This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Repository; |
||
26 | |||
27 | use Doctrine\ORM\EntityRepository; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Entity\Member; |
||
30 | use Symfony\Component\Security\Core\Exception\UnsupportedUserException; |
||
31 | use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; |
||
32 | use Symfony\Component\Security\Core\User\UserInterface; |
||
33 | use Symfony\Component\Security\Core\User\UserProviderInterface; |
||
34 | use Symfony\Component\Security\Core\Util\SecureRandom; |
||
35 | use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface; |
||
36 | |||
37 | /** |
||
38 | * MemberRepository |
||
39 | * |
||
40 | * This class was generated by the Doctrine ORM. Add your own custom |
||
41 | * repository methods below. |
||
42 | */ |
||
43 | class MemberRepository extends EntityRepository implements UserProviderInterface |
||
44 | { |
||
45 | /** |
||
46 | * @var EncoderFactoryInterface |
||
47 | */ |
||
48 | private $encoder_factory; |
||
49 | |||
50 | /** |
||
51 | * @param EncoderFactoryInterface $encoder_factory |
||
52 | */ |
||
53 | 591 | public function setEncoderFactorty(EncoderFactoryInterface $encoder_factory) |
|
54 | { |
||
55 | 591 | $this->encoder_factory = $encoder_factory; |
|
56 | } |
||
57 | |||
58 | /** |
||
59 | * Loads the user for the given username. |
||
60 | * |
||
61 | * This method must throw UsernameNotFoundException if the user is not |
||
62 | * found. |
||
63 | * |
||
64 | * @param string $username The username |
||
65 | * |
||
66 | * @return UserInterface |
||
67 | * |
||
68 | * @see UsernameNotFoundException |
||
69 | * |
||
70 | * @throws UsernameNotFoundException if the user is not found |
||
71 | */ |
||
72 | 311 | public function loadUserByUsername($username) |
|
73 | { |
||
74 | $Work = $this |
||
75 | 311 | ->getEntityManager() |
|
76 | 311 | ->getRepository('Eccube\Entity\Master\Work') |
|
77 | 311 | ->find(\Eccube\Entity\Master\Work::WORK_ACTIVE_ID); |
|
78 | |||
79 | 311 | $query = $this->createQueryBuilder('m') |
|
80 | 311 | ->where('m.login_id = :login_id') |
|
81 | 311 | ->andWhere('m.Work = :Work') |
|
82 | 311 | ->setParameters(array( |
|
83 | 311 | 'login_id' => $username, |
|
84 | 311 | 'Work' => $Work, |
|
85 | )) |
||
86 | 311 | ->setMaxResults(1) |
|
87 | 311 | ->getQuery(); |
|
88 | 311 | $Member = $query->getOneOrNullResult(); |
|
89 | 311 | if (!$Member) { |
|
90 | 1 | throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username)); |
|
91 | } |
||
92 | |||
93 | 310 | return $Member; |
|
94 | } |
||
95 | |||
96 | /** |
||
97 | * Refreshes the user for the account interface. |
||
98 | * |
||
99 | * It is up to the implementation to decide if the user data should be |
||
100 | * totally reloaded (e.g. from the database), or if the UserInterface |
||
101 | * object can just be merged into some internal array of users / identity |
||
102 | * map. |
||
103 | * |
||
104 | * @param UserInterface $user |
||
105 | * |
||
106 | * @return UserInterface |
||
107 | * |
||
108 | * @throws UnsupportedUserException if the account is not supported |
||
109 | */ |
||
110 | 308 | View Code Duplication | public function refreshUser(UserInterface $user) |
111 | { |
||
112 | 308 | if (!$user instanceof Member) { |
|
0 ignored issues
–
show
|
|||
113 | 1 | throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user))); |
|
114 | } |
||
115 | |||
116 | 307 | return $this->loadUserByUsername($user->getUsername()); |
|
117 | } |
||
118 | |||
119 | /** |
||
120 | * Whether this provider supports the given user class. |
||
121 | * |
||
122 | * @param string $class |
||
123 | * |
||
124 | * @return bool |
||
125 | */ |
||
126 | 1 | public function supportsClass($class) |
|
127 | { |
||
128 | 1 | return $class === 'Eccube\Entity\Member'; |
|
129 | } |
||
130 | |||
131 | /** |
||
132 | * @param \Eccube\Entity\Member $Member |
||
133 | * |
||
134 | * @return void |
||
135 | */ |
||
136 | 5 | View Code Duplication | public function up(\Eccube\Entity\Member $Member) |
137 | { |
||
138 | 5 | $em = $this->getEntityManager(); |
|
139 | 5 | $em->getConnection()->beginTransaction(); |
|
140 | try { |
||
141 | 5 | $rank = $Member->getRank(); |
|
142 | |||
143 | 5 | $Member2 = $this->findOneBy(array('rank' => $rank + 1)); |
|
144 | 5 | if (!$Member2) { |
|
145 | 3 | throw new \Exception(); |
|
146 | } |
||
147 | 2 | $Member2->setRank($rank); |
|
148 | 2 | $em->persist($Member2); |
|
149 | |||
150 | // Member更新 |
||
151 | 2 | $Member->setRank($rank + 1); |
|
152 | |||
153 | 2 | $em->persist($Member); |
|
154 | 2 | $em->flush(); |
|
155 | |||
156 | 2 | $em->getConnection()->commit(); |
|
157 | 3 | } catch (\Exception $e) { |
|
158 | 3 | $em->getConnection()->rollback(); |
|
159 | |||
160 | 3 | return false; |
|
161 | } |
||
162 | |||
163 | 2 | return true; |
|
164 | } |
||
165 | |||
166 | /** |
||
167 | * @param \Eccube\Entity\Member $Member |
||
168 | * @return bool |
||
169 | */ |
||
170 | 6 | View Code Duplication | public function down(\Eccube\Entity\Member $Member) |
171 | { |
||
172 | 6 | $em = $this->getEntityManager(); |
|
173 | 6 | $em->getConnection()->beginTransaction(); |
|
174 | try { |
||
175 | 6 | $rank = $Member->getRank(); |
|
176 | |||
177 | // |
||
178 | 6 | $Member2 = $this->findOneBy(array('rank' => $rank - 1)); |
|
179 | 6 | if (!$Member2) { |
|
180 | 3 | throw new \Exception(); |
|
181 | } |
||
182 | 3 | $Member2->setRank($rank); |
|
183 | 3 | $em->persist($Member2); |
|
184 | |||
185 | // Member更新 |
||
186 | 3 | $Member->setRank($rank - 1); |
|
187 | |||
188 | 3 | $em->persist($Member); |
|
189 | 3 | $em->flush(); |
|
190 | |||
191 | 3 | $em->getConnection()->commit(); |
|
192 | 3 | } catch (\Exception $e) { |
|
193 | 3 | $em->getConnection()->rollback(); |
|
194 | |||
195 | 3 | return false; |
|
196 | } |
||
197 | |||
198 | 3 | return true; |
|
199 | } |
||
200 | |||
201 | /** |
||
202 | * @param \Eccube\Entity\Member $Member |
||
203 | * @return bool |
||
204 | */ |
||
205 | 230 | View Code Duplication | public function save(\Eccube\Entity\Member $Member) |
206 | { |
||
207 | 230 | $em = $this->getEntityManager(); |
|
208 | 230 | $em->getConnection()->beginTransaction(); |
|
209 | try { |
||
210 | 230 | if (!$Member->getId()) { |
|
211 | 230 | $rank = $this->createQueryBuilder('m') |
|
212 | 230 | ->select('MAX(m.rank)') |
|
213 | 230 | ->getQuery() |
|
214 | 230 | ->getSingleScalarResult(); |
|
215 | 230 | if (!$rank) { |
|
216 | 1 | $rank = 0; |
|
217 | } |
||
218 | $Member |
||
219 | 230 | ->setRank($rank + 1) |
|
220 | 230 | ->setDelFlg(Constant::DISABLED); |
|
221 | } |
||
222 | |||
223 | 230 | $em->persist($Member); |
|
224 | 230 | $em->flush(); |
|
225 | |||
226 | 229 | $em->getConnection()->commit(); |
|
227 | 1 | } catch (\Exception $e) { |
|
228 | 1 | $em->getConnection()->rollback(); |
|
229 | |||
230 | 1 | return false; |
|
231 | } |
||
232 | |||
233 | 229 | return true; |
|
234 | } |
||
235 | |||
236 | /** |
||
237 | * @param \Eccube\Entity\Member $Member |
||
238 | * @return bool |
||
239 | */ |
||
240 | 4 | View Code Duplication | public function delete(\Eccube\Entity\Member $Member) |
241 | { |
||
242 | 4 | $em = $this->getEntityManager(); |
|
243 | 4 | $em->getConnection()->beginTransaction(); |
|
244 | try { |
||
245 | 4 | $rank = $Member->getRank(); |
|
246 | 4 | $em->createQueryBuilder() |
|
247 | 4 | ->update('Eccube\Entity\Member', 'm') |
|
248 | 4 | ->set('m.rank', 'm.rank - 1') |
|
249 | 4 | ->where('m.rank > :rank')->setParameter('rank', $rank) |
|
250 | 4 | ->getQuery() |
|
251 | 4 | ->execute(); |
|
252 | |||
253 | $Member |
||
254 | 4 | ->setDelFlg(Constant::ENABLED) |
|
255 | 4 | ->setRank(0); |
|
256 | |||
257 | 4 | $em->persist($Member); |
|
258 | 4 | $em->flush(); |
|
259 | |||
260 | 3 | $em->getConnection()->commit(); |
|
261 | 1 | } catch (\Exception $e) { |
|
262 | 1 | $em->getConnection()->rollback(); |
|
263 | |||
264 | 1 | return false; |
|
265 | } |
||
266 | |||
267 | 3 | return true; |
|
268 | } |
||
269 | |||
270 | /** |
||
271 | * saltを生成する |
||
272 | * |
||
273 | * @param $byte |
||
274 | * @return string |
||
275 | */ |
||
276 | 244 | public function createSalt($byte) |
|
277 | { |
||
278 | 244 | $generator = new SecureRandom(); |
|
279 | |||
280 | 244 | return bin2hex($generator->nextBytes($byte)); |
|
281 | } |
||
282 | |||
283 | /** |
||
284 | * 入力されたパスワードをSaltと暗号化する |
||
285 | * |
||
286 | * @param $app |
||
287 | * @param \Eccube\Entity\Member $Member |
||
288 | * @return mixed |
||
289 | */ |
||
290 | 244 | public function encryptPassword(\Eccube\Entity\Member $Member) |
|
291 | { |
||
292 | 244 | $encoder = $this->encoder_factory->getEncoder($Member); |
|
293 | |||
294 | 244 | return $encoder->encodePassword($Member->getPassword(), $Member->getSalt()); |
|
295 | } |
||
296 | } |
||
297 |
This error could be the result of:
1. Missing dependencies
PHP Analyzer uses your
composer.json
file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects thecomposer.json
to be in the root folder of your repository.Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the
require
orrequire-dev
section?2. Missing use statement
PHP does not complain about undefined classes in
ìnstanceof
checks. For example, the following PHP code will work perfectly fine:If you have not tested against this specific condition, such errors might go unnoticed.