Issues in Customer.php (develop) - Issues in develop - Nickbur/Sunrise-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2407)

engine/library/Customer.php (5 issues)

Labels

Severity

<?php
/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov ([email protected])

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

namespace Divine\Engine\Library;

class Customer
{
    private $customer_id;
    private $firstname;
    private $lastname;
    private $customer_group_id;
    private $email;
    private $telephone;
    private $fax;
    private $newsletter;
    private $address_id;

    public function __construct($registry)

    {
        $this->config = $registry->get('config');

        $this->db = $registry->get('db');

        $this->request = $registry->get('request');

        $this->session = $registry->get('session');


        if (isset($this->session->data['customer_id'])) {
            $customer_query = $this->db->query("
                SELECT * 
                FROM customer 
                WHERE customer_id = '" . (int) $this->session->data['customer_id'] . "' 
                    AND status = '1'
            ");

            if ($customer_query->num_rows) {
                $this->customer_id = $customer_query->row['customer_id'];
                $this->firstname = $customer_query->row['firstname'];
                $this->lastname = $customer_query->row['lastname'];
                $this->customer_group_id = $customer_query->row['customer_group_id'];
                $this->email = $customer_query->row['email'];
                $this->telephone = $customer_query->row['telephone'];
                $this->fax = $customer_query->row['fax'];
                $this->newsletter = $customer_query->row['newsletter'];
                $this->address_id = $customer_query->row['address_id'];

                $this->db->query("
                    UPDATE customer 
                    SET language_id = '" . (int) $this->config->get('config_language_id') . "', 
                        ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' 
                    WHERE customer_id = '" . (int) $this->customer_id . "'
                ");

                $query = $this->db->query("
                    SELECT * 
                    FROM customer_ip 
                    WHERE customer_id = '" . (int) $this->session->data['customer_id'] . "' 
                        AND ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'
                ");

                if (!$query->num_rows) {
                    $this->db->query("
                        INSERT INTO customer_ip 
                        SET customer_id = '" . (int) $this->session->data['customer_id'] . "', 
                            ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', 
                            date_added = NOW()
                    ");
                }
            } else {
                $this->logout();
            }
        }
    }

    public function login($email, $password, $override = false)
    {
        if ($override) {
            $customer_query = $this->db->query("
                SELECT * 
                FROM customer 
                WHERE LOWER(email) = '" . $this->db->escape(\voku\helper\UTF8::strtolower($email)) . "' 
                    AND status = '1'
            ");
        } else {
            $customer_query = $this->db->query("
                SELECT * 
                FROM customer 
                WHERE LOWER(email) = '" . $this->db->escape(\voku\helper\UTF8::strtolower($email)) . "' 
                    AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') 
                    AND status = '1' 
                    AND approved = '1'
            ");
        }

        if ($customer_query->num_rows) {
            $this->session->data['customer_id'] = $customer_query->row['customer_id'];

            $this->customer_id = $customer_query->row['customer_id'];
            $this->firstname = $customer_query->row['firstname'];
            $this->lastname = $customer_query->row['lastname'];
            $this->customer_group_id = $customer_query->row['customer_group_id'];
            $this->email = $customer_query->row['email'];
            $this->telephone = $customer_query->row['telephone'];
            $this->fax = $customer_query->row['fax'];
            $this->newsletter = $customer_query->row['newsletter'];
            $this->address_id = $customer_query->row['address_id'];

            $this->db->query("
                UPDATE customer 
                SET language_id = '" . (int) $this->config->get('config_language_id') . "', 
                    ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' 
                WHERE customer_id = '" . (int) $this->customer_id . "'
            ");

            return true;
        } else {
            return false;
        }
    }

    public function logout()
    {
        unset($this->session->data['customer_id']);

        $this->customer_id = '';
        $this->firstname = '';
        $this->lastname = '';
        $this->customer_group_id = '';
        $this->email = '';
        $this->telephone = '';
        $this->fax = '';
        $this->newsletter = '';
        $this->address_id = '';
    }

    public function isLogged()
    {
        return $this->customer_id;
    }

    public function getId()
    {
        return $this->customer_id;
    }

    public function getFirstName()
    {
        return $this->firstname;
    }

    public function getLastName()
    {
        return $this->lastname;
    }

    public function getGroupId()
    {
        return $this->customer_group_id;
    }

    public function getEmail()
    {
        return $this->email;
    }

    public function getTelephone()
    {
        return $this->telephone;
    }

    public function getFax()
    {
        return $this->fax;
    }

    public function getNewsletter()
    {
        return $this->newsletter;
    }

    public function getAddressId()
    {
        return $this->address_id;
    }

    public function getBalance()
    {
        $query = $this->db->query("
            SELECT SUM(amount) AS total 
            FROM customer_transaction 
            WHERE customer_id = '" . (int) $this->customer_id . "'
        ");

        return $query->row['total'];
    }

    public function getRewardPoints()
    {
        $query = $this->db->query("
            SELECT SUM(points) AS total 
            FROM customer_reward 
            WHERE customer_id = '" . (int) $this->customer_id . "'
        ");

        return $query->row['total'];
    }
}


1			<?php
2			/* Divine CMS - Open source CMS for widespread use.
3			Copyright (c) 2019 Mykola Burakov ([email protected])
4
5			See SOURCE.txt for other and additional information.
6
7			This file is part of Divine CMS.
8
9			This program is free software: you can redistribute it and/or modify
10			it under the terms of the GNU General Public License as published by
11			the Free Software Foundation, either version 3 of the License, or
12			(at your option) any later version.
13
14			This program is distributed in the hope that it will be useful,
15			but WITHOUT ANY WARRANTY; without even the implied warranty of
16			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17			GNU General Public License for more details.
18
19			You should have received a copy of the GNU General Public License
20			along with this program. If not, see <http://www.gnu.org/licenses/>. */
21
22			namespace Divine\Engine\Library;
23
24			class Customer
25			{
26			private $customer_id;
27			private $firstname;
28			private $lastname;
29			private $customer_group_id;
30			private $email;
31			private $telephone;
32			private $fax;
33			private $newsletter;
34			private $address_id;
35
36			public function __construct($registry)
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 2 blank lines before function; 1 found Loading history...
37			{
38			$this->config = $registry->get('config');
			0 ignored issues – show Bug Best Practice introduced 2019-07-18 08:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `config` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
39			$this->db = $registry->get('db');
			0 ignored issues – show Bug Best Practice introduced 2019-07-18 08:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `db` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
40			$this->request = $registry->get('request');
			0 ignored issues – show Bug Best Practice introduced 2019-07-18 08:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `request` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
41			$this->session = $registry->get('session');
			0 ignored issues – show Bug Best Practice introduced 2019-07-18 08:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `session` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
42
43			if (isset($this->session->data['customer_id'])) {
44			$customer_query = $this->db->query("
45			SELECT *
46			FROM customer
47			WHERE customer_id = '" . (int) $this->session->data['customer_id'] . "'
48			AND status = '1'
49			");
50
51			if ($customer_query->num_rows) {
52			$this->customer_id = $customer_query->row['customer_id'];
53			$this->firstname = $customer_query->row['firstname'];
54			$this->lastname = $customer_query->row['lastname'];
55			$this->customer_group_id = $customer_query->row['customer_group_id'];
56			$this->email = $customer_query->row['email'];
57			$this->telephone = $customer_query->row['telephone'];
58			$this->fax = $customer_query->row['fax'];
59			$this->newsletter = $customer_query->row['newsletter'];
60			$this->address_id = $customer_query->row['address_id'];
61
62			$this->db->query("
63			UPDATE customer
64			SET language_id = '" . (int) $this->config->get('config_language_id') . "',
65			ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'
66			WHERE customer_id = '" . (int) $this->customer_id . "'
67			");
68
69			$query = $this->db->query("
70			SELECT *
71			FROM customer_ip
72			WHERE customer_id = '" . (int) $this->session->data['customer_id'] . "'
73			AND ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'
74			");
75
76			if (!$query->num_rows) {
77			$this->db->query("
78			INSERT INTO customer_ip
79			SET customer_id = '" . (int) $this->session->data['customer_id'] . "',
80			ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "',
81			date_added = NOW()
82			");
83			}
84			} else {
85			$this->logout();
86			}
87			}
88			}
89
90			public function login($email, $password, $override = false)
91			{
92			if ($override) {
93			$customer_query = $this->db->query("
94			SELECT *
95			FROM customer
96			WHERE LOWER(email) = '" . $this->db->escape(\voku\helper\UTF8::strtolower($email)) . "'
97			AND status = '1'
98			");
99			} else {
100			$customer_query = $this->db->query("
101			SELECT *
102			FROM customer
103			WHERE LOWER(email) = '" . $this->db->escape(\voku\helper\UTF8::strtolower($email)) . "'
104			AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "')
105			AND status = '1'
106			AND approved = '1'
107			");
108			}
109
110			if ($customer_query->num_rows) {
111			$this->session->data['customer_id'] = $customer_query->row['customer_id'];
112
113			$this->customer_id = $customer_query->row['customer_id'];
114			$this->firstname = $customer_query->row['firstname'];
115			$this->lastname = $customer_query->row['lastname'];
116			$this->customer_group_id = $customer_query->row['customer_group_id'];
117			$this->email = $customer_query->row['email'];
118			$this->telephone = $customer_query->row['telephone'];
119			$this->fax = $customer_query->row['fax'];
120			$this->newsletter = $customer_query->row['newsletter'];
121			$this->address_id = $customer_query->row['address_id'];
122
123			$this->db->query("
124			UPDATE customer
125			SET language_id = '" . (int) $this->config->get('config_language_id') . "',
126			ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'
127			WHERE customer_id = '" . (int) $this->customer_id . "'
128			");
129
130			return true;
131			} else {
132			return false;
133			}
134			}
135
136			public function logout()
137			{
138			unset($this->session->data['customer_id']);
139
140			$this->customer_id = '';
141			$this->firstname = '';
142			$this->lastname = '';
143			$this->customer_group_id = '';
144			$this->email = '';
145			$this->telephone = '';
146			$this->fax = '';
147			$this->newsletter = '';
148			$this->address_id = '';
149			}
150
151			public function isLogged()
152			{
153			return $this->customer_id;
154			}
155
156			public function getId()
157			{
158			return $this->customer_id;
159			}
160
161			public function getFirstName()
162			{
163			return $this->firstname;
164			}
165
166			public function getLastName()
167			{
168			return $this->lastname;
169			}
170
171			public function getGroupId()
172			{
173			return $this->customer_group_id;
174			}
175
176			public function getEmail()
177			{
178			return $this->email;
179			}
180
181			public function getTelephone()
182			{
183			return $this->telephone;
184			}
185
186			public function getFax()
187			{
188			return $this->fax;
189			}
190
191			public function getNewsletter()
192			{
193			return $this->newsletter;
194			}
195
196			public function getAddressId()
197			{
198			return $this->address_id;
199			}
200
201			public function getBalance()
202			{
203			$query = $this->db->query("
204			SELECT SUM(amount) AS total
205			FROM customer_transaction
206			WHERE customer_id = '" . (int) $this->customer_id . "'
207			");
208
209			return $query->row['total'];
210			}
211
212			public function getRewardPoints()
213			{
214			$query = $this->db->query("
215			SELECT SUM(points) AS total
216			FROM customer_reward
217			WHERE customer_id = '" . (int) $this->customer_id . "'
218			");
219
220			return $query->row['total'];
221			}
222			}
223

Nickbur / Sunrise-CMS

Issues (2407)

engine/library/Customer.php (5 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like