This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; |
||
3 | |||
4 | class RoundStats extends Base { |
||
5 | /** |
||
6 | * Get next block for round stats |
||
7 | **/ |
||
8 | View Code Duplication | public function getNextBlock($iHeight=0) { |
|
9 | $stmt = $this->mysqli->prepare(" |
||
10 | SELECT height |
||
11 | FROM " . $this->block->getTableName() . " |
||
12 | WHERE height > ? |
||
13 | ORDER BY height ASC |
||
14 | LIMIT 1"); |
||
15 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
16 | return $result->fetch_object()->height; |
||
17 | return $this->sqlError(); |
||
18 | } |
||
19 | |||
20 | /** |
||
21 | * Get prev block for round stats |
||
22 | **/ |
||
23 | View Code Duplication | public function getPreviousBlock($iHeight=0) { |
|
24 | $stmt = $this->mysqli->prepare(" |
||
25 | SELECT height |
||
26 | FROM " . $this->block->getTableName() . " |
||
27 | WHERE height < ? |
||
28 | ORDER BY height DESC |
||
29 | LIMIT 1"); |
||
30 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
31 | return $result->fetch_object()->height; |
||
32 | return $this->sqlError(); |
||
33 | } |
||
34 | |||
35 | /** |
||
36 | * search for block height |
||
37 | **/ |
||
38 | View Code Duplication | public function searchForBlockHeight($iHeight=0) { |
|
39 | $stmt = $this->mysqli->prepare(" |
||
40 | SELECT height |
||
41 | FROM " . $this->block->getTableName() . " |
||
42 | WHERE height >= ? |
||
43 | ORDER BY height ASC |
||
44 | LIMIT 1"); |
||
45 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
46 | return $result->fetch_object()->height; |
||
47 | return $this->sqlError(); |
||
48 | } |
||
49 | |||
50 | /** |
||
51 | * get next block for stats paging |
||
52 | **/ |
||
53 | View Code Duplication | public function getNextBlockForStats($iHeight=0, $limit=10) { |
|
54 | $stmt = $this->mysqli->prepare(" |
||
55 | SELECT MAX(x.height) AS height |
||
56 | FROM ( |
||
57 | SELECT height FROM " . $this->block->getTableName() . " |
||
58 | WHERE height >= ? |
||
59 | ORDER BY height ASC LIMIT ? |
||
60 | ) AS x"); |
||
61 | if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result()) |
||
62 | return $result->fetch_object()->height; |
||
63 | return $this->sqlError(); |
||
64 | } |
||
65 | |||
66 | /** |
||
67 | * Get details for block height |
||
68 | * @param height int Block Height |
||
69 | * @return data array Block information from DB |
||
70 | **/ |
||
71 | public function getDetailsForBlockHeight($iHeight=0) { |
||
72 | $stmt = $this->mysqli->prepare(" |
||
73 | SELECT |
||
74 | b.id, height, blockhash, amount, confirmations, difficulty, FROM_UNIXTIME(time) as time, shares, |
||
75 | IF(a.is_anonymous, 'anonymous', a.username) AS finder, |
||
76 | ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), 0) AS estshares, |
||
77 | (time - (SELECT time FROM " . $this->block->getTableName() . " WHERE height < ? ORDER BY height DESC LIMIT 1)) AS round_time |
||
78 | FROM " . $this->block->getTableName() . " as b |
||
79 | LEFT JOIN " . $this->user->getTableName() . " AS a ON b.account_id = a.id |
||
80 | WHERE b.height = ? LIMIT 1"); |
||
81 | if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
82 | return $result->fetch_assoc(); |
||
83 | return $this->sqlError(); |
||
0 ignored issues
–
show
|
|||
84 | } |
||
85 | |||
86 | /** |
||
87 | * Get shares statistics for round block height |
||
88 | * @param height int Block Height |
||
89 | * @return data array Block information from DB |
||
90 | **/ |
||
91 | public function getRoundStatsForAccounts($iHeight=0) { |
||
92 | $stmt = $this->mysqli->prepare(" |
||
93 | SELECT |
||
94 | a.id, |
||
95 | a.username, |
||
96 | a.is_anonymous, |
||
97 | s.valid, |
||
98 | s.invalid |
||
99 | FROM " . $this->statistics->getTableName() . " AS s |
||
100 | LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id |
||
101 | LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id |
||
102 | WHERE b.height = ? AND s.valid > 0 |
||
103 | GROUP BY username ASC |
||
104 | ORDER BY valid DESC |
||
105 | "); |
||
106 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) { |
||
107 | $aData = null; |
||
108 | while ($row = $result->fetch_assoc()) { |
||
109 | $aData[$row['id']] = $row; |
||
110 | } |
||
111 | return $aData; |
||
112 | } |
||
113 | return $this->sqlError(); |
||
114 | } |
||
115 | |||
116 | /** |
||
117 | * Get pplns statistics for round block height |
||
118 | * @param height int Block Height |
||
119 | * @return data array Block information from DB |
||
120 | **/ |
||
121 | View Code Duplication | public function getPPLNSRoundStatsForAccounts($iHeight=0) { |
|
122 | $stmt = $this->mysqli->prepare(" |
||
123 | SELECT |
||
124 | a.username, |
||
125 | a.is_anonymous, |
||
126 | s.pplns_valid, |
||
127 | s.pplns_invalid |
||
128 | FROM " . $this->statistics->getTableName() . " AS s |
||
129 | LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id |
||
130 | LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id |
||
131 | WHERE b.height = ? AND s.pplns_valid > 0 |
||
132 | GROUP BY username ASC |
||
133 | ORDER BY pplns_valid DESC |
||
134 | "); |
||
135 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
136 | return $result->fetch_all(MYSQLI_ASSOC); |
||
137 | return $this->sqlError(); |
||
0 ignored issues
–
show
The return type of
return $this->sqlError(); (boolean ) is incompatible with the return type documented by RoundStats::getPPLNSRoundStatsForAccounts of type data .
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author {
private $name;
public function __construct($name) {
$this->name = $name;
}
public function getName() {
return $this->name;
}
}
abstract class Post {
public function getAuthor() {
return 'Johannes';
}
}
class BlogPost extends Post {
public function getAuthor() {
return new Author('Johannes');
}
}
class ForumPost extends Post { /* ... */ }
function my_function(Post $post) {
echo strtoupper($post->getAuthor());
}
Our function
Loading history...
|
|||
138 | } |
||
139 | |||
140 | /** |
||
141 | * Get total valid pplns shares for block height |
||
142 | **/ |
||
143 | View Code Duplication | public function getPPLNSRoundShares($iHeight=0) { |
|
144 | $stmt = $this->mysqli->prepare(" |
||
145 | SELECT |
||
146 | SUM(s.pplns_valid) AS pplns_valid |
||
147 | FROM " . $this->statistics->getTableName() . " AS s |
||
148 | LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id |
||
149 | WHERE b.height = ? |
||
150 | "); |
||
151 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
152 | return $result->fetch_object()->pplns_valid; |
||
153 | return $this->sqlError(); |
||
154 | } |
||
155 | |||
156 | /** |
||
157 | * Get all transactions for round block height for admin |
||
158 | * @param height int Block Height |
||
159 | * @return data array Block round transactions |
||
160 | **/ |
||
161 | View Code Duplication | public function getAllRoundTransactions($iHeight=0) { |
|
162 | $this->debug->append("STA " . __METHOD__, 4); |
||
163 | $stmt = $this->mysqli->prepare(" |
||
164 | SELECT |
||
165 | t.id AS id, |
||
166 | a.id AS uid, |
||
167 | a.username AS username, |
||
168 | a.is_anonymous, |
||
169 | t.type AS type, |
||
170 | t.amount AS amount |
||
171 | FROM " . $this->transaction->getTableName() . " AS t |
||
172 | LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id |
||
173 | LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id |
||
174 | WHERE b.height = ? AND t.type = 'Credit' |
||
175 | ORDER BY amount DESC"); |
||
176 | if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result()) |
||
177 | return $result->fetch_all(MYSQLI_ASSOC); |
||
178 | $this->debug->append('Unable to fetch transactions'); |
||
179 | return $this->sqlError(); |
||
0 ignored issues
–
show
The return type of
return $this->sqlError(); (boolean ) is incompatible with the return type documented by RoundStats::getAllRoundTransactions of type data .
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author {
private $name;
public function __construct($name) {
$this->name = $name;
}
public function getName() {
return $this->name;
}
}
abstract class Post {
public function getAuthor() {
return 'Johannes';
}
}
class BlogPost extends Post {
public function getAuthor() {
return new Author('Johannes');
}
}
class ForumPost extends Post { /* ... */ }
function my_function(Post $post) {
echo strtoupper($post->getAuthor());
}
Our function
Loading history...
|
|||
180 | } |
||
181 | |||
182 | /** |
||
183 | * Get transactions for round block height user id |
||
184 | * @param height int Block Height |
||
185 | * @param id int user id |
||
186 | * @return data array Block round transactions for user id |
||
187 | **/ |
||
188 | View Code Duplication | public function getUserRoundTransactions($iHeight=0, $id=0) { |
|
189 | $this->debug->append("STA " . __METHOD__, 4); |
||
190 | $stmt = $this->mysqli->prepare(" |
||
191 | SELECT |
||
192 | t.id AS id, |
||
193 | a.username AS username, |
||
194 | t.type AS type, |
||
195 | t.amount AS amount |
||
196 | FROM " . $this->transaction->getTableName() . " AS t |
||
197 | LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id |
||
198 | LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id |
||
199 | WHERE b.height = ? AND a.id = ? |
||
200 | ORDER BY id ASC"); |
||
201 | if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $id) && $stmt->execute() && $result = $stmt->get_result()) |
||
202 | return $result->fetch_all(MYSQLI_ASSOC); |
||
203 | $this->debug->append('Unable to fetch transactions'); |
||
204 | return $this->sqlError(); |
||
0 ignored issues
–
show
The return type of
return $this->sqlError(); (boolean ) is incompatible with the return type documented by RoundStats::getUserRoundTransactions of type data .
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author {
private $name;
public function __construct($name) {
$this->name = $name;
}
public function getName() {
return $this->name;
}
}
abstract class Post {
public function getAuthor() {
return 'Johannes';
}
}
class BlogPost extends Post {
public function getAuthor() {
return new Author('Johannes');
}
}
class ForumPost extends Post { /* ... */ }
function my_function(Post $post) {
echo strtoupper($post->getAuthor());
}
Our function
Loading history...
|
|||
205 | } |
||
206 | |||
207 | /** |
||
208 | * Get ALL last blocks from height for admin panel |
||
209 | **/ |
||
210 | public function getAllReportBlocksFoundHeight($iHeight=0, $limit=10) { |
||
211 | $stmt = $this->mysqli->prepare(" |
||
212 | SELECT |
||
213 | height, shares |
||
214 | FROM " . $this->block->getTableName() . " |
||
215 | WHERE height <= ? |
||
216 | ORDER BY height DESC LIMIT ?"); |
||
217 | if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iHeight, $limit) && $stmt->execute() && $result = $stmt->get_result()) |
||
218 | return $result->fetch_all(MYSQLI_ASSOC); |
||
219 | return $this->sqlError(); |
||
220 | } |
||
221 | |||
222 | /** |
||
223 | * Get USER last blocks from height for admin panel |
||
224 | **/ |
||
225 | View Code Duplication | public function getUserReportBlocksFoundHeight($iHeight=0, $limit=10, $iUser) { |
|
226 | $stmt = $this->mysqli->prepare(" |
||
227 | SELECT |
||
228 | b.height, b.shares |
||
229 | FROM " . $this->block->getTableName() . " AS b |
||
230 | LEFT JOIN " . $this->statistics->getTableName() . " AS s ON s.block_id = b.id |
||
231 | LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id |
||
232 | WHERE b.height <= ? AND a.id = ? |
||
233 | ORDER BY height DESC LIMIT ?"); |
||
234 | if ($this->checkStmt($stmt) && $stmt->bind_param('iii', $iHeight, $iUser, $limit) && $stmt->execute() && $result = $stmt->get_result()) |
||
235 | return $result->fetch_all(MYSQLI_ASSOC); |
||
236 | return $this->sqlError(); |
||
237 | } |
||
238 | |||
239 | /** |
||
240 | * Get shares for block height for user admin panel |
||
241 | **/ |
||
242 | View Code Duplication | public function getRoundStatsForUser($iHeight=0, $iUser) { |
|
243 | $stmt = $this->mysqli->prepare(" |
||
244 | SELECT |
||
245 | s.valid, |
||
246 | s.invalid, |
||
247 | s.pplns_valid, |
||
248 | s.pplns_invalid |
||
249 | FROM " . $this->statistics->getTableName() . " AS s |
||
250 | LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id |
||
251 | LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id |
||
252 | WHERE b.height = ? AND a.id = ?"); |
||
253 | if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result()) |
||
254 | return $result->fetch_assoc(); |
||
255 | return $this->sqlError(); |
||
256 | } |
||
257 | |||
258 | /** |
||
259 | * Get credit transactions for round block height for admin panel |
||
260 | **/ |
||
261 | View Code Duplication | public function getUserRoundTransHeight($iHeight=0, $iUser) { |
|
262 | $this->debug->append("STA " . __METHOD__, 4); |
||
263 | $stmt = $this->mysqli->prepare(" |
||
264 | SELECT |
||
265 | IFNULL(t.amount, 0) AS amount |
||
266 | FROM " . $this->transaction->getTableName() . " AS t |
||
267 | LEFT JOIN " . $this->block->getTableName() . " AS b ON t.block_id = b.id |
||
268 | LEFT JOIN " . $this->user->getTableName() . " AS a ON t.account_id = a.id |
||
269 | WHERE b.height = ? AND t.type = 'Credit' AND t.account_id = ?"); |
||
270 | if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $iHeight, $iUser) && $stmt->execute() && $result = $stmt->get_result()) |
||
271 | return $result->fetch_object()->amount; |
||
272 | $this->debug->append('Unable to fetch transactions'); |
||
273 | return $this->sqlError(); |
||
274 | } |
||
275 | } |
||
276 | |||
277 | $roundstats = new RoundStats(); |
||
278 | $roundstats->setDebug($debug); |
||
279 | $roundstats->setMysql($mysqli); |
||
280 | $roundstats->setConfig($config); |
||
281 | $roundstats->setErrorCodes($aErrorCodes); |
||
282 | $roundstats->setUser($user); |
||
283 | $roundstats->setStatistics($statistics); |
||
284 | $roundstats->setBlock($block); |
||
285 | $roundstats->setTransaction($transaction); |
||
286 | $roundstats->setCoin($coin); |
||
287 |
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.
Let’s take a look at an example:
Our function
my_function
expects aPost
object, and outputs the author of the post. The base classPost
returns a simple string and outputting a simple string will work just fine. However, the child classBlogPost
which is a sub-type ofPost
instead decided to return anobject
, and is therefore violating the SOLID principles. If aBlogPost
were passed tomy_function
, PHP would not complain, but ultimately fail when executing thestrtoupper
call in its body.