This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Repository; |
||
26 | |||
27 | use Doctrine\ORM\EntityRepository; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Entity\Customer; |
||
30 | use Eccube\Entity\Master\CustomerStatus; |
||
31 | use Eccube\Util\Str; |
||
32 | use Symfony\Component\Security\Core\Exception\UnsupportedUserException; |
||
33 | use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
||
34 | use Symfony\Component\Security\Core\User\UserInterface; |
||
35 | use Symfony\Component\Security\Core\User\UserProviderInterface; |
||
36 | use Symfony\Component\Security\Core\Util\SecureRandom; |
||
37 | |||
38 | /** |
||
39 | * CustomerRepository |
||
40 | * |
||
41 | * This class was generated by the Doctrine ORM. Add your own custom |
||
42 | * repository methods below. |
||
43 | */ |
||
44 | class CustomerRepository extends EntityRepository implements UserProviderInterface |
||
45 | { |
||
46 | protected $app; |
||
47 | |||
48 | public function setApplication($app) |
||
49 | { |
||
50 | $this->app = $app; |
||
51 | } |
||
52 | |||
53 | 11 | public function newCustomer() |
|
54 | { |
||
55 | 11 | $Customer = new \Eccube\Entity\Customer(); |
|
56 | 11 | $Status = $this->getEntityManager() |
|
57 | 11 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
|
58 | 11 | ->find(1); |
|
59 | |||
60 | $Customer |
||
61 | 11 | ->setStatus($Status) |
|
62 | 11 | ->setDelFlg(0); |
|
63 | |||
64 | 11 | return $Customer; |
|
65 | } |
||
66 | |||
67 | /** |
||
68 | * Loads the user for the given username. |
||
69 | * |
||
70 | * This method must throw UsernameNotFoundException if the user is not |
||
71 | * found. |
||
72 | * |
||
73 | * @param string $username The username |
||
74 | * |
||
75 | * @return UserInterface |
||
76 | * |
||
77 | * @see UsernameNotFoundException |
||
78 | * |
||
79 | * @throws UsernameNotFoundException if the user is not found |
||
80 | */ |
||
81 | 131 | public function loadUserByUsername($username) |
|
82 | { |
||
83 | // 本会員ステータスの会員のみ有効. |
||
84 | $CustomerStatus = $this |
||
85 | 131 | ->getEntityManager() |
|
86 | 131 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
|
87 | 131 | ->find(CustomerStatus::ACTIVE); |
|
88 | |||
89 | 131 | $query = $this->createQueryBuilder('c') |
|
90 | 131 | ->where('c.email = :email') |
|
91 | 131 | ->andWhere('c.del_flg = :delFlg') |
|
92 | 131 | ->andWhere('c.Status =:CustomerStatus') |
|
93 | 131 | ->setParameters(array( |
|
94 | 131 | 'email' => $username, |
|
95 | 131 | 'delFlg' => Constant::DISABLED, |
|
96 | 131 | 'CustomerStatus' => $CustomerStatus, |
|
97 | )) |
||
98 | 131 | ->setMaxResults(1) |
|
99 | 131 | ->getQuery(); |
|
100 | 131 | $Customer = $query->getOneOrNullResult(); |
|
101 | 131 | if (!$Customer) { |
|
102 | 1 | throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username)); |
|
103 | } |
||
104 | |||
105 | 130 | return $Customer; |
|
106 | } |
||
107 | |||
108 | /** |
||
109 | * Refreshes the user for the account interface. |
||
110 | * |
||
111 | * It is up to the implementation to decide if the user data should be |
||
112 | * totally reloaded (e.g. from the database), or if the UserInterface |
||
113 | * object can just be merged into some internal array of users / identity |
||
114 | * map. |
||
115 | * |
||
116 | * @param UserInterface $user |
||
117 | * |
||
118 | * @return UserInterface |
||
119 | * |
||
120 | * @throws UnsupportedUserException if the account is not supported |
||
121 | */ |
||
122 | 128 | View Code Duplication | public function refreshUser(UserInterface $user) |
123 | { |
||
124 | 128 | if (!$user instanceof Customer) { |
|
125 | 1 | throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); |
|
126 | } |
||
127 | |||
128 | 127 | return $this->loadUserByUsername($user->getUsername()); |
|
129 | } |
||
130 | |||
131 | /** |
||
132 | * Whether this provider supports the given user class. |
||
133 | * |
||
134 | * @param string $class |
||
135 | * |
||
136 | * @return bool |
||
137 | */ |
||
138 | 1 | public function supportsClass($class) |
|
139 | { |
||
140 | 1 | return $class === 'Eccube\Entity\Customer'; |
|
141 | } |
||
142 | |||
143 | 42 | public function getQueryBuilderBySearchData($searchData) |
|
144 | { |
||
145 | 42 | $qb = $this->createQueryBuilder('c') |
|
146 | 42 | ->select('c') |
|
147 | 42 | ->andWhere('c.del_flg = 0'); |
|
148 | |||
149 | 42 | if (isset($searchData['multi']) && Str::isNotBlank($searchData['multi'])) { |
|
150 | //スペース除去 |
||
151 | 18 | $clean_key_multi = preg_replace('/\s+|[ ]+/u', '', $searchData['multi']); |
|
152 | 18 | $id = preg_match('/^\d+$/', $clean_key_multi) ? $clean_key_multi : null; |
|
153 | $qb |
||
154 | 18 | ->andWhere('c.id = :customer_id OR CONCAT(c.name01, c.name02) LIKE :name OR CONCAT(c.kana01, c.kana02) LIKE :kana OR c.email LIKE :email') |
|
155 | 18 | ->setParameter('customer_id', $id) |
|
156 | 18 | ->setParameter('name', '%' . $clean_key_multi . '%') |
|
157 | 18 | ->setParameter('kana', '%' . $clean_key_multi . '%') |
|
158 | 18 | ->setParameter('email', '%' . $clean_key_multi . '%'); |
|
159 | } |
||
160 | |||
161 | // Pref |
||
162 | 42 | View Code Duplication | if (!empty($searchData['pref']) && $searchData['pref']) { |
163 | $qb |
||
164 | 1 | ->andWhere('c.Pref = :pref') |
|
165 | 1 | ->setParameter('pref', $searchData['pref']->getId()); |
|
166 | } |
||
167 | |||
168 | // sex |
||
169 | 42 | if (!empty($searchData['sex']) && count($searchData['sex']) > 0) { |
|
170 | 2 | $sexs = array(); |
|
171 | 2 | foreach ($searchData['sex'] as $sex) { |
|
172 | 2 | $sexs[] = $sex->getId(); |
|
173 | } |
||
174 | |||
175 | $qb |
||
176 | 2 | ->andWhere($qb->expr()->in('c.Sex', ':sexs')) |
|
177 | 2 | ->setParameter('sexs', $sexs); |
|
178 | } |
||
179 | |||
180 | 42 | View Code Duplication | if (!empty($searchData['birth_month']) && $searchData['birth_month']) { |
181 | $qb |
||
182 | 1 | ->andWhere('EXTRACT(MONTH FROM c.birth) = :birth_month') |
|
183 | 1 | ->setParameter('birth_month', $searchData['birth_month']); |
|
184 | } |
||
185 | |||
186 | // birth |
||
187 | 42 | View Code Duplication | if (!empty($searchData['birth_start']) && $searchData['birth_start']) { |
188 | 2 | $date = $searchData['birth_start'] |
|
189 | 2 | ->format('Y-m-d H:i:s'); |
|
190 | $qb |
||
191 | 2 | ->andWhere('c.birth >= :birth_start') |
|
192 | 2 | ->setParameter('birth_start', $date); |
|
193 | } |
||
194 | 42 | View Code Duplication | if (!empty($searchData['birth_end']) && $searchData['birth_end']) { |
195 | 2 | $date = clone $searchData['birth_end']; |
|
196 | $date = $date |
||
197 | 2 | ->modify('+1 days') |
|
198 | 2 | ->format('Y-m-d H:i:s'); |
|
199 | $qb |
||
200 | 2 | ->andWhere('c.birth < :birth_end') |
|
201 | 2 | ->setParameter('birth_end', $date); |
|
202 | } |
||
203 | |||
204 | // tel |
||
205 | 42 | View Code Duplication | if (isset($searchData['tel']) && Str::isNotBlank($searchData['tel'])) { |
0 ignored issues
–
show
|
|||
206 | $qb |
||
207 | 1 | ->andWhere('CONCAT(c.tel01, c.tel02, c.tel03) LIKE :tel') |
|
208 | 1 | ->setParameter('tel', '%' . $searchData['tel'] . '%'); |
|
209 | } |
||
210 | |||
211 | // buy_total |
||
212 | 42 | View Code Duplication | if (isset($searchData['buy_total_start']) && Str::isNotBlank($searchData['buy_total_start'])) { |
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
213 | $qb |
||
214 | 1 | ->andWhere('c.buy_total >= :buy_total_start') |
|
215 | 1 | ->setParameter('buy_total_start', $searchData['buy_total_start']); |
|
216 | } |
||
217 | 42 | View Code Duplication | if (isset($searchData['buy_total_end']) && Str::isNotBlank($searchData['buy_total_end'])) { |
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
218 | $qb |
||
219 | 1 | ->andWhere('c.buy_total <= :buy_total_end') |
|
220 | 1 | ->setParameter('buy_total_end', $searchData['buy_total_end']); |
|
221 | } |
||
222 | |||
223 | // buy_times |
||
224 | 42 | if (!empty($searchData['buy_times_start']) && $searchData['buy_times_start']) { |
|
225 | $qb |
||
226 | 1 | ->andWhere('c.buy_times >= :buy_times_start') |
|
227 | 1 | ->setParameter('buy_times_start', $searchData['buy_times_start']); |
|
228 | } |
||
229 | 42 | if (!empty($searchData['buy_times_end']) && $searchData['buy_times_end']) { |
|
230 | $qb |
||
231 | 1 | ->andWhere('c.buy_times <= :buy_times_end') |
|
232 | 1 | ->setParameter('buy_times_end', $searchData['buy_times_end']); |
|
233 | } |
||
234 | |||
235 | // create_date |
||
236 | 42 | View Code Duplication | if (!empty($searchData['create_date_start']) && $searchData['create_date_start']) { |
237 | 1 | $date = $searchData['create_date_start'] |
|
238 | 1 | ->format('Y-m-d H:i:s'); |
|
239 | $qb |
||
240 | 1 | ->andWhere('c.create_date >= :create_date_start') |
|
241 | 1 | ->setParameter('create_date_start', $date); |
|
242 | } |
||
243 | 42 | View Code Duplication | if (!empty($searchData['create_date_end']) && $searchData['create_date_end']) { |
244 | 1 | $date = clone $searchData['create_date_end']; |
|
245 | $date = $date |
||
246 | 1 | ->modify('+1 days') |
|
247 | 1 | ->format('Y-m-d H:i:s'); |
|
248 | $qb |
||
249 | 1 | ->andWhere('c.create_date < :create_date_end') |
|
250 | 1 | ->setParameter('create_date_end', $date); |
|
251 | } |
||
252 | |||
253 | // update_date |
||
254 | 42 | View Code Duplication | if (!empty($searchData['update_date_start']) && $searchData['update_date_start']) { |
255 | 1 | $date = $searchData['update_date_start'] |
|
256 | 1 | ->format('Y-m-d H:i:s'); |
|
257 | $qb |
||
258 | 1 | ->andWhere('c.update_date >= :update_date_start') |
|
259 | 1 | ->setParameter('update_date_start', $date); |
|
260 | } |
||
261 | 42 | View Code Duplication | if (!empty($searchData['update_date_end']) && $searchData['update_date_end']) { |
262 | 1 | $date = clone $searchData['update_date_end']; |
|
263 | $date = $date |
||
264 | 1 | ->modify('+1 days') |
|
265 | 1 | ->format('Y-m-d H:i:s'); |
|
266 | $qb |
||
267 | 1 | ->andWhere('c.update_date < :update_date_end') |
|
268 | 1 | ->setParameter('update_date_end', $date); |
|
269 | } |
||
270 | |||
271 | // last_buy |
||
272 | 42 | View Code Duplication | if (!empty($searchData['last_buy_start']) && $searchData['last_buy_start']) { |
273 | 1 | $date = $searchData['last_buy_start'] |
|
274 | 1 | ->format('Y-m-d H:i:s'); |
|
275 | $qb |
||
276 | 1 | ->andWhere('c.last_buy_date >= :last_buy_start') |
|
277 | 1 | ->setParameter('last_buy_start', $date); |
|
278 | } |
||
279 | 42 | View Code Duplication | if (!empty($searchData['last_buy_end']) && $searchData['last_buy_end']) { |
280 | 1 | $date = clone $searchData['last_buy_end']; |
|
281 | $date = $date |
||
282 | 1 | ->modify('+1 days') |
|
283 | 1 | ->format('Y-m-d H:i:s'); |
|
284 | $qb |
||
285 | 1 | ->andWhere('c.last_buy_date < :last_buy_end') |
|
286 | 1 | ->setParameter('last_buy_end', $date); |
|
287 | } |
||
288 | |||
289 | // status |
||
290 | 42 | if (!empty($searchData['customer_status']) && count($searchData['customer_status']) > 0) { |
|
291 | $qb |
||
292 | 2 | ->andWhere($qb->expr()->in('c.Status', ':statuses')) |
|
293 | 2 | ->setParameter('statuses', $searchData['customer_status']); |
|
294 | } |
||
295 | |||
296 | // buy_product_name、buy_product_code |
||
297 | 42 | View Code Duplication | if (isset($searchData['buy_product_code']) && Str::isNotBlank($searchData['buy_product_code'])) { |
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
298 | $qb |
||
299 | 1 | ->leftJoin('c.Orders', 'o') |
|
300 | 1 | ->leftJoin('o.OrderDetails', 'od') |
|
301 | 1 | ->andWhere('od.product_name LIKE :buy_product_name OR od.product_code LIKE :buy_product_name') |
|
302 | 1 | ->setParameter('buy_product_name', '%' . $searchData['buy_product_code'] . '%'); |
|
303 | } |
||
304 | |||
305 | // Order By |
||
306 | 42 | $qb->addOrderBy('c.update_date', 'DESC'); |
|
307 | |||
308 | 42 | return $qb; |
|
309 | } |
||
310 | |||
311 | /** |
||
312 | * ユニークなシークレットキーを返す |
||
313 | * @param $app |
||
314 | * @return string |
||
315 | */ |
||
316 | 366 | View Code Duplication | public function getUniqueSecretKey($app) |
317 | { |
||
318 | 366 | $unique = Str::random(32); |
|
319 | 366 | $Customer = $app['eccube.repository.customer']->findBy(array( |
|
320 | 366 | 'secret_key' => $unique, |
|
321 | )); |
||
322 | 366 | if (count($Customer) == 0) { |
|
323 | 366 | return $unique; |
|
324 | } else { |
||
325 | return $this->getUniqueSecretKey($app); |
||
326 | } |
||
327 | } |
||
328 | |||
329 | /** |
||
330 | * ユニークなパスワードリセットキーを返す |
||
331 | * @param $app |
||
332 | * @return string |
||
333 | */ |
||
334 | 2 | View Code Duplication | public function getUniqueResetKey($app) |
335 | { |
||
336 | 2 | $unique = Str::random(32); |
|
337 | 2 | $Customer = $app['eccube.repository.customer']->findBy(array( |
|
338 | 2 | 'reset_key' => $unique, |
|
339 | )); |
||
340 | 2 | if (count($Customer) == 0) { |
|
341 | 2 | return $unique; |
|
342 | } else { |
||
343 | return $this->getUniqueResetKey($app); |
||
344 | } |
||
345 | } |
||
346 | |||
347 | /** |
||
348 | * saltを生成する |
||
349 | * |
||
350 | * @param $byte |
||
351 | * @return string |
||
352 | */ |
||
353 | 366 | public function createSalt($byte) |
|
354 | { |
||
355 | 366 | $generator = new SecureRandom(); |
|
356 | |||
357 | 366 | return bin2hex($generator->nextBytes($byte)); |
|
358 | } |
||
359 | |||
360 | /** |
||
361 | * 入力されたパスワードをSaltと暗号化する |
||
362 | * |
||
363 | * @param $app |
||
364 | * @param Customer $Customer |
||
365 | * @return mixed |
||
366 | */ |
||
367 | 366 | public function encryptPassword($app, \Eccube\Entity\Customer $Customer) |
|
368 | { |
||
369 | 366 | $encoder = $app['security.encoder_factory']->getEncoder($Customer); |
|
370 | |||
371 | 366 | return $encoder->encodePassword($Customer->getPassword(), $Customer->getSalt()); |
|
372 | } |
||
373 | |||
374 | 5 | public function getNonActiveCustomerBySecretKey($secret_key) |
|
375 | { |
||
376 | 5 | $qb = $this->createQueryBuilder('c') |
|
377 | 5 | ->where('c.del_flg = 0 AND c.secret_key = :secret_key') |
|
378 | 5 | ->leftJoin('c.Status', 's') |
|
379 | 5 | ->andWhere('s.id = :status') |
|
380 | 5 | ->setParameter('secret_key', $secret_key) |
|
381 | 5 | ->setParameter('status', CustomerStatus::NONACTIVE); |
|
382 | 5 | $query = $qb->getQuery(); |
|
383 | |||
384 | 5 | return $query->getSingleResult(); |
|
385 | } |
||
386 | |||
387 | 3 | public function getActiveCustomerByEmail($email) |
|
388 | { |
||
389 | 3 | $query = $this->createQueryBuilder('c') |
|
390 | 3 | ->where('c.email = :email AND c.Status = :status') |
|
391 | 3 | ->setParameter('email', $email) |
|
392 | 3 | ->setParameter('status', CustomerStatus::ACTIVE) |
|
393 | 3 | ->setMaxResults(1) |
|
394 | 3 | ->getQuery(); |
|
395 | |||
396 | 3 | $Customer = $query->getOneOrNullResult(); |
|
397 | |||
398 | 3 | return $Customer; |
|
399 | } |
||
400 | |||
401 | 5 | public function getActiveCustomerByResetKey($reset_key) |
|
402 | { |
||
403 | 5 | $query = $this->createQueryBuilder('c') |
|
404 | 5 | ->where('c.reset_key = :reset_key AND c.Status = :status AND c.reset_expire >= :reset_expire') |
|
405 | 5 | ->setParameter('reset_key', $reset_key) |
|
406 | 5 | ->setParameter('status', CustomerStatus::ACTIVE) |
|
407 | 5 | ->setParameter('reset_expire', new \DateTime()) |
|
408 | 5 | ->getQuery(); |
|
409 | |||
410 | 5 | $Customer = $query->getSingleResult(); |
|
411 | |||
412 | 3 | return $Customer; |
|
413 | } |
||
414 | |||
415 | 4 | public function getResetPassword() |
|
416 | { |
||
417 | 4 | return Str::random(8); |
|
418 | } |
||
419 | |||
420 | /** |
||
421 | * 会員の初回購入時間、購入時間、購入回数、購入金額を更新する |
||
422 | * |
||
423 | * @param $app |
||
424 | * @param Customer $Customer |
||
425 | * @param $orderStatusId |
||
426 | */ |
||
427 | 16 | public function updateBuyData($app, Customer $Customer, $orderStatusId) |
|
428 | { |
||
429 | // 会員の場合、初回購入時間・購入時間・購入回数・購入金額を更新 |
||
430 | |||
431 | 16 | $arr = array($app['config']['order_new'], |
|
432 | 16 | $app['config']['order_pay_wait'], |
|
433 | 16 | $app['config']['order_back_order'], |
|
434 | 16 | $app['config']['order_deliv'], |
|
435 | 16 | $app['config']['order_pre_end'], |
|
436 | ); |
||
437 | |||
438 | 16 | $result = $app['eccube.repository.order']->getCustomerCount($Customer, $arr); |
|
439 | |||
440 | 16 | if (!empty($result)) { |
|
441 | 12 | $data = $result[0]; |
|
442 | |||
443 | 12 | $now = new \DateTime(); |
|
444 | |||
445 | 12 | $firstBuyDate = $Customer->getFirstBuyDate(); |
|
446 | 12 | if (empty($firstBuyDate)) { |
|
447 | 12 | $Customer->setFirstBuyDate($now); |
|
448 | } |
||
449 | |||
450 | 12 | if ($orderStatusId == $app['config']['order_cancel'] || |
|
451 | 12 | $orderStatusId == $app['config']['order_pending'] || |
|
452 | 12 | $orderStatusId == $app['config']['order_processing']) { |
|
453 | // キャンセル、決済処理中、購入処理中は購入時間は更新しない |
||
454 | } else { |
||
455 | 12 | $Customer->setLastBuyDate($now); |
|
456 | } |
||
457 | |||
458 | 12 | $Customer->setBuyTimes($data['buy_times']); |
|
459 | 12 | $Customer->setBuyTotal($data['buy_total']); |
|
460 | |||
461 | } else { |
||
462 | // 受注データが存在しなければ初期化 |
||
463 | 5 | $Customer->setFirstBuyDate(null); |
|
464 | 5 | $Customer->setLastBuyDate(null); |
|
465 | 5 | $Customer->setBuyTimes(0); |
|
466 | 5 | $Customer->setBuyTotal(0); |
|
467 | } |
||
468 | |||
469 | 16 | $app['orm.em']->persist($Customer); |
|
470 | 16 | $app['orm.em']->flush(); |
|
471 | } |
||
472 | } |
||
473 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.