Issues in api.class.php - All Issues - Inspection of "[UPDATE] Also detect testnet on RPC > 0.16" - MPOS/php-mpos - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( d1d4a0...e79b55 )

by Sebastian

created 2018-05-12 21:20 UTC

include/classes/api.class.php (17 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;

/**
 * Helper class for our API
 **/
class Api extends Base {
namespace YourVendor;

class YourClass { }
  private $api_version = '1.0.0';

  function setStartTime($dStartTime) {

    $this->dStartTime = $dStartTime;
class MyClass { }

$x = new MyClass();
$x->foo = true;
  }
  function isActive($error=true) {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    if (!$this->setting->getValue('disable_api')) {
class MyClass { }

$x = new MyClass();
$x->foo = true;
      return true;
    } else {
      if ($error == true) {

        unset($_SESSION['POPUP']);
        header('HTTP/1.1 501 Not implemented');
        die('501 Not implemented');

      }
    }
  }

  /**
   * Create API json object from input array
   * @param data Array data to create JSON for
   * @param force bool Enforce a JSON object
   * @return string JSON object
   **/
  function get_json($data, $force=false) {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    $json = json_encode(
      array( $_REQUEST['action'] => array(
        'version' => $this->api_version,
        'runtime' => (microtime(true) - $this->dStartTime) * 1000,
        'data' => $data
      )), $force ? JSON_FORCE_OBJECT : 0
    );
    // JSONP support issue #1700
    if (isset($_REQUEST['callback']) && ctype_alpha($_REQUEST['callback'])) {
      header('Content-type: application/json; charset=utf-8');
      return $_REQUEST['callback'] . '(' . $json . ');';
    }
    return $json;
  }

  /**
   * Check user access level to the API call
   **/
  function checkAccess($user_id, $get_id=NULL) {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    if (!empty($get_id) && is_array($get_id)) die("Access denied");

    if (is_array($user_id)) die("Access denied");

    if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id || !is_int($user_id))) {
      // User is NOT admin and tries to access an ID that is not their own
      header("HTTP/1.1 401 Unauthorized");
      die("Access denied");

    } else if ($this->user->isAdmin($user_id) && !empty($get_id)) {
      // User is an admin and tries to fetch another users data
      $id = $get_id;
      // Is it a username or a user ID
      ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id);
class MyClass { }

$x = new MyClass();
$x->foo = true;
    } else {
      $id = $user_id;
    }
    return $id;
  }
}

$api = new Api();
$api->setConfig($config);
$api->setUser($user);
$api->setSetting($setting);
$api->setStartTime($dStartTime=microtime(true));


1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2016-02-22 07:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 7 and the first side effect is on line 2. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
3
4			/**
5			* Helper class for our API
6			**/
7			class Api extends Base {
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
8			private $api_version = '1.0.0';
9
10			function setStartTime($dStartTime) {
			0 ignored issues – show Best Practice introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
11			$this->dStartTime = $dStartTime;
			0 ignored issues – show Bug introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `dStartTime` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
12			}
13			function isActive($error=true) {
			0 ignored issues – show Best Practice introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Coding Style introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `isActive` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
14			if (!$this->setting->getValue('disable_api')) {
			0 ignored issues – show Bug introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `setting` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
15			return true;
16			} else {
17			if ($error == true) {
			0 ignored issues – show Coding Style Best Practice introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
18			unset($_SESSION['POPUP']);
19			header('HTTP/1.1 501 Not implemented');
20			die('501 Not implemented');
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `isActive()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
21			}
22			}
23			}
24
25			/**
26			* Create API json object from input array
27			* @param data Array data to create JSON for
28			* @param force bool Enforce a JSON object
29			* @return string JSON object
30			**/
31			function get_json($data, $force=false) {
			0 ignored issues – show Best Practice introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Coding Style introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `get_json` uses the super-global variable `$_REQUEST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
32			$json = json_encode(
33			array( $_REQUEST['action'] => array(
34			'version' => $this->api_version,
35			'runtime' => (microtime(true) - $this->dStartTime) * 1000,
36			'data' => $data
37			)), $force ? JSON_FORCE_OBJECT : 0
38			);
39			// JSONP support issue #1700
40			if (isset($_REQUEST['callback']) && ctype_alpha($_REQUEST['callback'])) {
41			header('Content-type: application/json; charset=utf-8');
42			return $_REQUEST['callback'] . '(' . $json . ');';
43			}
44			return $json;
45			}
46
47			/**
48			* Check user access level to the API call
49			**/
50			function checkAccess($user_id, $get_id=NULL) {
			0 ignored issues – show Best Practice introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Coding Style introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `checkAccess` uses the super-global variable `$_REQUEST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
51			if (!empty($get_id) && is_array($get_id)) die("Access denied");
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `checkAccess()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
52			if (is_array($user_id)) die("Access denied");
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `checkAccess()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
53			if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id \|\| !is_int($user_id))) {
54			// User is NOT admin and tries to access an ID that is not their own
55			header("HTTP/1.1 401 Unauthorized");
56			die("Access denied");
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `checkAccess()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
57			} else if ($this->user->isAdmin($user_id) && !empty($get_id)) {
58			// User is an admin and tries to fetch another users data
59			$id = $get_id;
60			// Is it a username or a user ID
61			ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id);
			0 ignored issues – show Bug introduced 2015-12-14 13:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `user` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
62			} else {
63			$id = $user_id;
64			}
65			return $id;
66			}
67			}
68
69			$api = new Api();
70			$api->setConfig($config);
71			$api->setUser($user);
72			$api->setSetting($setting);
73			$api->setStartTime($dStartTime=microtime(true));
74

MPOS / php-mpos

Push — development ( d1d4a0...e79b55 )

include/classes/api.class.php (17 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like