Issues in Admin.php (master) - Issues in master - OmarElGabry/miniPHP - Measure and Improve Code Quality continuously with Scrutinizer

Issues (358)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/models/Admin.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

 /**
  * Admin Class
  * Admin Class inherits from User.
  *
  * @license    http://opensource.org/licenses/MIT The MIT License (MIT)
  * @author     Omar El Gabry <[email protected]>
  */

class Admin extends User{
namespace YourVendor;

class YourClass { }

    /**
     * get all users in the database
     *
     * @access public
     * @param  string  $name
     * @param  string  $email
     * @param  string  $role
     * @param  integer $pageNum
     * @return array
     *
     */
    public function getUsers($name = null, $email = null, $role = null, $pageNum = 1){

        // validate user inputs
        $validation = new Validation();
        if(!$validation->validate([

            'User Name' => [$name,  'alphaNumWithSpaces|maxLen(30)'],
            'Email'     => [$email, 'email|maxLen(50)'],
            'Role'      => [$role,  'inArray(admin, user)']])){
            $this->errors  = $validation->errors();
            return false;
        }

        // in $options array, add all possible values from user, and their name parameters
        // then applyOptions() method will see if value is not empty, then add it to our query
        $options = [
            $name      => "name LIKE :name ",
            $email     => "email = :email ",
            $role      => "role = :role "
        ];

        // get options query
        $options = $this->applyOptions($options, "AND ");
        $options = empty($options)? "": "WHERE " . $options;

        $values = [];
        if (!empty($name))  $values[":name"]  = "%". $name ."%";
        if (!empty($email)) $values[":email"] = $email;
        if (!empty($role))  $values[":role"]  = $role;

        // get pagination object so that we can add offset and limit in our query
        $pagination = Pagination::pagination("users", $options, $values, $pageNum);
        $offset     = $pagination->getOffset();
        $limit      = $pagination->perPage;

        $database   = Database::openConnection();
        $query   = "SELECT id, name, email, role, is_email_activated FROM users ";
        $query  .= $options;
        $query  .= "LIMIT $limit OFFSET $offset";

        $database->prepare($query);
        $database->execute($values);
        $users = $database->fetchAllAssociative();

        return array("users" => $users, "pagination" => $pagination);
     }

    /**
     *  Update info of a passed user id
     *
     * @access public
     * @param  integer $userId
     * @param  integer $adminId
     * @param  string  $name
     * @param  string  $password
     * @param  string  $role
     * @return bool
     * @throws Exception If password couldn't be updated
     *
     */
    public function updateUserInfo($userId, $adminId, $name, $password, $role){

         $user = $this->getProfileInfo($userId);

         $name = (!empty($name) && $name !== $user["name"])? $name: null;
         $role = (!empty($role) && $role !== $user["role"])? $role: null;

         // current admin can't change his role,
         // changing the role requires to logout or reset session,
         // because role is stored in the session
         if(!empty($role) && $adminId === $user["id"]){
             $this->errors[] = "You can't change your role";
             return false;
         }

        $validation = new Validation();
        if(!$validation->validate([

             "Name" => [$name, "alphaNumWithSpaces|minLen(4)|maxLen(30)"],
             "Password" => [$password, "minLen(6)|password"],
             'Role' => [$role, "inArray(admin, user)"]])){
             $this->errors = $validation->errors();
             return false;
         }

         if($password || $name || $role) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false

             $options = [
                 $name     => "name = :name ",
                 $password => "hashed_password = :hashed_password ",
                 $role     => "role = :role "
             ];

             $database = Database::openConnection();
             $query   = "UPDATE users SET ";
             $query  .= $this->applyOptions($options, ", ");
             $query  .= "WHERE id = :id LIMIT 1 ";
             $database->prepare($query);

             if($name) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                 $database->bindValue(':name', $name);
             }
             if($password) {

                 $database->bindValue(':hashed_password', password_hash($password, PASSWORD_DEFAULT, array('cost' => Config::get('HASH_COST_FACTOR'))));
             }
             if($role){
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                 $database->bindValue(':role', $role);
             }

             $database->bindValue(':id', $userId);
             $result = $database->execute();

             if(!$result){
                 throw new Exception("Couldn't update profile");
             }
         }

         return true;
     }

    /**
     * Delete a user.
     *
     * @param  string  $adminId
     * @param  integer $userId
     * @throws Exception
     */
    public function deleteUser($adminId, $userId){

        // current admin can't delete himself
        $validation = new Validation();
        if(!$validation->validate([ 'User ID' => [$userId, "notEqual(".$adminId.")"]])) {
            $this->errors  = $validation->errors();
            return false;
        }

        $database = Database::openConnection();
        $database->deleteById("users", $userId);

        if ($database->countRows() !== 1) {
            throw new Exception ("Couldn't delete user");
        }
    }

     /**
      * Counting the number of users in the database.
      *
      * @access public
      * @static static  method
      * @return integer number of users
      *
      */
     public function countUsers(){
         return $this->countAll("users");

     }

     /**
      * Get the backup file from the backup directory in file system
      *
      * @access public
      * @return array
      */
     public function getBackups() {

         $files = scandir(APP . "backups/");
         $basename = $filename = $unixTimestamp = null;

         foreach ($files as $file) {
             if ($file != "." && $file != "..") {

                 $filename_array = explode('-', pathinfo($file, PATHINFO_FILENAME));
                 if(count($filename_array) !== 2){
                     continue;
                 }

                 // backup file has name with something like this: backup-1435788336
                 list($filename, $unixTimestamp) = $filename_array;
                 $basename = $file;
                 break;
             }
         }

         $data = array("basename" => $basename, "filename" => $filename, "date" => "On " . date("F j, Y", $unixTimestamp));
         return $data;
     }

    /**
     * Update the backup file from the backup directory in file system
     * The user of the database MUST be assigned privilege of ADMINISTRATION -> LOCK TABLES.
     *
     * @access public
     * @return bool
     */
    public function updateBackup(){

         $dir = APP . "backups/";
         $files = scandir($dir);

         // delete and clean all current files in backup directory
         foreach ($files as $file) {
             if ($file != "." && $file != "..") {
                 if (is_file("$dir/$file")) {
                     Uploader::deleteFile("$dir/$file");
                 }
             }
         }

         // you can use another username and password only for this function, while the main user has limited privileges
         $windows = true;
         if($windows){
             exec('C:\wamp\bin\mysql\mysql5.6.17\bin\mysqldump --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' . escapeshellcmd(Config::get('DB_PASS')) . ' ' . escapeshellcmd(Config::get('DB_NAME')) . ' > '. APP.'backups\backup-' . time() . '.sql');
         }else{

             exec('mysqldump --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' .escapeshellcmd(Config::get('DB_PASS')). ' '. escapeshellcmd(Config::get('DB_NAME')) .' > '. APP . 'backups/backup-' . time() . '.sql');
         }

         return true;
     }

    /**
     * Restore the backup file
     * The user of the database MUST assigned all privileges of SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, LOCK TABLES, & TRIGGER.
     *
     * @access public
     * @return bool
     *
     */
    public function restoreBackup(){

         $basename = $this->getBackups()["basename"];

         $validation = new Validation();
         $validation->addRuleMessage("required", "Please update backups first!");

         if(!$validation->validate(["Backup" => [$basename, "required"]])) {
             $this->errors = $validation->errors();
             return false;
         }

         $windows = true;
         if($windows){
             exec('C:\wamp\bin\mysql\mysql5.6.17\bin\mysql --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' . escapeshellcmd(Config::get('DB_PASS')) . ' ' . escapeshellcmd(Config::get('DB_NAME')) . ' < '.APP.'\backups\\' . $basename);
         }else{

             exec('mysql --user='.escapeshellcmd(Config::get('DB_USER')).' --password='.escapeshellcmd(Config::get('DB_PASS')).' '.escapeshellcmd(Config::get('DB_NAME')).' < '. APP . 'backups/' . $basename);
         }

         return true;
     }

    /**
     * get users data.
     * Use this method to download users info in database as csv file.
     *
     * @access public
     * @return array
     */
    public function getUsersData(){

        $database = Database::openConnection();

        $database->prepare("SELECT name, role, email, is_email_activated FROM users");
        $database->execute();

        $users = $database->fetchAllAssociative();
        $cols  = array("User Name", "Role", "Email", "is Email Activated?");

        return ["rows" => $users, "cols" => $cols, "filename" => "users"];
    }

 }
   

GitHub Access Token became invalid

Issues (358)

Security Analysis not enabled

app/models/Admin.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		/**
4		* Admin Class
5		* Admin Class inherits from User.
6		*
7		* @license http://opensource.org/licenses/MIT The MIT License (MIT)
8		* @author Omar El Gabry <[email protected]>
9		*/
10
11		class Admin extends User{
		0 ignored issues – show Coding Style Compatibility introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
12
13		/**
14		* get all users in the database
15		*
16		* @access public
17		* @param string $name
18		* @param string $email
19		* @param string $role
20		* @param integer $pageNum
21		* @return array
22		*
23		*/
24		public function getUsers($name = null, $email = null, $role = null, $pageNum = 1){
25
26		// validate user inputs
27		$validation = new Validation();
28	View Code Duplication	if(!$validation->validate([
		0 ignored issues – show Duplication introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
29		'User Name' => [$name, 'alphaNumWithSpaces\|maxLen(30)'],
30		'Email' => [$email, 'email\|maxLen(50)'],
31		'Role' => [$role, 'inArray(admin, user)']])){
32		$this->errors = $validation->errors();
33		return false;
34		}
35
36		// in $options array, add all possible values from user, and their name parameters
37		// then applyOptions() method will see if value is not empty, then add it to our query
38		$options = [
39		$name => "name LIKE :name ",
40		$email => "email = :email ",
41		$role => "role = :role "
42		];
43
44		// get options query
45		$options = $this->applyOptions($options, "AND ");
46		$options = empty($options)? "": "WHERE " . $options;
47
48		$values = [];
49		if (!empty($name)) $values[":name"] = "%". $name ."%";
50		if (!empty($email)) $values[":email"] = $email;
51		if (!empty($role)) $values[":role"] = $role;
52
53		// get pagination object so that we can add offset and limit in our query
54		$pagination = Pagination::pagination("users", $options, $values, $pageNum);
55		$offset = $pagination->getOffset();
56		$limit = $pagination->perPage;
57
58		$database = Database::openConnection();
59		$query = "SELECT id, name, email, role, is_email_activated FROM users ";
60		$query .= $options;
61		$query .= "LIMIT $limit OFFSET $offset";
62
63		$database->prepare($query);
64		$database->execute($values);
65		$users = $database->fetchAllAssociative();
66
67		return array("users" => $users, "pagination" => $pagination);
68		}
69
70		/**
71		* Update info of a passed user id
72		*
73		* @access public
74		* @param integer $userId
75		* @param integer $adminId
76		* @param string $name
77		* @param string $password
78		* @param string $role
79		* @return bool
80		* @throws Exception If password couldn't be updated
81		*
82		*/
83		public function updateUserInfo($userId, $adminId, $name, $password, $role){
84
85		$user = $this->getProfileInfo($userId);
86
87		$name = (!empty($name) && $name !== $user["name"])? $name: null;
88		$role = (!empty($role) && $role !== $user["role"])? $role: null;
89
90		// current admin can't change his role,
91		// changing the role requires to logout or reset session,
92		// because role is stored in the session
93		if(!empty($role) && $adminId === $user["id"]){
94		$this->errors[] = "You can't change your role";
95		return false;
96		}
97
98		$validation = new Validation();
99	View Code Duplication	if(!$validation->validate([
		0 ignored issues – show Duplication introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
100		"Name" => [$name, "alphaNumWithSpaces\|minLen(4)\|maxLen(30)"],
101		"Password" => [$password, "minLen(6)\|password"],
102		'Role' => [$role, "inArray(admin, user)"]])){
103		$this->errors = $validation->errors();
104		return false;
105		}
106
107		if($password \|\| $name \|\| $role) {
		0 ignored issues – show Bug Best Practice introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$name` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history... Bug Best Practice introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$role` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
108
109		$options = [
110		$name => "name = :name ",
111		$password => "hashed_password = :hashed_password ",
112		$role => "role = :role "
113		];
114
115		$database = Database::openConnection();
116		$query = "UPDATE users SET ";
117		$query .= $this->applyOptions($options, ", ");
118		$query .= "WHERE id = :id LIMIT 1 ";
119		$database->prepare($query);
120
121		if($name) {
		0 ignored issues – show Bug Best Practice introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$name` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
122		$database->bindValue(':name', $name);
123		}
124	View Code Duplication	if($password) {
		0 ignored issues – show Duplication introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
125		$database->bindValue(':hashed_password', password_hash($password, PASSWORD_DEFAULT, array('cost' => Config::get('HASH_COST_FACTOR'))));
126		}
127		if($role){
		0 ignored issues – show Bug Best Practice introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$role` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
128		$database->bindValue(':role', $role);
129		}
130
131		$database->bindValue(':id', $userId);
132		$result = $database->execute();
133
134		if(!$result){
135		throw new Exception("Couldn't update profile");
136		}
137		}
138
139		return true;
140		}
141
142		/**
143		* Delete a user.
144		*
145		* @param string $adminId
146		* @param integer $userId
147		* @throws Exception
148		*/
149		public function deleteUser($adminId, $userId){
150
151		// current admin can't delete himself
152		$validation = new Validation();
153		if(!$validation->validate([ 'User ID' => [$userId, "notEqual(".$adminId.")"]])) {
154		$this->errors = $validation->errors();
155		return false;
156		}
157
158		$database = Database::openConnection();
159		$database->deleteById("users", $userId);
160
161		if ($database->countRows() !== 1) {
162		throw new Exception ("Couldn't delete user");
163		}
164		}
165
166		/**
167		* Counting the number of users in the database.
168		*
169		* @access public
170		* @static static method
171		* @return integer number of users
172		*
173		*/
174		public function countUsers(){
175		return $this->countAll("users");
		0 ignored issues – show Unused Code introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Admin::countAll()` has too many arguments starting with `'users'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
176		}
177
178		/**
179		* Get the backup file from the backup directory in file system
180		*
181		* @access public
182		* @return array
183		*/
184		public function getBackups() {
185
186		$files = scandir(APP . "backups/");
187		$basename = $filename = $unixTimestamp = null;
188
189		foreach ($files as $file) {
190		if ($file != "." && $file != "..") {
191
192		$filename_array = explode('-', pathinfo($file, PATHINFO_FILENAME));
193		if(count($filename_array) !== 2){
194		continue;
195		}
196
197		// backup file has name with something like this: backup-1435788336
198		list($filename, $unixTimestamp) = $filename_array;
199		$basename = $file;
200		break;
201		}
202		}
203
204		$data = array("basename" => $basename, "filename" => $filename, "date" => "On " . date("F j, Y", $unixTimestamp));
205		return $data;
206		}
207
208		/**
209		* Update the backup file from the backup directory in file system
210		* The user of the database MUST be assigned privilege of ADMINISTRATION -> LOCK TABLES.
211		*
212		* @access public
213		* @return bool
214		*/
215		public function updateBackup(){
216
217		$dir = APP . "backups/";
218		$files = scandir($dir);
219
220		// delete and clean all current files in backup directory
221		foreach ($files as $file) {
222		if ($file != "." && $file != "..") {
223		if (is_file("$dir/$file")) {
224		Uploader::deleteFile("$dir/$file");
225		}
226		}
227		}
228
229		// you can use another username and password only for this function, while the main user has limited privileges
230		$windows = true;
231		if($windows){
232		exec('C:\wamp\bin\mysql\mysql5.6.17\bin\mysqldump --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' . escapeshellcmd(Config::get('DB_PASS')) . ' ' . escapeshellcmd(Config::get('DB_NAME')) . ' > '. APP.'backups\backup-' . time() . '.sql');
233	View Code Duplication	}else{
		0 ignored issues – show Duplication introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
234		exec('mysqldump --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' .escapeshellcmd(Config::get('DB_PASS')). ' '. escapeshellcmd(Config::get('DB_NAME')) .' > '. APP . 'backups/backup-' . time() . '.sql');
235		}
236
237		return true;
238		}
239
240		/**
241		* Restore the backup file
242		* The user of the database MUST assigned all privileges of SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, LOCK TABLES, & TRIGGER.
243		*
244		* @access public
245		* @return bool
246		*
247		*/
248		public function restoreBackup(){
249
250		$basename = $this->getBackups()["basename"];
251
252		$validation = new Validation();
253		$validation->addRuleMessage("required", "Please update backups first!");
254
255		if(!$validation->validate(["Backup" => [$basename, "required"]])) {
256		$this->errors = $validation->errors();
257		return false;
258		}
259
260		$windows = true;
261		if($windows){
262		exec('C:\wamp\bin\mysql\mysql5.6.17\bin\mysql --user=' . escapeshellcmd(Config::get('DB_USER')) . ' --password=' . escapeshellcmd(Config::get('DB_PASS')) . ' ' . escapeshellcmd(Config::get('DB_NAME')) . ' < '.APP.'\backups\\' . $basename);
263	View Code Duplication	}else{
		0 ignored issues – show Duplication introduced 2015-11-27 07:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
264		exec('mysql --user='.escapeshellcmd(Config::get('DB_USER')).' --password='.escapeshellcmd(Config::get('DB_PASS')).' '.escapeshellcmd(Config::get('DB_NAME')).' < '. APP . 'backups/' . $basename);
265		}
266
267		return true;
268		}
269
270		/**
271		* get users data.
272		* Use this method to download users info in database as csv file.
273		*
274		* @access public
275		* @return array
276		*/
277		public function getUsersData(){
278
279		$database = Database::openConnection();
280
281		$database->prepare("SELECT name, role, email, is_email_activated FROM users");
282		$database->execute();
283
284		$users = $database->fetchAllAssociative();
285		$cols = array("User Name", "Role", "Email", "is Email Activated?");
286
287		return ["rows" => $users, "cols" => $cols, "filename" => "users"];
288		}
289
290		}
291

OmarElGabry / miniPHP

GitHub Access Token became invalid

Issues (358)

Security Analysis not enabled

app/models/Admin.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like