Issues in roundstats.class.php (development) - Issues in development - MPOS/php-mpos - Measure and Improve Code Quality continuously with Scrutinizer

Issues (431)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/classes/roundstats.class.php (4 issues)

Labels

Severity

Major 4

Sebastian Grewe 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;

class RoundStats extends Base {
  /**
   * Get next block for round stats
   **/
  public function getNextBlock($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT height
      FROM " . $this->block->getTableName() . "
      WHERE height > ?
      ORDER BY height ASC
      LIMIT 1");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->height;
    return $this->sqlError();
  }

  /**
   * Get prev block for round stats
   **/
  public function getPreviousBlock($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT height
      FROM " . $this->block->getTableName() . "
      WHERE height < ?
      ORDER BY height DESC
      LIMIT 1");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->height;
    return $this->sqlError();
  }

  /**
   * search for block height
   **/
  public function searchForBlockHeight($iHeight=0) {
    $stmt = $this->mysqli->prepare("
       SELECT height 
       FROM " . $this->block->getTableName() . "
       WHERE height >= ?
       ORDER BY height ASC 
       LIMIT 1");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->height;
    return $this->sqlError();
  }

  /**
   * get next block for stats paging
   **/
  public function getNextBlockForStats($iHeight=0, $limit=10) {
    $stmt = $this->mysqli->prepare("
      SELECT MAX(x.height) AS height
      FROM (
        SELECT height FROM " . $this->block->getTableName() . "
        WHERE height >= ?
        ORDER BY height ASC LIMIT ?
      ) AS x");
    if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->height;
    return $this->sqlError();
  }

  /**
   * Get details for block height
   * @param height int Block Height
   * @return data array Block information from DB
   **/
  public function getDetailsForBlockHeight($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT 
      b.id, height, blockhash, amount, confirmations, difficulty, FROM_UNIXTIME(time) as time, shares,
      IF(a.is_anonymous, 'anonymous', a.username) AS finder,
      ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), 0) AS estshares,
      (time - (SELECT time FROM " . $this->block->getTableName() . " WHERE height < ? ORDER BY height DESC LIMIT 1)) AS round_time
      FROM " . $this->block->getTableName() . " as b
      LEFT JOIN " . $this->user->getTableName() . " AS a ON b.account_id = a.id
      WHERE b.height = ? LIMIT 1");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_assoc();
    return $this->sqlError();
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Get shares statistics for round block height
   * @param height int Block Height
   * @return data array Block information from DB
   **/
  public function getRoundStatsForAccounts($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT
        a.id,
        a.username,
        a.is_anonymous,
        s.valid,
        s.invalid
        FROM " . $this->statistics->getTableName() . " AS s
        LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
        LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
        WHERE b.height = ? AND s.valid > 0
        GROUP BY username ASC
        ORDER BY valid DESC
        ");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) {
      $aData = null;
      while ($row = $result->fetch_assoc()) {
        $aData[$row['id']] = $row;
      }
      return $aData;
    }
    return $this->sqlError();
  }

  /**
   * Get pplns statistics for round block height
   * @param height int Block Height
   * @return data array Block information from DB
   **/
  public function getPPLNSRoundStatsForAccounts($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT
        a.username,
        a.is_anonymous,
        s.pplns_valid,
        s.pplns_invalid
        FROM " . $this->statistics->getTableName() . " AS s
        LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
        LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
        WHERE b.height = ? AND s.pplns_valid > 0
        GROUP BY username ASC
        ORDER BY pplns_valid DESC
        ");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    return $this->sqlError();
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Get total valid pplns shares for block height
   **/
  public function getPPLNSRoundShares($iHeight=0) {
    $stmt = $this->mysqli->prepare("
      SELECT
        SUM(s.pplns_valid) AS pplns_valid
        FROM " . $this->statistics->getTableName() . " AS s
        LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
        WHERE b.height = ?
        ");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->pplns_valid;
    return $this->sqlError();
  }

  /**
   * Get all transactions for round block height for admin
   * @param height int Block Height
   * @return data array Block round transactions
   **/
  public function getAllRoundTransactions($iHeight=0) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT
      t.id AS id,
      a.id AS uid,
      a.username AS username,
      a.is_anonymous,
      t.type AS type,
      t.amount AS amount
      FROM " . $this->transaction->getTableName() . " AS t
      LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
      LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
      WHERE b.height = ? AND t.type = 'Credit'
      ORDER BY amount DESC");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    $this->debug->append('Unable to fetch transactions');
    return $this->sqlError();
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Get transactions for round block height user id
   * @param height int Block Height
   * @param id int user id
   * @return data array Block round transactions for user id
   **/
  public function getUserRoundTransactions($iHeight=0, $id=0) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT
      t.id AS id,
      a.username AS username,
      t.type AS type,
      t.amount AS amount
      FROM " . $this->transaction->getTableName() . " AS t
      LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
      LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
      WHERE b.height = ? AND a.id = ?
      ORDER BY id ASC");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $id) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    $this->debug->append('Unable to fetch transactions');
    return $this->sqlError();
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Get ALL last blocks from height for admin panel
   **/
  public function getAllReportBlocksFoundHeight($iHeight=0, $limit=10) {
    $stmt = $this->mysqli->prepare("
      SELECT
        height, shares
      FROM " . $this->block->getTableName() . "
      WHERE height <= ?
      ORDER BY height DESC LIMIT ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    return $this->sqlError();
  }

  /**
   * Get USER last blocks from height for admin panel
   **/
  public function getUserReportBlocksFoundHeight($iHeight=0, $limit=10, $iUser) {
    $stmt = $this->mysqli->prepare("
      SELECT
        b.height, b.shares
        FROM " . $this->block->getTableName() . " AS b
        LEFT JOIN " . $this->statistics->getTableName() . " AS s ON s.block_id = b.id
        LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id 
      WHERE b.height <= ? AND a.id = ?
      ORDER BY height DESC LIMIT ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('iii', $iHeight, $iUser, $limit) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    return $this->sqlError();
  }

  /**
   * Get shares for block height for user admin panel
   **/
  public function getRoundStatsForUser($iHeight=0, $iUser) {
    $stmt = $this->mysqli->prepare("
      SELECT
        s.valid,
        s.invalid,
        s.pplns_valid,
        s.pplns_invalid
        FROM " . $this->statistics->getTableName() . " AS s
        LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
        LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
        WHERE b.height = ? AND a.id = ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_assoc();
    return $this->sqlError();
  }

  /**
   * Get credit transactions for round block height for admin panel
   **/
  public function getUserRoundTransHeight($iHeight=0, $iUser) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT
      IFNULL(t.amount, 0) AS amount
      FROM " . $this->transaction->getTableName() . " AS t
      LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
      LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
      WHERE b.height = ? AND t.type = 'Credit' AND t.account_id = ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_object()->amount;
    $this->debug->append('Unable to fetch transactions');
    return $this->sqlError();
  }
}

$roundstats = new RoundStats();
$roundstats->setDebug($debug);
$roundstats->setMysql($mysqli);
$roundstats->setConfig($config);
$roundstats->setErrorCodes($aErrorCodes);
$roundstats->setUser($user);
$roundstats->setStatistics($statistics);
$roundstats->setBlock($block);
$roundstats->setTransaction($transaction);
$roundstats->setCoin($coin);


1		<?php
2		$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
3
4		class RoundStats extends Base {
5		/**
6		* Get next block for round stats
7		**/
8	View Code Duplication	public function getNextBlock($iHeight=0) {
9		$stmt = $this->mysqli->prepare("
10		SELECT height
11		FROM " . $this->block->getTableName() . "
12		WHERE height > ?
13		ORDER BY height ASC
14		LIMIT 1");
15		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
16		return $result->fetch_object()->height;
17		return $this->sqlError();
18		}
19
20		/**
21		* Get prev block for round stats
22		**/
23	View Code Duplication	public function getPreviousBlock($iHeight=0) {
24		$stmt = $this->mysqli->prepare("
25		SELECT height
26		FROM " . $this->block->getTableName() . "
27		WHERE height < ?
28		ORDER BY height DESC
29		LIMIT 1");
30		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
31		return $result->fetch_object()->height;
32		return $this->sqlError();
33		}
34
35		/**
36		* search for block height
37		**/
38	View Code Duplication	public function searchForBlockHeight($iHeight=0) {
39		$stmt = $this->mysqli->prepare("
40		SELECT height
41		FROM " . $this->block->getTableName() . "
42		WHERE height >= ?
43		ORDER BY height ASC
44		LIMIT 1");
45		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
46		return $result->fetch_object()->height;
47		return $this->sqlError();
48		}
49
50		/**
51		* get next block for stats paging
52		**/
53	View Code Duplication	public function getNextBlockForStats($iHeight=0, $limit=10) {
54		$stmt = $this->mysqli->prepare("
55		SELECT MAX(x.height) AS height
56		FROM (
57		SELECT height FROM " . $this->block->getTableName() . "
58		WHERE height >= ?
59		ORDER BY height ASC LIMIT ?
60		) AS x");
61		if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result())
62		return $result->fetch_object()->height;
63		return $this->sqlError();
64		}
65
66		/**
67		* Get details for block height
68		* @param height int Block Height
69		* @return data array Block information from DB
70		**/
71		public function getDetailsForBlockHeight($iHeight=0) {
72		$stmt = $this->mysqli->prepare("
73		SELECT
74		b.id, height, blockhash, amount, confirmations, difficulty, FROM_UNIXTIME(time) as time, shares,
75		IF(a.is_anonymous, 'anonymous', a.username) AS finder,
76		ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), 0) AS estshares,
77		(time - (SELECT time FROM " . $this->block->getTableName() . " WHERE height < ? ORDER BY height DESC LIMIT 1)) AS round_time
78		FROM " . $this->block->getTableName() . " as b
79		LEFT JOIN " . $this->user->getTableName() . " AS a ON b.account_id = a.id
80		WHERE b.height = ? LIMIT 1");
81		if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iHeight) && $stmt->execute() && $result = $stmt->get_result())
82		return $result->fetch_assoc();
83		return $this->sqlError();
		0 ignored issues – show Bug Best Practice introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->sqlError();` (`boolean`) is incompatible with the return type documented by `RoundStats::getDetailsForBlockHeight` of type `data`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
84		}
85
86		/**
87		* Get shares statistics for round block height
88		* @param height int Block Height
89		* @return data array Block information from DB
90		**/
91		public function getRoundStatsForAccounts($iHeight=0) {
92		$stmt = $this->mysqli->prepare("
93		SELECT
94		a.id,
95		a.username,
96		a.is_anonymous,
97		s.valid,
98		s.invalid
99		FROM " . $this->statistics->getTableName() . " AS s
100		LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
101		LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
102		WHERE b.height = ? AND s.valid > 0
103		GROUP BY username ASC
104		ORDER BY valid DESC
105		");
106		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) {
107		$aData = null;
108		while ($row = $result->fetch_assoc()) {
109		$aData[$row['id']] = $row;
110		}
111		return $aData;
112		}
113		return $this->sqlError();
114		}
115
116		/**
117		* Get pplns statistics for round block height
118		* @param height int Block Height
119		* @return data array Block information from DB
120		**/
121	View Code Duplication	public function getPPLNSRoundStatsForAccounts($iHeight=0) {
122		$stmt = $this->mysqli->prepare("
123		SELECT
124		a.username,
125		a.is_anonymous,
126		s.pplns_valid,
127		s.pplns_invalid
128		FROM " . $this->statistics->getTableName() . " AS s
129		LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
130		LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
131		WHERE b.height = ? AND s.pplns_valid > 0
132		GROUP BY username ASC
133		ORDER BY pplns_valid DESC
134		");
135		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
136		return $result->fetch_all(MYSQLI_ASSOC);
137		return $this->sqlError();
		0 ignored issues – show Bug Best Practice introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->sqlError();` (`boolean`) is incompatible with the return type documented by `RoundStats::getPPLNSRoundStatsForAccounts` of type `data`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
138		}
139
140		/**
141		* Get total valid pplns shares for block height
142		**/
143	View Code Duplication	public function getPPLNSRoundShares($iHeight=0) {
144		$stmt = $this->mysqli->prepare("
145		SELECT
146		SUM(s.pplns_valid) AS pplns_valid
147		FROM " . $this->statistics->getTableName() . " AS s
148		LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
149		WHERE b.height = ?
150		");
151		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
152		return $result->fetch_object()->pplns_valid;
153		return $this->sqlError();
154		}
155
156		/**
157		* Get all transactions for round block height for admin
158		* @param height int Block Height
159		* @return data array Block round transactions
160		**/
161	View Code Duplication	public function getAllRoundTransactions($iHeight=0) {
162		$this->debug->append("STA " . __METHOD__, 4);
163		$stmt = $this->mysqli->prepare("
164		SELECT
165		t.id AS id,
166		a.id AS uid,
167		a.username AS username,
168		a.is_anonymous,
169		t.type AS type,
170		t.amount AS amount
171		FROM " . $this->transaction->getTableName() . " AS t
172		LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
173		LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
174		WHERE b.height = ? AND t.type = 'Credit'
175		ORDER BY amount DESC");
176		if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
177		return $result->fetch_all(MYSQLI_ASSOC);
178		$this->debug->append('Unable to fetch transactions');
179		return $this->sqlError();
		0 ignored issues – show Bug Best Practice introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->sqlError();` (`boolean`) is incompatible with the return type documented by `RoundStats::getAllRoundTransactions` of type `data`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
180		}
181
182		/**
183		* Get transactions for round block height user id
184		* @param height int Block Height
185		* @param id int user id
186		* @return data array Block round transactions for user id
187		**/
188	View Code Duplication	public function getUserRoundTransactions($iHeight=0, $id=0) {
189		$this->debug->append("STA " . __METHOD__, 4);
190		$stmt = $this->mysqli->prepare("
191		SELECT
192		t.id AS id,
193		a.username AS username,
194		t.type AS type,
195		t.amount AS amount
196		FROM " . $this->transaction->getTableName() . " AS t
197		LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
198		LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
199		WHERE b.height = ? AND a.id = ?
200		ORDER BY id ASC");
201		if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $id) && $stmt->execute() && $result = $stmt->get_result())
202		return $result->fetch_all(MYSQLI_ASSOC);
203		$this->debug->append('Unable to fetch transactions');
204		return $this->sqlError();
		0 ignored issues – show Bug Best Practice introduced 2015-12-09 12:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->sqlError();` (`boolean`) is incompatible with the return type documented by `RoundStats::getUserRoundTransactions` of type `data`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
205		}
206
207		/**
208		* Get ALL last blocks from height for admin panel
209		**/
210		public function getAllReportBlocksFoundHeight($iHeight=0, $limit=10) {
211		$stmt = $this->mysqli->prepare("
212		SELECT
213		height, shares
214		FROM " . $this->block->getTableName() . "
215		WHERE height <= ?
216		ORDER BY height DESC LIMIT ?");
217		if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result())
218		return $result->fetch_all(MYSQLI_ASSOC);
219		return $this->sqlError();
220		}
221
222		/**
223		* Get USER last blocks from height for admin panel
224		**/
225	View Code Duplication	public function getUserReportBlocksFoundHeight($iHeight=0, $limit=10, $iUser) {
226		$stmt = $this->mysqli->prepare("
227		SELECT
228		b.height, b.shares
229		FROM " . $this->block->getTableName() . " AS b
230		LEFT JOIN " . $this->statistics->getTableName() . " AS s ON s.block_id = b.id
231		LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
232		WHERE b.height <= ? AND a.id = ?
233		ORDER BY height DESC LIMIT ?");
234		if ($this->checkStmt($stmt) && $stmt->bind_param('iii', $iHeight, $iUser, $limit) && $stmt->execute() && $result = $stmt->get_result())
235		return $result->fetch_all(MYSQLI_ASSOC);
236		return $this->sqlError();
237		}
238
239		/**
240		* Get shares for block height for user admin panel
241		**/
242	View Code Duplication	public function getRoundStatsForUser($iHeight=0, $iUser) {
243		$stmt = $this->mysqli->prepare("
244		SELECT
245		s.valid,
246		s.invalid,
247		s.pplns_valid,
248		s.pplns_invalid
249		FROM " . $this->statistics->getTableName() . " AS s
250		LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id
251		LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id
252		WHERE b.height = ? AND a.id = ?");
253		if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result())
254		return $result->fetch_assoc();
255		return $this->sqlError();
256		}
257
258		/**
259		* Get credit transactions for round block height for admin panel
260		**/
261	View Code Duplication	public function getUserRoundTransHeight($iHeight=0, $iUser) {
262		$this->debug->append("STA " . __METHOD__, 4);
263		$stmt = $this->mysqli->prepare("
264		SELECT
265		IFNULL(t.amount, 0) AS amount
266		FROM " . $this->transaction->getTableName() . " AS t
267		LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id
268		LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id
269		WHERE b.height = ? AND t.type = 'Credit' AND t.account_id = ?");
270		if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result())
271		return $result->fetch_object()->amount;
272		$this->debug->append('Unable to fetch transactions');
273		return $this->sqlError();
274		}
275		}
276
277		$roundstats = new RoundStats();
278		$roundstats->setDebug($debug);
279		$roundstats->setMysql($mysqli);
280		$roundstats->setConfig($config);
281		$roundstats->setErrorCodes($aErrorCodes);
282		$roundstats->setUser($user);
283		$roundstats->setStatistics($statistics);
284		$roundstats->setBlock($block);
285		$roundstats->setTransaction($transaction);
286		$roundstats->setCoin($coin);
287

MPOS / php-mpos

Issues (431)

Security Analysis not enabled

include/classes/roundstats.class.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like