserByUsername($user->getUsername()); |
|
129 | } |
||
130 | |||
131 | /** |
||
132 | * Whether this provider supports the given user class. |
||
133 | * |
||
134 | * @param string $class |
||
135 | * |
||
136 | * @return bool |
||
137 | */ |
||
138 | 1 | public function supportsClass($class) |
|
139 | { |
||
140 | 1 | return $class === 'Eccube\Entity\Customer'; |
|
141 | } |
||
142 | |||
143 | 42 | public function getQueryBuilderBySearchData($searchData) |
|
144 | { |
||
145 | 42 | $qb = $this->createQueryBuilder('c') |
|
146 | 42 | ->select('c') |
|
147 | 42 | ->andWhere('c.del_flg = 0'); |
|
148 | |||
149 | 42 | if (isset($searchData['multi']) && Str::isNotBlank($searchData['multi'])) { |
|
150 | //スペース除去 |
||
151 | 18 | $clean_key_multi = preg_replace('/\s+|[ ]+/u', '', $searchData['multi']); |
|
152 | 18 | $id = preg_match('/^\d+$/', $clean_key_multi) ? $clean_key_multi : null; |
|
153 | $qb |
||
154 | 18 | ->andWhere('c.id = :customer_id OR CONCAT(c.name01, c.name02) LIKE :name OR CONCAT(c.kana01, c.kana02) LIKE :kana OR c.email LIKE :email') |
|
155 | 18 | ->setParameter('customer_id', $id) |
|
156 | 18 | ->setParameter('name', '%' . $clean_key_multi . '%') |
|
157 | 18 | ->setParameter('kana', '%' . $clean_key_multi . '%') |
|
158 | 18 | ->setParameter('email', '%' . $clean_key_multi . '%'); |
|
159 | } |
||
160 | |||
161 | // Pref |
||
162 | 42 | View Code Duplication | if (!empty($searchData['pref']) && $searchData['pref']) { |
163 | $qb |
||
164 | 1 | ->andWhere('c.Pref = :pref') |
|
165 | 1 | ->setParameter('pref', $searchData['pref']->getId()); |
|
166 | } |
||
167 | |||
168 | // sex |
||
169 | 42 | if (!empty($searchData['sex']) && count($searchData['sex']) > 0) { |
|
170 | 2 | $sexs = array(); |
|
171 | 2 | foreach ($searchData['sex'] as $sex) { |
|
172 | 2 | $sexs[] = $sex->getId(); |
|
173 | } |
||
174 | |||
175 | $qb |
||
176 | 2 | ->andWhere($qb->expr()->in('c.Sex', ':sexs')) |
|
177 | 2 | ->setParameter('sexs', $sexs); |
|
178 | } |
||
179 | |||
180 | 42 | View Code Duplication | if (!empty($searchData['birth_month']) && $searchData['birth_month']) { |
181 | $qb |
||
182 | 1 | ->andWhere('EXTRACT(MONTH FROM c.birth) = :birth_month') |
|
183 | 1 | ->setParameter('birth_month', $searchData['birth_month']); |
|
184 | } |
||
185 | |||
186 | // birth |
||
187 | 42 | View Code Duplication | if (!empty($searchData['birth_start']) && $searchData['birth_start']) { |
188 | 2 | $date = $searchData['birth_start'] |
|
189 | 2 | ->format('Y-m-d H:i:s'); |
|
190 | $qb |
||
191 | 2 | ->andWhere('c.birth >= :birth_start') |
|
192 | 2 | ->setParameter('birth_start', $date); |
|
193 | } |
||
194 | 42 | View Code Duplication | if (!empty($searchData['birth_end']) && $searchData['birth_end']) { |
195 | 2 | $date = clone $searchData['birth_end']; |
|
196 | $date = $date |
||
197 | 2 | ->modify('+1 days') |
|
198 | 2 | ->format('Y-m-d H:i:s'); |
|
199 | $qb |
||
200 | 2 | ->andWhere('c.birth < :birth_end') |
|
201 | 2 | ->setParameter('birth_end', $date); |
|
202 | } |
||
203 | |||
204 | // tel |
||
205 | 42 | View Code Duplication | if (isset($searchData['tel']) && Str::isNotBlank($searchData['tel'])) { |
206 | $qb |
||
207 | 1 | ->andWhere('CONCAT(c.tel01, c.tel02, c.tel03) LIKE :tel') |
|
208 | 1 | ->setParameter('tel', '%' . $searchData['tel'] . '%'); |
|
209 | } |
||
210 | |||
211 | // buy_total |
||
212 | 42 | View Code Duplication | if (isset($searchData['buy_total_start']) && Str::isNotBlank($searchData['buy_total_start'])) { |
213 | $qb |
||
214 | 1 | ->andWhere('c.buy_total >= :buy_total_start') |
|
215 | 1 | ->setParameter('buy_total_start', $searchData['buy_total_start']); |
|
216 | } |
||
217 | 42 | View Code Duplication | if (isset($searchData['buy_total_end']) && Str::isNotBlank($searchData['buy_total_end'])) { |
218 | $qb |
||
219 | 1 | ->andWhere('c.buy_total <= :buy_total_end') |
|
220 | 1 | ->setParameter('buy_total_end', $searchData['buy_total_end']); |
|
221 | } |
||
222 | |||
223 | // buy_times |
||
224 | 42 | if (!empty($searchData['buy_times_start']) && $searchData['buy_times_start']) { |
|
225 | $qb |
||
226 | 1 | ->andWhere('c.buy_times >= :buy_times_start') |
|
227 | 1 | ->setParameter('buy_times_start', $searchData['buy_times_start']); |
|
228 | } |
||
229 | 42 | if (!empty($searchData['buy_times_end']) && $searchData['buy_times_end']) { |
|
230 | $qb |
||
231 | 1 | ->andWhere('c.buy_times <= :buy_times_end') |
|
232 | 1 | ->setParameter('buy_times_end', $searchData['buy_times_end']); |
|
233 | } |
||
234 | |||
235 | // create_date |
||
236 | 42 | View Code Duplication | if (!empty($searchData['create_date_start']) && $searchData['create_date_start']) { |
237 | 1 | $date = $searchData['create_date_start'] |
|
238 | 1 | ->format('Y-m-d H:i:s'); |
|
239 | $qb |
||
240 | 1 | ->andWhere('c.create_date >= :create_date_start') |
|
241 | 1 | ->setParameter('create_date_start', $date); |
|
242 | } |
||
243 | 42 | View Code Duplication | if (!empty($searchData['create_date_end']) && $searchData['create_date_end']) { |
244 | 1 | $date = clone $searchData['create_date_end']; |
|
245 | $date = $date |
||
246 | 1 | ->modify('+1 days') |
|
247 | 1 | ->format('Y-m-d H:i:s'); |
|
248 | $qb |
||
249 | 1 | ->andWhere('c.create_date < :create_date_end') |
|
250 | 1 | ->setParameter('create_date_end', $date); |
|
251 | } |
||
252 | |||
253 | // update_date |
||
254 | 42 | View Code Duplication | if (!empty($searchData['update_date_start']) && $searchData['update_date_start']) { |
255 | 1 | $date = $searchData['update_date_start'] |
|
256 | 1 | ->format('Y-m-d H:i:s'); |
|
257 | $qb |
||
258 | 1 | ->andWhere('c.update_date >= :update_date_start') |
|
259 | 1 | ->setParameter('update_date_start', $date); |
|
260 | } |
||
261 | 42 | View Code Duplication | if (!empty($searchData['update_date_end']) && $searchData['update_date_end']) { |
262 | 1 | $date = clone $searchData['update_date_end']; |
|
263 | $date = $date |
||
264 | 1 | ->modify('+1 days') |
|
265 | 1 | ->format('Y-m-d H:i:s'); |
|
266 | $qb |
||
267 | 1 | ->andWhere('c.update_date < :update_date_end') |
|
268 | 1 | ->setParameter('update_date_end', $date); |
|
269 | } |
||
270 | |||
271 | // last_buy |
||
272 | 42 | View Code Duplication | if (!empty($searchData['last_buy_start']) && $searchData['last_buy_start']) { |
273 | 1 | $date = $searchData['last_buy_start'] |
|
274 | 1 | ->format('Y-m-d H:i:s'); |
|
275 | $qb |
||
276 | 1 | ->andWhere('c.last_buy_date >= :last_buy_start') |
|
277 | 1 | ->setParameter('last_buy_start', $date); |
|
278 | } |
||
279 | 42 | View Code Duplication | if (!empty($searchData['last_buy_end']) && $searchData['last_buy_end']) { |
280 | 1 | $date = clone $searchData['last_buy_end']; |
|
281 | $date = $date |
||
282 | 1 | ->modify('+1 days') |
|
283 | 1 | ->format('Y-m-d H:i:s'); |
|
284 | $qb |
||
285 | 1 | ->andWhere('c.last_buy_date < :last_buy_end') |
|
286 | 1 | ->setParameter('last_buy_end', $date); |
|
287 | } |
||
288 | |||
289 | // status |
||
290 | 42 | if (!empty($searchData['customer_status']) && count($searchData['customer_status']) > 0) { |
|
291 | $qb |
||
292 | 2 | ->andWhere($qb->expr()->in('c.Status', ':statuses')) |
|
293 | 2 | ->setParameter('statuses', $searchData['customer_status']); |
|
294 | } |
||
295 | |||
296 | // buy_product_name、buy_product_code |
||
297 | 42 | View Code Duplication | if (isset($searchData['buy_product_code']) && Str::isNotBlank($searchData['buy_product_code'])) { |
298 | $qb |
||
299 | 1 | ->leftJoin('c.Orders', 'o') |
|
300 | 1 | ->leftJoin('o.OrderDetails', 'od') |
|
301 | 1 | ->andWhere('od.product_name LIKE :buy_product_name OR od.product_code LIKE :buy_product_name') |
|
302 | 1 | ->setParameter('buy_product_name', '%' . $searchData['buy_product_code'] . '%'); |
|
303 | } |
||
304 | |||
305 | // Order By |
||
306 | 42 | $qb->addOrderBy('c.update_date', 'DESC'); |
|
307 | |||
308 | 42 | return $qb; |
|
309 | } |
||
310 | |||
311 | /** |
||
312 | * ユニークなシークレットキーを返す |
||
313 | * @param $app |
||
314 | * @return string |
||
315 | */ |
||
316 | 366 | View Code Duplication | public function getUniqueSecretKey($app) |
317 | { |
||
318 | 366 | $unique = Str::random(32); |
|
319 | 366 | $Customer = $app['eccube.repository.customer']->findBy(array( |
|
320 | 366 | 'secret_key' => $unique, |
|
321 | )); |
||
322 | 366 | if (count($Customer) == 0) { |
|
323 | 366 | return $unique; |
|
324 | } else { |
||
325 | return $this->getUniqueSecretKey($app); |
||
326 | } |
||
327 | } |
||
328 | |||
329 | /** |
||
330 | * ユニークなパスワードリセットキーを返す |
||
331 | * @param $app |
||
332 | * @return string |
||
333 | */ |
||
334 | 2 | View Code Duplication | public function getUniqueResetKey($app) |
335 | { |
||
336 | 2 | $unique = Str::random(32); |
|
337 | 2 | $Customer = $app['eccube.repository.customer']->findBy(array( |
|
338 | 2 | 'reset_key' => $unique, |
|
339 | )); |
||
340 | 2 | if (count($Customer) == 0) { |
|
341 | 2 | return $unique; |
|
342 | } else { |
||
343 | return $this->getUniqueResetKey($app); |
||
344 | } |
||
345 | } |
||
346 | |||
347 | /** |
||
348 | * saltを生成する |
||
349 | * |
||
350 | * @param $byte |
||
351 | * @return string |
||
352 | */ |
||
353 | 366 | public function createSalt($byte) |
|
354 | { |
||
355 | 366 | $generator = new SecureRandom(); |
|
356 | |||
357 | 366 | return bin2hex($generator->nextBytes($byte)); |
|
358 | } |
||
359 | |||
360 | /** |
||
361 | * 入力されたパスワードをSaltと暗号化する |
||
362 | * |
||
363 | * @param $app |
||
364 | * @param Customer $Customer |
||
365 | * @return mixed |
||
366 | */ |
||
367 | 366 | public function encryptPassword($app, \Eccube\Entity\Customer $Customer) |
|
368 | { |
||
369 | 366 | $encoder = $app['security.encoder_factory']->getEncoder($Customer); |
|
370 | |||
371 | 366 | return $encoder->encodePassword($Customer->getPassword(), $Customer->getSalt()); |
|
372 | } |
||
373 | |||
374 | 5 | public function getNonActiveCustomerBySecretKey($secret_key) |
|
375 | { |
||
376 | 5 | $qb = $this->createQueryBuilder('c') |
|
377 | 5 | ->where('c.del_flg = 0 AND c.secret_key = :secret_key') |
|
378 | 5 | ->leftJoin('c.Status', 's') |
|
379 | 5 | ->andWhere('s.id = :status') |
|
380 | 5 | ->setParameter('secret_key', $secret_key) |
|
381 | 5 | ->setParameter('status', CustomerStatus::NONACTIVE); |
|
382 | 5 | $query = $qb->getQuery(); |
|
383 | |||
384 | 5 | return $query->getSingleResult(); |
|
385 | } |
||
386 | |||
387 | 3 | public function getActiveCustomerByEmail($email) |
|
388 | { |
||
389 | 3 | $query = $this->createQueryBuilder('c') |
|
390 | 3 | ->where('c.email = :email AND c.Status = :status') |
|
391 | 3 | ->setParameter('email', $email) |
|
392 | 3 | ->setParameter('status', CustomerStatus::ACTIVE) |
|
393 | 3 | ->setMaxResults(1) |
|
394 | 3 | ->getQuery(); |
|
395 | |||
396 | 3 | $Customer = $query->getOneOrNullResult(); |
|
397 | |||
398 | 3 | return $Customer; |
|
399 | } |
||
400 | |||
401 | 5 | public function getActiveCustomerByResetKey($reset_key) |
|
402 | { |
||
403 | 5 | $query = $this->createQueryBuilder('c') |
|
404 | 5 | ->where('c.reset_key = :reset_key AND c.Status = :status AND c.reset_expire >= :reset_expire') |
|
405 | 5 | ->setParameter('reset_key', $reset_key) |
|
406 | 5 | ->setParameter('status', CustomerStatus::ACTIVE) |
|
407 | 5 | ->setParameter('reset_expire', new \DateTime()) |
|
408 | 5 | ->getQuery(); |
|
409 | |||
410 | 5 | $Customer = $query->getSingleResult(); |
|
411 | |||
412 | 3 | return $Customer; |
|
413 | } |
||
414 | |||
415 | 4 | public function getResetPassword() |
|
416 | { |
||
417 | 4 | return Str::random(8); |
|
418 | } |
||
419 | |||
420 | /** |
||
421 | * 会員の初回購入時間、購入時間、購入回数、購入金額を更新する |
||
422 | * |
||
423 | * @param $app |
||
424 | * @param Customer $Customer |
||
425 | * @param $orderStatusId |
||
426 | */ |
||
427 | 16 | public function updateBuyData($app, Customer $Customer, $orderStatusId) |
|
428 | { |
||
429 | // 会員の場合、初回購入時間・購入時間・購入回数・購入金額を更新 |
||
430 | |||
431 | 16 | $arr = array($app['config']['order_new'], |
|
432 | 16 | $app['config']['order_pay_wait'], |
|
433 | 16 | $app['config']['order_back_order'], |
|
434 | 16 | $app['config']['order_deliv'], |
|
435 | 16 | $app['config']['order_pre_end'], |
|
436 | ); |
||
437 | |||
438 | 16 | $result = $app['eccube.repository.order']->getCustomerCount($Customer, $arr); |
|
439 | |||
440 | 16 | if (!empty($result)) { |
|
441 | 12 | $data = $result[0]; |
|
442 | |||
443 | 12 | $now = new \DateTime(); |
|
444 | |||
445 | 12 | $firstBuyDate = $Customer->getFirstBuyDate(); |
|
446 | 12 | if (empty($firstBuyDate)) { |
|
447 | 12 | $Customer->setFirstBuyDate($now); |
|
448 | } |
||
449 | |||
450 | 12 | if ($orderStatusId == $app['config']['order_cancel'] || |
|
451 | 12 | $orderStatusId == $app['config']['order_pending'] || |
|
452 | 12 | $orderStatusId == $app['config']['order_processing']) { |
|
453 | // キャンセル、決済処理中、購入処理中は購入時間は更新しない |
||
454 | } else { |
||
455 | 12 | $Customer->setLastBuyDate($now); |
|
456 | } |
||
457 | |||
458 | 12 | $Customer->setBuyTimes($data['buy_times']); |
|
459 | 12 | $Customer->setBuyTotal($data['buy_total']); |
|
460 | |||
461 | } else { |
||
462 | // 受注データが存在しなければ初期化 |
||
463 | 5 | $Customer->setFirstBuyDate(null); |
|
464 | 5 | $Customer->setLastBuyDate(null); |
|
465 | 5 | $Customer->setBuyTimes(0); |
|
466 | 5 | $Customer->setBuyTotal(0); |
|
467 | } |
||
468 | |||
469 | 16 | $app['orm.em']->persist($Customer); |
|
470 | 16 | $app['orm.em']->flush(); |
|
471 | } |
||
472 | } |
||
473 |