Issues in onepagecheckout.php (develop) - Issues in develop - Nickbur/Sunrise-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2407)

application/model/checkout/onepagecheckout.php (3 issues)

Labels

Severity

<?php

/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov ([email protected])

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

class ModelCheckoutOnepagecheckout extends \Divine\Engine\Core\Model
namespace YourVendor;

class YourClass { }
{
    public function addOrder($data)

    {
        $this->db->query("
            INSERT INTO `order` 
            SET store_name = '" . $this->db->escape($data['store_name']) . "', 
                store_url = '" . $this->db->escape($data['store_url']) . "', 
                customer_id = '" . (int)$data['customer_id'] . "', 
                customer_group_id = '" . (int)$data['customer_group_id'] . "', 
                firstname = '" . $this->db->escape($data['firstname']) . "', 
                email = '" . $this->db->escape($data['email']) . "', 
                telephone = '" . $this->db->escape($data['telephone']) . "', 
                payment_firstname = '" . $this->db->escape($data['firstname']) . "', 
                payment_address_1 = '" . $this->db->escape($data['address_1']) . "', 
                payment_city = '" . $this->db->escape($data['city']) . "', 
                shipping_address_1 = '" . $this->db->escape($data['address_1']) . "', 
                shipping_city = '" . $this->db->escape($data['city']) . "', 
                shipping_method = '" . $this->db->escape($data['shipping_method']['title']) . "', 
                shipping_code = '" . $this->db->escape($data['shipping_method']['code']) . "', 
                payment_method = '" . $this->db->escape($data['payment_method']['title']) . "', 
                payment_code = '" . $this->db->escape($data['payment_method']['code']) . "', 
                payment_country='', 
                payment_country_id = '0', 
                payment_zone_id = '0', 
                shipping_country_id = '0', 
                shipping_zone_id = '0', 
                comment = '" . $this->db->escape($data['comment']) . "', 
                total = '" . (float)$data['cart_total'] . "', 
                language_id = '" . (int)$data['language_id'] . "', 
                currency_id = '" . (int)$data['currency_id'] . "', 
                currency_code = '" . $this->db->escape($data['currency_code']) . "', 
                currency_value = '" . (float)$data['currency_value'] . "', 
                order_status_id = '" . (int)$data['order_status_id'] . "', 
                ip = '" . $this->db->escape($data['ip']) . "', 
                forwarded_ip = '" .  $this->db->escape($data['forwarded_ip']) . "', 
                user_agent = '" . $this->db->escape($data['user_agent']) . "', 
                accept_language = '" . $this->db->escape($data['accept_language']) . "', 
                date_added = NOW(), 
                date_modified = NOW()
        ");

        $order_id = $this->db->getLastId();

        // Products
        if (isset($data['products'])) {
            foreach ($data['products'] as $product) {
                $this->db->query("
                    INSERT INTO order_product 
                    SET order_id = '" . (int)$order_id . "', 
                        product_id = '" . (int)$product['product_id'] . "', 
                        name = '" . $this->db->escape($product['name']) . "', 
                        model = '" . $this->db->escape($product['model']) . "', 
                        quantity = '" . (int)$product['quantity'] . "', 
                        price = '" . (float)$product['price'] . "', 
                        total = '" . (float)$product['total'] . "', 
                        reward = '" . (int)$product['reward'] . "'
                ");

                $order_product_id = $this->db->getLastId();

                foreach ($product['option'] as $option) {
                    $this->db->query("
                        INSERT INTO order_option 
                        SET order_id = '" . (int)$order_id . "', 
                            order_product_id = '" . (int)$order_product_id . "', 
                            product_option_id = '" . (int)$option['product_option_id'] . "', 
                            product_option_value_id = '" . (int)$option['product_option_value_id'] . "', 
                            name = '" . $this->db->escape($option['name']) . "', 
                            `value` = '" . $this->db->escape($option['value']) . "', 
                            `type` = '" . $this->db->escape($option['type']) . "'
                    ");
                }
            }
        }

        // Totals this is netver used
        if (isset($data['cart_total']) && false) {
            $this->db->query("
                INSERT INTO order_total 
                SET order_id = '" . (int)$order_id . "', 
                    code = 'total', 
                    title = 'Total', 
                    `value` = '" . (float)$data['cart_total']."', 
                    sort_order = ''
            ");
            $this->db->query("
                INSERT INTO order_total 
                SET order_id = '" . (int)$order_id . "', 
                    code = 'sub_total', 
                    title = 'Total', 
                    `value` = '" . (float)$data['cart_total']."', 
                    sort_order = ''
            ");
        }
        $totals = array();
        // ex4 mod for totals
        $total_data = array(
            'totals' => &$totals,
            'total'  => &$total

        );
        $sort_order = array();

        $results = $this->model_extension_extension->getExtensions('total');

        foreach ($results as $key => $value) {
            $sort_order[$key] = $this->config->get($value['code'] . '_sort_order');
        }

        array_multisort($sort_order, SORT_ASC, $results);

        foreach ($results as $result) {
            if ($this->config->get($result['code'] . '_status')) {
                $this->load->model('extension/total/' . $result['code']);

                // We have to put the totals in an array so that they pass by reference.
                $this->{'model_extension_total_' . $result['code']}->getTotal($total_data);
            }
        }

        $sort_order = array();
        foreach ($totals as $key => $value) {
            $sort_order[$key] = $value['sort_order'];
        }

        array_multisort($sort_order, SORT_ASC, $totals);
        $i = 10;
        $total_sum = 0;
        foreach ($totals as $total) {
            $this->db->query("
                INSERT INTO order_total 
                SET order_id = '" . (int)$order_id . "', 
                    code = '".$total['code']."', 
                    title = '".$total['title']."', 
                    `value` = '" . (float)$total['value']."', 
                    sort_order = '".$i."'
            ");
            $i += 10;
            $total_sum =  $total['value'];
        }
        // Last row in totals should be final sum...
        $this->db->query("
            UPDATE order 
            SET total='".$total_sum."' 
            WHERE order_id = '" . (int)$order_id . "'
        ");

        return $order_id;
    }
}


1			<?php
2
3			/* Divine CMS - Open source CMS for widespread use.
4			Copyright (c) 2019 Mykola Burakov ([email protected])
5
6			See SOURCE.txt for other and additional information.
7
8			This file is part of Divine CMS.
9
10			This program is free software: you can redistribute it and/or modify
11			it under the terms of the GNU General Public License as published by
12			the Free Software Foundation, either version 3 of the License, or
13			(at your option) any later version.
14
15			This program is distributed in the hope that it will be useful,
16			but WITHOUT ANY WARRANTY; without even the implied warranty of
17			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18			GNU General Public License for more details.
19
20			You should have received a copy of the GNU General Public License
21			along with this program. If not, see <http://www.gnu.org/licenses/>. */
22
23			class ModelCheckoutOnepagecheckout extends \Divine\Engine\Core\Model
			0 ignored issues – show Coding Style Compatibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
24			{
25			public function addOrder($data)
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 2 blank lines before function; 0 found Loading history...
26			{
27			$this->db->query("
28			INSERT INTO `order`
29			SET store_name = '" . $this->db->escape($data['store_name']) . "',
30			store_url = '" . $this->db->escape($data['store_url']) . "',
31			customer_id = '" . (int)$data['customer_id'] . "',
32			customer_group_id = '" . (int)$data['customer_group_id'] . "',
33			firstname = '" . $this->db->escape($data['firstname']) . "',
34			email = '" . $this->db->escape($data['email']) . "',
35			telephone = '" . $this->db->escape($data['telephone']) . "',
36			payment_firstname = '" . $this->db->escape($data['firstname']) . "',
37			payment_address_1 = '" . $this->db->escape($data['address_1']) . "',
38			payment_city = '" . $this->db->escape($data['city']) . "',
39			shipping_address_1 = '" . $this->db->escape($data['address_1']) . "',
40			shipping_city = '" . $this->db->escape($data['city']) . "',
41			shipping_method = '" . $this->db->escape($data['shipping_method']['title']) . "',
42			shipping_code = '" . $this->db->escape($data['shipping_method']['code']) . "',
43			payment_method = '" . $this->db->escape($data['payment_method']['title']) . "',
44			payment_code = '" . $this->db->escape($data['payment_method']['code']) . "',
45			payment_country='',
46			payment_country_id = '0',
47			payment_zone_id = '0',
48			shipping_country_id = '0',
49			shipping_zone_id = '0',
50			comment = '" . $this->db->escape($data['comment']) . "',
51			total = '" . (float)$data['cart_total'] . "',
52			language_id = '" . (int)$data['language_id'] . "',
53			currency_id = '" . (int)$data['currency_id'] . "',
54			currency_code = '" . $this->db->escape($data['currency_code']) . "',
55			currency_value = '" . (float)$data['currency_value'] . "',
56			order_status_id = '" . (int)$data['order_status_id'] . "',
57			ip = '" . $this->db->escape($data['ip']) . "',
58			forwarded_ip = '" . $this->db->escape($data['forwarded_ip']) . "',
59			user_agent = '" . $this->db->escape($data['user_agent']) . "',
60			accept_language = '" . $this->db->escape($data['accept_language']) . "',
61			date_added = NOW(),
62			date_modified = NOW()
63			");
64
65			$order_id = $this->db->getLastId();
66
67			// Products
68			if (isset($data['products'])) {
69			foreach ($data['products'] as $product) {
70			$this->db->query("
71			INSERT INTO order_product
72			SET order_id = '" . (int)$order_id . "',
73			product_id = '" . (int)$product['product_id'] . "',
74			name = '" . $this->db->escape($product['name']) . "',
75			model = '" . $this->db->escape($product['model']) . "',
76			quantity = '" . (int)$product['quantity'] . "',
77			price = '" . (float)$product['price'] . "',
78			total = '" . (float)$product['total'] . "',
79			reward = '" . (int)$product['reward'] . "'
80			");
81
82			$order_product_id = $this->db->getLastId();
83
84			foreach ($product['option'] as $option) {
85			$this->db->query("
86			INSERT INTO order_option
87			SET order_id = '" . (int)$order_id . "',
88			order_product_id = '" . (int)$order_product_id . "',
89			product_option_id = '" . (int)$option['product_option_id'] . "',
90			product_option_value_id = '" . (int)$option['product_option_value_id'] . "',
91			name = '" . $this->db->escape($option['name']) . "',
92			`value` = '" . $this->db->escape($option['value']) . "',
93			`type` = '" . $this->db->escape($option['type']) . "'
94			");
95			}
96			}
97			}
98
99			// Totals this is netver used
100			if (isset($data['cart_total']) && false) {
101			$this->db->query("
102			INSERT INTO order_total
103			SET order_id = '" . (int)$order_id . "',
104			code = 'total',
105			title = 'Total',
106			`value` = '" . (float)$data['cart_total']."',
107			sort_order = ''
108			");
109			$this->db->query("
110			INSERT INTO order_total
111			SET order_id = '" . (int)$order_id . "',
112			code = 'sub_total',
113			title = 'Total',
114			`value` = '" . (float)$data['cart_total']."',
115			sort_order = ''
116			");
117			}
118			$totals = array();
119			// ex4 mod for totals
120			$total_data = array(
121			'totals' => &$totals,
122			'total' => &$total
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$total` does not exist. Did you maybe mean `$totals`? Loading history...
123			);
124			$sort_order = array();
125
126			$results = $this->model_extension_extension->getExtensions('total');
127
128			foreach ($results as $key => $value) {
129			$sort_order[$key] = $this->config->get($value['code'] . '_sort_order');
130			}
131
132			array_multisort($sort_order, SORT_ASC, $results);
133
134			foreach ($results as $result) {
135			if ($this->config->get($result['code'] . '_status')) {
136			$this->load->model('extension/total/' . $result['code']);
137
138			// We have to put the totals in an array so that they pass by reference.
139			$this->{'model_extension_total_' . $result['code']}->getTotal($total_data);
140			}
141			}
142
143			$sort_order = array();
144			foreach ($totals as $key => $value) {
145			$sort_order[$key] = $value['sort_order'];
146			}
147
148			array_multisort($sort_order, SORT_ASC, $totals);
149			$i = 10;
150			$total_sum = 0;
151			foreach ($totals as $total) {
152			$this->db->query("
153			INSERT INTO order_total
154			SET order_id = '" . (int)$order_id . "',
155			code = '".$total['code']."',
156			title = '".$total['title']."',
157			`value` = '" . (float)$total['value']."',
158			sort_order = '".$i."'
159			");
160			$i += 10;
161			$total_sum = $total['value'];
162			}
163			// Last row in totals should be final sum...
164			$this->db->query("
165			UPDATE order
166			SET total='".$total_sum."'
167			WHERE order_id = '" . (int)$order_id . "'
168			");
169
170			return $order_id;
171			}
172			}
173

Nickbur / Sunrise-CMS

Issues (2407)

application/model/checkout/onepagecheckout.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like