Issues in UsersTable.php - All Issues - Inspection of "Merge pull request #11567 from mrclay/11563_routes" - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c0a3a7...3b84a4 )

by Jeroen

created 2018-01-08 10:08 UTC

engine/classes/Elgg/Database/UsersTable.php (1 issue)

Showing only issues like (Show All)

Checks if the types of returned expressions are compatible with the documented types.

Best Practice Bug Major

Ismayil Khayredinov 1

<?php

namespace Elgg\Database;

use Elgg\Config as Conf;
use Elgg\Database;
use ElggUser;
use RegistrationException;

/**
 * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
 *
 * @access private
 *
 * @package    Elgg.Core
 * @subpackage Database
 * @since      1.10.0
 */
class UsersTable {

	use \Elgg\TimeUsing;

	/**
	 * @var Conf
	 */
	protected $config;

	/**
	 * @var Database
	 */
	protected $db;

	/**
	 * @var MetadataTable
	 */
	protected $metadata;

	/**
	 * Constructor
	 *
	 * @param Conf          $config   Config
	 * @param Database      $db       Database
	 * @param MetadataTable $metadata Metadata table
	 */
	public function __construct(Conf $config, Database $db, MetadataTable $metadata) {
		$this->config = $config;
		$this->db = $db;
		$this->metadata = $metadata;
	}

	/**
	 * Get user by username
	 *
	 * @param string $username The user's username
	 *
	 * @return ElggUser|false Depending on success
	 */
	public function getByUsername($username) {

		// Fixes #6052. Username is frequently sniffed from the path info, which,
		// unlike $_GET, is not URL decoded. If the username was not URL encoded,
		// this is harmless.
		$username = rawurldecode($username);

		if (!$username) {
			return false;
		}

		$entity =_elgg_services()->dataCache->usernames->load($username);
		if ($entity instanceof ElggUser) {
			return $entity;
		}

		$users = elgg_get_entities([
			'types' => 'user',
			'metadata_name_value_pairs' => [
				[
					'name' => 'username',
					'value' => $username,
				],
			],
			'limit' => 1,
		]);
		
		return $users ? $users[0] : false;
	}

	/**
	 * Get an array of users from an email address
	 *
	 * @param string $email Email address
	 * @return array
	 */
	public function getByEmail($email) {
		if (!$email) {
			return [];
		}
		
		$users = elgg_get_entities([
			'types' => 'user',
			'metadata_name_value_pairs' => [
				[
					'name' => 'email',
					'value' => $email,
				],
			],
			'limit' => 1,
		]);

		return $users ? : [];

	}

	/**
	 * Return users (or the number of them) who have been active within a recent period.
	 *
	 * @param array $options Array of options with keys:
	 *
	 *   seconds (int)  => Length of period (default 600 = 10min)
	 *   limit   (int)  => Limit (default 10)
	 *   offset  (int)  => Offset (default 0)
	 *   count   (bool) => Return a count instead of users? (default false)
	 *
	 * @return \ElggUser[]|int
	 */
	public function findActive(array $options = []) {
	
		$options = array_merge([
			'seconds' => 600,
			'limit' => $this->config->default_limit,
		], $options);

		// cast options we're sending to hook
		foreach (['seconds', 'limit', 'offset'] as $key) {
			$options[$key] = (int) $options[$key];
		}
		$options['count'] = (bool) $options['count'];

		// allow plugins to override
		$params = [
			'seconds' => $options['seconds'],
			'limit' => $options['limit'],
			'offset' => $options['offset'],
			'count' => $options['count'],
			'options' => $options,
		];
		$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
		// check null because the handler could legitimately return falsey values.
		if ($data !== null) {
			return $data;
		}

		$time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
		return elgg_get_entities([
			'type' => 'user',
			'limit' => $options['limit'],
			'offset' => $options['offset'],
			'count' => $options['count'],
			'wheres' => ["e.last_action >= {$time}"],
			'order_by' => "e.last_action desc",
		]);
	}

	/**
	 * Registers a user, returning false if the username already exists
	 *
	 * @param string $username              The username of the new user
	 * @param string $password              The password
	 * @param string $name                  The user's display name
	 * @param string $email                 The user's email address
	 * @param bool   $allow_multiple_emails Allow the same email address to be
	 *                                      registered multiple times?
	 * @param string $subtype               Subtype of the user entity
	 *
	 * @return int|false The new user's GUID; false on failure
	 * @throws RegistrationException
	 */
	public function register($username, $password, $name, $email, $allow_multiple_emails = false, $subtype = null) {

		// no need to trim password
		$username = trim($username);
		$name = trim(strip_tags($name));
		$email = trim($email);

		// A little sanity checking
		if (empty($username) || empty($password) || empty($name) || empty($email)) {
			return false;
		}

		// Make sure a user with conflicting details hasn't registered and been disabled
		$access_status = access_get_show_hidden_status();
		access_show_hidden_entities(true);

		if (!validate_email_address($email)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
		}

		if (!validate_password($password)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
		}

		if (!validate_username($username)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
		}

		if (get_user_by_username($username)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
		}

		if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
		}

		access_show_hidden_entities($access_status);

		// Create user
		$constructor = ElggUser::class;
		if (isset($subtype)) {
			$class = elgg_get_entity_class('user', $subtype);
			if ($class && class_exists($class) && is_subclass_of($class, ElggUser::class)) {
				$constructor = $class;
			}
		}

		$user = new $constructor();
		if (isset($subtype)) {
			$user->subtype = $subtype;
		}
		$user->username = $username;
		$user->email = $email;
		$user->name = $name;
		$user->access_id = ACCESS_PUBLIC;
		$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
		$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
		$user->language = _elgg_services()->translator->getCurrentLanguage();
		if ($user->save() === false) {
			return false;
		}
		
		// doing this after save to prevent metadata save notices on unwritable metadata password_hash
		$user->setPassword($password);

		// Turn on email notifications by default
		$user->setNotificationSetting('email', true);
	
		return $user->getGUID();
	}

	/**
	 * Generates a unique invite code for a user
	 *
	 * @param string $username The username of the user sending the invitation
	 *
	 * @return string Invite code
	 * @see validateInviteCode
	 */
	public function generateInviteCode($username) {
		$time = $this->getCurrentTime()->getTimestamp();
		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
	}

	/**
	 * Validate a user's invite code
	 *
	 * @param string $username The username
	 * @param string $code     The invite code
	 *
	 * @return bool
	 * @see generateInviteCode
	 */
	public function validateInviteCode($username, $code) {
		// validate the format of the token created by ->generateInviteCode()
		if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
			return false;
		}
		$time = $m[1];
		$mac = $m[2];

		return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
	}
}


1		<?php
2
3		namespace Elgg\Database;
4
5		use Elgg\Config as Conf;
6		use Elgg\Database;
7		use ElggUser;
8		use RegistrationException;
9
10		/**
11		* WARNING: API IN FLUX. DO NOT USE DIRECTLY.
12		*
13		* @access private
14		*
15		* @package Elgg.Core
16		* @subpackage Database
17		* @since 1.10.0
18		*/
19		class UsersTable {
20
21		use \Elgg\TimeUsing;
22
23		/**
24		* @var Conf
25		*/
26		protected $config;
27
28		/**
29		* @var Database
30		*/
31		protected $db;
32
33		/**
34		* @var MetadataTable
35		*/
36		protected $metadata;
37
38		/**
39		* Constructor
40		*
41		* @param Conf $config Config
42		* @param Database $db Database
43		* @param MetadataTable $metadata Metadata table
44		*/
45	4419	public function __construct(Conf $config, Database $db, MetadataTable $metadata) {
46	4419	$this->config = $config;
47	4419	$this->db = $db;
48	4419	$this->metadata = $metadata;
49	4419	}
50
51		/**
52		* Get user by username
53		*
54		* @param string $username The user's username
55		*
56		* @return ElggUser\|false Depending on success
57		*/
58	459	public function getByUsername($username) {
59
60		// Fixes #6052. Username is frequently sniffed from the path info, which,
61		// unlike $_GET, is not URL decoded. If the username was not URL encoded,
62		// this is harmless.
63	459	$username = rawurldecode($username);
64
65	459	if (!$username) {
66		return false;
67		}
68
69	459	$entity =_elgg_services()->dataCache->usernames->load($username);
70	459	if ($entity instanceof ElggUser) {
71	8	return $entity;
72		}
73
74	459	$users = elgg_get_entities([
75	459	'types' => 'user',
76		'metadata_name_value_pairs' => [
77		[
78	459	'name' => 'username',
79	459	'value' => $username,
80		],
81		],
82	459	'limit' => 1,
83		]);
84
85	459	return $users ? $users[0] : false;
86		}
87
88		/**
89		* Get an array of users from an email address
90		*
91		* @param string $email Email address
92		* @return array
93		*/
94	162	public function getByEmail($email) {
95	162	if (!$email) {
96		return [];
97		}
98
99	162	$users = elgg_get_entities([
100	162	'types' => 'user',
101		'metadata_name_value_pairs' => [
102		[
103	162	'name' => 'email',
104	162	'value' => $email,
105		],
106		],
107	162	'limit' => 1,
108		]);
109
110	162	return $users ? : [];
		0 ignored issues – show Bug Best Practice introduced 2017-11-20 23:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $users ?: array()` also could return the type `integer` which is incompatible with the documented return type `array`. Loading history...
111		}
112
113		/**
114		* Return users (or the number of them) who have been active within a recent period.
115		*
116		* @param array $options Array of options with keys:
117		*
118		* seconds (int) => Length of period (default 600 = 10min)
119		* limit (int) => Limit (default 10)
120		* offset (int) => Offset (default 0)
121		* count (bool) => Return a count instead of users? (default false)
122		*
123		* @return \ElggUser[]\|int
124		*/
125	1	public function findActive(array $options = []) {
126
127	1	$options = array_merge([
128	1	'seconds' => 600,
129	1	'limit' => $this->config->default_limit,
130	1	], $options);
131
132		// cast options we're sending to hook
133	1	foreach (['seconds', 'limit', 'offset'] as $key) {
134	1	$options[$key] = (int) $options[$key];
135		}
136	1	$options['count'] = (bool) $options['count'];
137
138		// allow plugins to override
139		$params = [
140	1	'seconds' => $options['seconds'],
141	1	'limit' => $options['limit'],
142	1	'offset' => $options['offset'],
143	1	'count' => $options['count'],
144	1	'options' => $options,
145		];
146	1	$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
147		// check null because the handler could legitimately return falsey values.
148	1	if ($data !== null) {
149		return $data;
150		}
151
152	1	$time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
153	1	return elgg_get_entities([
154	1	'type' => 'user',
155	1	'limit' => $options['limit'],
156	1	'offset' => $options['offset'],
157	1	'count' => $options['count'],
158	1	'wheres' => ["e.last_action >= {$time}"],
159	1	'order_by' => "e.last_action desc",
160		]);
161		}
162
163		/**
164		* Registers a user, returning false if the username already exists
165		*
166		* @param string $username The username of the new user
167		* @param string $password The password
168		* @param string $name The user's display name
169		* @param string $email The user's email address
170		* @param bool $allow_multiple_emails Allow the same email address to be
171		* registered multiple times?
172		* @param string $subtype Subtype of the user entity
173		*
174		* @return int\|false The new user's GUID; false on failure
175		* @throws RegistrationException
176		*/
177	162	public function register($username, $password, $name, $email, $allow_multiple_emails = false, $subtype = null) {
178
179		// no need to trim password
180	162	$username = trim($username);
181	162	$name = trim(strip_tags($name));
182	162	$email = trim($email);
183
184		// A little sanity checking
185	162	if (empty($username) \|\| empty($password) \|\| empty($name) \|\| empty($email)) {
186		return false;
187		}
188
189		// Make sure a user with conflicting details hasn't registered and been disabled
190	162	$access_status = access_get_show_hidden_status();
191	162	access_show_hidden_entities(true);
192
193	162	if (!validate_email_address($email)) {
194		throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
195		}
196
197	162	if (!validate_password($password)) {
198		throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
199		}
200
201	162	if (!validate_username($username)) {
202		throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
203		}
204
205	162	if (get_user_by_username($username)) {
206		throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
207		}
208
209	162	if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
210		throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
211		}
212
213	162	access_show_hidden_entities($access_status);
214
215		// Create user
216	162	$constructor = ElggUser::class;
217	162	if (isset($subtype)) {
218	160	$class = elgg_get_entity_class('user', $subtype);
219	160	if ($class && class_exists($class) && is_subclass_of($class, ElggUser::class)) {
220		$constructor = $class;
221		}
222		}
223
224	162	$user = new $constructor();
225	162	if (isset($subtype)) {
226	160	$user->subtype = $subtype;
227		}
228	162	$user->username = $username;
229	162	$user->email = $email;
230	162	$user->name = $name;
231	162	$user->access_id = ACCESS_PUBLIC;
232	162	$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
233	162	$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
234	162	$user->language = _elgg_services()->translator->getCurrentLanguage();
235	162	if ($user->save() === false) {
236		return false;
237		}
238
239		// doing this after save to prevent metadata save notices on unwritable metadata password_hash
240	162	$user->setPassword($password);
241
242		// Turn on email notifications by default
243	162	$user->setNotificationSetting('email', true);
244
245	162	return $user->getGUID();
246		}
247
248		/**
249		* Generates a unique invite code for a user
250		*
251		* @param string $username The username of the user sending the invitation
252		*
253		* @return string Invite code
254		* @see validateInviteCode
255		*/
256		public function generateInviteCode($username) {
257		$time = $this->getCurrentTime()->getTimestamp();
258		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
259		}
260
261		/**
262		* Validate a user's invite code
263		*
264		* @param string $username The username
265		* @param string $code The invite code
266		*
267		* @return bool
268		* @see generateInviteCode
269		*/
270		public function validateInviteCode($username, $code) {
271		// validate the format of the token created by ->generateInviteCode()
272		if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
273		return false;
274		}
275		$time = $m[1];
276		$mac = $m[2];
277
278		return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
279		}
280		}
281

Elgg / Elgg

Push — master ( c0a3a7...3b84a4 )

engine/classes/Elgg/Database/UsersTable.php (1 issue)

Showing only issues like (Show All)

Introduced By

Duplication Side-by-Side

Filter issues like