Completed
Pull Request — development (#794)
by Nick
07:51 queued 03:49
created

user::getPassword()   A

Complexity

Conditions 1
Paths 1

Size

Total Lines 4

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
nc 1
nop 0
dl 0
loc 4
rs 10
c 0
b 0
f 0
1
<?php
2
/***************************************************************************
3
 * for license information see LICENSE.md
4
 *
5
 *
6
 *   get/set has to be commited with save
7
 *   add/remove etc. is executed instantly
8
 ***************************************************************************/
9
10
use OcLegacy\Util\PasswordCrypt;
11
12
require_once __DIR__ . '/cracklib.inc.php';
13
require_once __DIR__ . '/../translate.class.php';
14
15
class user
16
{
17
    public $nUserId = 0;
18
19
    public $reUser;
20
    public $reUserStat;
21
22
    /**
23
     * @param string $email
24
     *
25
     * @return null|user
26
     */
27
    public static function fromEMail($email)
28
    {
29
        $userId = (int) sql_value("SELECT `user_id` FROM `user` WHERE `email`='&1'", 0, $email);
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
30
        if ($userId === 0) {
31
            return null;
32
        }
33
34
        return new self($userId);
35
    }
36
37
    /**
38
     * @param string $username
39
     *
40
     * @return null|user
41
     */
42
    public static function fromUsername($username)
43
    {
44
        $userId = (int) sql_value("SELECT `user_id` FROM `user` WHERE `username`='&1'", 0, $username);
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
45
        if ($userId === 0) {
46
            return null;
47
        }
48
49
        return new self($userId);
50
    }
51
52
    public function __construct($nNewUserId = ID_NEW)
53
    {
54
        global $opt;
55
56
        $this->reUser = new rowEditor('user');
57
        $this->reUser->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT);
58
        $this->reUser->addString('username', '', false);
59
        $this->reUser->addString('password', null, true);
60
        $this->reUser->addString('email', null, true);
61
        $this->reUser->addString('email_problems', 0, false);
62
        $this->reUser->addDate('last_email_problem', null, true);
63
        $this->reUser->addInt('mailing_problems', 0, false);
64
        $this->reUser->addFloat('latitude', 0, false);
65
        $this->reUser->addFloat('longitude', 0, false);
66
        $this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
67
        $this->reUser->addBoolean('is_active_flag', false, false);
68
        $this->reUser->addString('last_name', '', false);
69
        $this->reUser->addString('first_name', '', false);
70
        $this->reUser->addString('country', null, true);
71
        $this->reUser->addBoolean('accept_mailing', 1, false);
72
        $this->reUser->addBoolean('pmr_flag', false, false);
73
        $this->reUser->addString('new_pw_code', null, true);
74
        $this->reUser->addDate('new_pw_date', null, true);
75
        $this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE);
76
        $this->reUser->addString('new_email_code', null, true);
77
        $this->reUser->addDate('new_email_date', null, true);
78
        $this->reUser->addString('new_email', null, true);
79
        $this->reUser->addString('uuid', '', false, RE_INSERT_AUTOUUID);
80
        $this->reUser->addBoolean('permanent_login_flag', false, false);
81
        $this->reUser->addInt('watchmail_mode', 1, false);
82
        $this->reUser->addInt('watchmail_hour', 0, false);
83
        $this->reUser->addDate('watchmail_nextmail', time(), false);
84
        $this->reUser->addInt('watchmail_day', 0, false);
85
        $this->reUser->addString('activation_code', '', false);
86
        $this->reUser->addBoolean('no_htmledit_flag', false, false);
87
        $this->reUser->addBoolean('usermail_send_addr', false, false);
88
        $this->reUser->addInt('notify_radius', 0, false);
89
        $this->reUser->addInt('notify_oconly', 1, false);
90
        $this->reUser->addString('language', null, true);
91
        $this->reUser->addInt('admin', 0, false);
92
        $this->reUser->addInt('data_license', $opt['logic']['license']['newusers'], false);
93
        $this->reUser->addInt('node', 0, false);
94
95
        $this->reUserStat = new rowEditor('stat_user');
96
        $this->reUserStat->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT);
97
        $this->reUserStat->addInt('found', 0, false);
98
        $this->reUserStat->addInt('notfound', 0, false);
99
        $this->reUserStat->addInt('note', 0, false);
100
        $this->reUserStat->addInt('hidden', 0, false);
101
102
        $this->nUserId = $nNewUserId + 0;
103
104
        if ($nNewUserId === ID_NEW) {
105
            $this->reUser->addNew(null);
106
        } else {
107
            $this->reUser->load($this->nUserId);
108
            $this->reUserStat->load($this->nUserId);
109
        }
110
    }
111
112
    public function exist()
113
    {
114
        return $this->reUser->exist();
115
    }
116
117
    /**
118
     * @param string $username
119
     *
120
     * @return bool
121
     */
122
    public static function existUsername($username)
123
    {
124
        return sql_value("SELECT COUNT(*) FROM `user` WHERE `username`='&1'", 0, $username) != 0;
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
125
    }
126
127
    /**
128
     * @param string $email
129
     *
130
     * @return bool
131
     */
132
    public static function existEMail($email)
133
    {
134
        return sql_value("SELECT COUNT(*) FROM `user` WHERE `email`='&1'", 0, $email) != 0;
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
135
    }
136
137
    public function getUserId()
138
    {
139
        return $this->nUserId;
140
    }
141
142
    public function getUsername()
143
    {
144
        return $this->reUser->getValue('username');
145
    }
146
147
    /**
148
     * @param string $value
149
     * @return bool
150
     */
151 View Code Duplication
    public function setUsername($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
152
    {
153
        if (!mb_ereg_match(REGEX_USERNAME, $value)) {
154
            return false;
155
        }
156
157
        if (is_valid_email_address($value)) {
158
            return false;
159
        }
160
161
        return $this->reUser->setValue('username', $value);
162
    }
163
164
    public function getUsernameChanged()
165
    {
166
        return $this->reUser->getChanged('username');
167
    }
168
169
    public function getEMail()
170
    {
171
        return $this->reUser->getValue('email');
172
    }
173
174
    public function setEMail($value)
175
    {
176
        if (!is_valid_email_address($value)) {
177
            return false;
178
        }
179
180
        return $this->reUser->setValue('email', $value);
181
    }
182
183
    public function getPassword()
184
    {
185
        return $this->reUser->getValue('password');
186
    }
187
188
    public function setPassword($password)
189
    {
190
        if (!mb_ereg_match(REGEX_PASSWORD, $password)) {
191
            return false;
192
        }
193
194
        if (cracklib_checkpw(
195
            $password,
196
            [
197
                'open',
198
                'caching',
199
                'cache',
200
                $this->getUsername(),
201
                $this->getFirstName(),
202
                $this->getLastName(),
203
            ]
204
        ) === false) {
205
            return false;
206
        }
207
208
        $encryptedPassword = PasswordCrypt::encryptPassword($password);
209
210
        return $this->reUser->setValue('password', $encryptedPassword);
211
    }
212
213
    public function getFirstName()
214
    {
215
        return $this->reUser->getValue('first_name');
216
    }
217
218
    /**
219
     * @param string $value
220
     * @return bool
221
     */
222
    public function setFirstName($value)
223
    {
224
        if ($value !== '') {
225
            if (!mb_ereg_match(REGEX_FIRST_NAME, $value)) {
226
                return false;
227
            }
228
        }
229
230
        return $this->reUser->setValue('first_name', $value);
231
    }
232
233
    public function getLastName()
234
    {
235
        return $this->reUser->getValue('last_name');
236
    }
237
238
    /**
239
     * @param string $value
240
     * @return bool
241
     */
242
    public function setLastName($value)
243
    {
244
        if ($value !== '') {
245
            if (!mb_ereg_match(REGEX_LAST_NAME, $value)) {
246
                return false;
247
            }
248
        }
249
250
        return $this->reUser->setValue('last_name', $value);
251
    }
252
253
    public function getCountry()
254
    {
255
        return countriesList::getCountryLocaleName($this->reUser->getValue('country'));
256
    }
257
258
    public function getCountryCode()
259
    {
260
        return $this->reUser->getValue('country');
261
    }
262
263 View Code Duplication
    public function setCountryCode($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
264
    {
265
        if ($value !== null && (sql_value("SELECT COUNT(*) FROM countries WHERE short='&1'", 0, $value) == 0)) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
266
            return false;
267
        }
268
269
        return $this->reUser->setValue('country', $value);
270
    }
271
272
    public function getLanguageCode()
273
    {
274
        return $this->reUser->getValue('language');
275
    }
276
277 View Code Duplication
    public function setLanguageCode($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
278
    {
279
        if ($value !== null && (sql_value("SELECT COUNT(*) FROM languages WHERE short='&1'", 0, $value) == 0)) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
280
            return false;
281
        }
282
283
        return $this->reUser->setValue('language', $value);
284
    }
285
286
    public function getLatitude()
287
    {
288
        return $this->reUser->getValue('latitude');
289
    }
290
291
    /**
292
     * @param float $value
293
     * @return bool
294
     */
295 View Code Duplication
    public function setLatitude($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
296
    {
297
        if (($value + 0) > 90 || ($value + 0) < - 90) {
298
            return false;
299
        }
300
301
        return $this->reUser->setValue('latitude', $value + 0);
302
    }
303
304
    public function getLongitude()
305
    {
306
        return $this->reUser->getValue('longitude');
307
    }
308
309
    /**
310
     * @param float $value
311
     * @return bool
312
     */
313 View Code Duplication
    public function setLongitude($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
314
    {
315
        if (($value + 0) > 180 || ($value + 0) < -180) {
316
            return false;
317
        }
318
319
        return $this->reUser->setValue('longitude', $value + 0);
320
    }
321
322
    public function getNotifyRadius()
323
    {
324
        return $this->reUser->getValue('notify_radius');
325
    }
326
327
    /**
328
     * @param int $value
329
     * @return bool
330
     */
331 View Code Duplication
    public function setNotifyRadius($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
332
    {
333
        if (($value + 0) < 0 || ($value + 0) > 150) {
334
            return false;
335
        }
336
337
        return $this->reUser->setValue('notify_radius', $value + 0);
338
    }
339
340
    public function getNotifyOconly()
341
    {
342
        return $this->reUser->getValue('notify_oconly') != 0;
343
    }
344
345
    /**
346
     * @param bool $value
347
     * @return bool
348
     */
349
    public function setNotifyOconly($value)
350
    {
351
        return $this->reUser->setValue('notify_oconly', $value ? 1 : 0);
352
    }
353
354
    public function getPermanentLogin()
355
    {
356
        return $this->reUser->getValue('permanent_login_flag');
357
    }
358
359
    public function setPermanentLogin($value)
360
    {
361
        return $this->reUser->setValue('permanent_login_flag', $value);
362
    }
363
364
    public function getAccMailing()
365
    {
366
        return $this->reUser->getValue('accept_mailing');
367
    }
368
369
    public function setAccMailing($value)
370
    {
371
        return $this->reUser->setValue('accept_mailing', $value);
372
    }
373
374
    public function getUsermailSendAddress()
375
    {
376
        return $this->reUser->getValue('usermail_send_addr');
377
    }
378
379
    public function setUsermailSendAddress($value)
380
    {
381
        return $this->reUser->setValue('usermail_send_addr', $value);
382
    }
383
384
    public function getUsePMR()
385
    {
386
        return $this->reUser->getValue('pmr_flag');
387
    }
388
389
    public function setUsePMR($value)
390
    {
391
        return $this->reUser->setValue('pmr_flag', $value);
392
    }
393
394
    public function getIsActive()
395
    {
396
        return $this->reUser->getValue('is_active_flag');
397
    }
398
399
    public function setIsActive($value)
400
    {
401
        return $this->reUser->setValue('is_active_flag', $value);
402
    }
403
404
    public function getActivationCode()
405
    {
406
        return $this->reUser->getValue('activation_code');
407
    }
408
409
    public function setActivationCode($value)
410
    {
411
        return $this->reUser->setValue('activation_code', $value);
412
    }
413
414
    public function getNewPWCode()
415
    {
416
        return $this->reUser->getValue('new_pw_code');
417
    }
418
419
    /**
420
     * @param string|null $value
421
     * @return bool
422
     */
423
    public function setNewPWCode($value)
424
    {
425
        return $this->reUser->setValue('new_pw_code', $value);
426
    }
427
428
    public function getNewPWDate()
429
    {
430
        return $this->reUser->getValue('new_pw_date');
431
    }
432
433
    /**
434
     * @param int|null $value
435
     * @return bool
436
     */
437
    public function setNewPWDate($value)
438
    {
439
        return $this->reUser->setValue('new_pw_date', $value);
440
    }
441
442
    public function getNewEMailCode()
443
    {
444
        return $this->reUser->getValue('new_email_code');
445
    }
446
447
    /**
448
     * @param string|null $value
449
     * @return bool
450
     */
451
    public function setNewEMailCode($value)
452
    {
453
        return $this->reUser->setValue('new_email_code', $value);
454
    }
455
456
    public function getNewEMailDate()
457
    {
458
        return $this->reUser->getValue('new_email_date');
459
    }
460
461
    /**
462
     * @param int|null $value
463
     * @return bool
464
     */
465
    public function setNewEMailDate($value)
466
    {
467
        return $this->reUser->setValue('new_email_date', $value);
468
    }
469
470
    public function getNewEMail()
471
    {
472
        return $this->reUser->getValue('new_email');
473
    }
474
475 View Code Duplication
    public function setNewEMail($value)
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
476
    {
477
        if ($value !== null) {
478
            if (!is_valid_email_address($value)) {
479
                return false;
480
            }
481
482
            if (self::existEMail($value)) {
483
                return false;
484
            }
485
        }
486
487
        return $this->reUser->setValue('new_email', $value);
488
    }
489
490
    public function getWatchmailMode()
491
    {
492
        return $this->reUser->getValue('watchmail_mode');
493
    }
494
495
    public function setWatchmailMode($value)
496
    {
497
        $this->setWatchmailNext('0000-00-00 00:00:00');
498
499
        return $this->reUser->setValue('watchmail_mode', $value);
500
    }
501
502
    public function getWatchmailHour()
503
    {
504
        return $this->reUser->getValue('watchmail_hour');
505
    }
506
507
    public function setWatchmailHour($value)
508
    {
509
        $this->setWatchmailNext('0000-00-00 00:00:00');
510
511
        return $this->reUser->setValue('watchmail_hour', $value);
512
    }
513
514
    public function getWatchmailDay()
515
    {
516
        return $this->reUser->getValue('watchmail_day');
517
    }
518
519
    public function setWatchmailDay($value)
520
    {
521
        $this->setWatchmailNext('0000-00-00 00:00:00');
522
523
        return $this->reUser->setValue('watchmail_day', $value);
524
    }
525
526
    public function getWatchmailNext()
527
    {
528
        return $this->reUser->getValue('watchmail_nextmail');
529
    }
530
531
    /**
532
     * @param string $value
533
     * @return bool
534
     */
535
    public function setWatchmailNext($value)
536
    {
537
        return $this->reUser->setValue('watchmail_nextmail', $value);
538
    }
539
540
    public function getStatFound()
541
    {
542
        if ($this->reUserStat->exist()) {
543
            return sql_value(
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
544
                'SELECT COUNT(*)
545
                 FROM (SELECT cache_id
546
                       FROM cache_logs
547
                       WHERE user_id = "&1"
548
                       AND type = 1
549
                       GROUP BY cache_id
550
                ) as tmp
551
                ',
552
                0,
553
                $this->getUserId()
554
            );
555
        }
556
557
        return 0;
558
    }
559
560
    public function getStatNotFound()
561
    {
562
        if ($this->reUserStat->exist()) {
563
            return $this->reUserStat->getValue('notfound');
564
        }
565
566
        return 0;
567
    }
568
569
    public function getStatNote()
570
    {
571
        if ($this->reUserStat->exist()) {
572
            return $this->reUserStat->getValue('note');
573
        }
574
575
        return 0;
576
    }
577
578
    public function getStatHidden()
579
    {
580
        if ($this->reUserStat->exist()) {
581
            return $this->reUserStat->getValue('hidden');
582
        }
583
584
        return 0;
585
    }
586
587
    public function getDateRegistered()
588
    {
589
        return $this->reUser->getValue('date_created');
590
    }
591
592
    public function getUUID()
593
    {
594
        return $this->reUser->getValue('uuid');
595
    }
596
597
    public function getLastModified()
598
    {
599
        return $this->reUser->getValue('last_modified');
600
    }
601
602
    public function getDateCreated()
603
    {
604
        return $this->reUser->getValue('date_created');
605
    }
606
607
    public function getAdmin()
608
    {
609
        return $this->reUser->getValue('admin');
610
    }
611
612
    public function getNode()
613
    {
614
        return $this->reUser->getValue('node');
615
    }
616
617
    public function setNode($value)
618
    {
619
        return $this->reUser->setValue('node', $value);
620
    }
621
622
    public function getAnyChanged()
623
    {
624
        return $this->reUser->getAnyChanged();
625
    }
626
627
    // return if successful (with insert)
628
    public function save()
629
    {
630
        sql_slave_exclude();
0 ignored issues
show
Deprecated Code introduced by
The function sql_slave_exclude() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
631
        if ($this->reUser->save()) {
632
            if ($this->getUserId() == ID_NEW) {
633
                $this->nUserId = $this->reUser->getValue('user_id');
634
            }
635
            $this->getStatpic()->invalidate();
636
637
            return true;
638
        }
639
640
        return false;
641
    }
642
643
    public function getStatpic()
644
    {
645
        return new statpic($this->nUserId);
646
    }
647
648
    public static function createCode()
649
    {
650
        return mb_strtoupper(mb_substr(md5(uniqid('', true)), 0, 13));
651
    }
652
653
    public function requestNewPWCode()
654
    {
655
        global $translate;
656
657
        if (!$this->exist()) {
658
            return false;
659
        }
660
661
        $email = $this->getEMail();
662
        if ($email === null || $email === '') {
663
            return false;
664
        }
665
666
        if (!$this->getIsActive()) {
667
            return false;
668
        }
669
670
        $this->setNewPWCode(self::createCode());
671
        if (!$this->reUser->saveField('new_pw_code')) {
672
            return false;
673
        }
674
675
        $this->setNewPWDate(time());
676
        if (!$this->reUser->saveField('new_pw_date')) {
677
            return false;
678
        }
679
680
        // send confirmation
681
        $mail = new mail();
682
        $mail->name = 'newpw';
683
        $mail->to = $email;
684
        $mail->subject = $translate->t('New password code', '', basename(__FILE__), __LINE__);
685
        $mail->assign('code', $this->getNewPWCode());
686
        $mail->send();
687
688
        return true;
689
    }
690
691
    public function clearNewPWCode()
692
    {
693
        $this->setNewPWCode(null);
694
        if (!$this->reUser->saveField('new_pw_code')) {
695
            return false;
696
        }
697
698
        $this->setNewPWDate(null);
699
        if (!$this->reUser->saveField('new_pw_date')) {
700
            return false;
701
        }
702
703
        return true;
704
    }
705
706
    public function requestNewEMail($email)
707
    {
708
        global $translate;
709
710
        if (!$this->exist()) {
711
            return false;
712
        }
713
714
        $storedEMail = $this->getEMail();
715
716
        if (mb_strtolower($storedEMail) == mb_strtolower($email)) {
717
            return false;
718
        }
719
720
        if ($storedEMail === null || $storedEMail == '') {
721
            return false;
722
        }
723
724
        if (!$this->getIsActive()) {
725
            return false;
726
        }
727
728
        $this->setNewEMailCode(self::createCode());
729
        if (!$this->reUser->saveField('new_email_code')) {
730
            return false;
731
        }
732
733
        $this->setNewEMailDate(time());
734
        if (!$this->reUser->saveField('new_email_date')) {
735
            return false;
736
        }
737
738
        $this->setNewEMail($email);
739
        if (!$this->reUser->saveField('new_email')) {
740
            return false;
741
        }
742
743
        // send confirmation
744
        $mail = new mail();
745
        $mail->name = 'newemail';
746
        $mail->to = $email;
747
        $mail->subject = $translate->t('New email code', '', basename(__FILE__), __LINE__);
748
        $mail->assign('code', $this->getNewEMailCode());
749
        $mail->send();
750
751
        return true;
752
    }
753
754
    public function clearNewEMailCode()
755
    {
756
        $this->setNewEMailCode(null);
757
        if (!$this->reUser->saveField('new_email_code')) {
758
            return false;
759
        }
760
761
        $this->setNewEMailDate(null);
762
        if (!$this->reUser->saveField('new_email_date')) {
763
            return false;
764
        }
765
766
        $this->setNewEMail(null);
767
        if (!$this->reUser->saveField('new_email')) {
768
            return false;
769
        }
770
771
        return true;
772
    }
773
774
    public function remindEMail()
775
    {
776
        global $translate;
777
778
        if (!$this->exist()) {
779
            return false;
780
        }
781
782
        $email = $this->getEMail();
783
        if ($email === null || $email === '') {
784
            return false;
785
        }
786
787
        if (!$this->getIsActive()) {
788
            return false;
789
        }
790
791
        // send confirmation
792
        $mail = new mail();
793
        $mail->name = 'remindemail';
794
        $mail->to = $email;
795
        $mail->subject = $translate->t('Reminder to your E-Mail-Address', '', basename(__FILE__), __LINE__);
796
        $mail->assign('username', $this->getUsername());
797
        $mail->assign('email', $email);
798
        $mail->send();
799
800
        return true;
801
    }
802
803
    public function sendRegistrationCode()
804
    {
805
        global $opt, $translate;
806
807
        $countriesList = new countriesList();
808
809
        $mail = new mail();
810
        $mail->name = 'register';
811
        $mail->to = $this->getEMail();
812
        $mail->subject = $translate->t('Registration confirmation', '', basename(__FILE__), __LINE__);
813
        $mail->assign('domain', $opt['page']['domain']);
814
        $mail->assign('activation_page', $opt['page']['absolute_url'] . 'activation.php');
815
        $mail->assign('short_activation_page', $opt['page']['absolute_url'] . 'a.php');
816
        $mail->assign('username', $this->getUsername());
817
        $mail->assign('userid', $this->getUserId());
818
        $mail->assign('last_name', $this->getLastName());
819
        $mail->assign('first_name', $this->getFirstName());
820
        $mail->assign('country', $countriesList::getCountryLocaleName($this->getCountryCode()));
821
        $mail->assign('code', $this->getActivationCode());
822
823
        if ($mail->send()) {
824
            return true;
825
        }
826
827
        return false;
828
    }
829
830
    public function sendEMail($nFromUserId, $sSubject, $sText, $bSendEMailAddress)
831
    {
832
        global $opt, $translate;
833
834
        if ($this->exist() == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
835
            return false;
836
        }
837
838
        if ($this->getIsActive() == false) {
839
            return false;
840
        }
841
842
        if ($this->getEMail() === null || $this->getEMail() == '') {
843
            return false;
844
        }
845
846
        if ($sSubject === '') {
847
            return false;
848
        }
849
850
        if ($sText === '') {
851
            return false;
852
        }
853
854
        if (mb_strpos($sSubject, "\n") !== false) {
855
            $sSubject = mb_substr($sSubject, 0, mb_strpos($sSubject, "\n"));
856
        }
857
        $sSubject = mb_trim($sSubject);
858
859
        $fromUser = new self($nFromUserId);
860
        if ($fromUser->exist() == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
861
            return false;
862
        }
863
        if ($fromUser->getIsActive() == false) {
864
            return false;
865
        }
866
        if ($fromUser->getEMail() === null || $fromUser->getEMail() === '') {
867
            return false;
868
        }
869
870
        $language = $this->getLanguageCode();
871
        if (!$language) {
872
            $language = $opt['template']['locale'];
873
        }
874
875
        // ok, we can send ...
876
        $mail = new mail();
877
        $mail->name = 'usercontactmail';
878
        $mail->to = $this->getEMail();
879
        $mail->recipient_locale = $this->getLanguageCode();
880
881
        $mail->from = $opt['mail']['usermail'];
882
883
        if ($bSendEMailAddress == true) {
884
            $mail->replyTo = $fromUser->getEMail();
885
            $mail->returnPath = $fromUser->getEMail();
886
        }
887
888
        $mail->subject = $translate->t('E-Mail from', '', basename(__FILE__), __LINE__, '', 1, $language) . ' ' . $fromUser->getUsername() . ': ' . $sSubject;
889
        $mail->assign('usersubject', $sSubject);
890
        $mail->assign('text', $sText);
891
        $mail->assign('username', $this->getUsername());
892
        $mail->assign('sendemailaddress', $bSendEMailAddress);
893
        $mail->assign('fromusername', $fromUser->getUsername());
894
        $mail->assign('fromuserid', $fromUser->getUserId());
895
        $mail->assign('fromuseremail', $fromUser->getEMail());
896
897
        if ($mail->send($opt['page']['default_absolute_url'])) {
898
            // send copy to fromUser
899
            $mail->assign('copy', true);
900
            $mail->to = $fromUser->getEMail();
901
            $mail->send();
902
903
            // log
904
            sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
905
                "INSERT INTO `email_user` (`ipaddress`, `from_user_id`, `from_email`, `to_user_id`, `to_email`)
906
                 VALUES ('&1', '&2', '&3', '&4', '&5')",
907
                $_SERVER['REMOTE_ADDR'],
908
                $fromUser->getUserId(),
909
                $fromUser->getEMail(),
910
                $this->getUserId(),
911
                $this->getEMail()
912
            );
913
914
            return true;
915
        }
916
917
        return false;
918
    }
919
920 View Code Duplication
    public function canDisable()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
921
    {
922
        global $login;
923
        $login->verify();
924
925
        if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) {
926
            return false;
927
        }
928
929
        if ($this->getIsActive() != 0) {
930
            return true;
931
        }
932
933
        return false;
934
    }
935
936
    public function disable()
937
    {
938
        global $login, $translate;
939
940
        if ($this->canDisable() == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
941
            return false;
942
        }
943
944
        // write old record to log
945
        $backup = array();
946
        $backup['username'] = $this->getUsername();
947
        $backup['email'] = $this->getEMail();
948
        $backup['last_name'] = $this->getLastName();
949
        $backup['first_name'] = $this->getFirstName();
950
        $backup['country'] = $this->getCountryCode();
951
        $backup['latitude'] = $this->getLatitude();
952
        $backup['longitude'] = $this->getLongitude();
953
954
        sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
955
            "INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`)
956
             VALUES ('user', 6, '&1', '&2', '&3', '&4', '&5')",
957
            $login->userid,
958
            $this->nUserId,
959
            0,
960
            'User ' . sql_escape($this->getUsername()) . ' disabled',
0 ignored issues
show
Deprecated Code introduced by
The function sql_escape() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
961
            serialize($backup)
962
        );
963
964
        // delete private and system data
965
        sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
966
            "UPDATE `user` SET `password`=NULL, `email`=NULL, `last_name`='', `first_name`='',
967
                               `country`=NULL, `latitude`=0, `longitude`=0, `is_active_flag`=0, `activation_code`='',
968
                               `new_pw_code`=NULL, `new_pw_date`=NULL, `new_email`=NULL, `new_email_code`=NULL,
969
                               `new_email_date`=NULL, `email_problems`=0, `first_email_problem`=NULL,
970
                               `last_email_problem`=NULL
971
             WHERE `user_id`='&1'",
972
            $this->nUserId
973
        );
974
975
        // non-private data which need not to be deleted:
976
        //
977
        //   - Statpic and profile description texts - published under the data license
978
        //   - profile settings: accept_mailing, pmr_flag, permanent_login_flag, notify_radius,
979
        //                       user_options entries
980
        //   - watch and ignore lists
981
        //   - adoptions: may still be executed if offered to another user
982
983
        // Handling of cache lists is unclear. They may be deleted by the Opencaching team
984
        // if not considered useful.
985
986
        // lock the user's caches
987
        $error = false;
988
        $rs = sql("SELECT `cache_id` FROM `caches` WHERE `user_id`='&1' AND `status` IN (1,2,3)", $this->nUserId);
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
989
        while (($rCache = sql_fetch_assoc($rs)) && !$error) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_fetch_assoc() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
990
            $error = true;
991
            $cache = new cache($rCache['cache_id']);
992
            if ($cache->setStatus(6) && $cache->save()) {
993
                $log = cachelog::createNew($rCache['cache_id'], $login->userid);
994
                if ($log !== false) {
995
                    $log->setType(cachelog::LOGTYPE_LOCKED, true);
996
                    $log->setOcTeamComment(true);
997
                    $log->setDate(date('Y-m-d'));
998
                    $log->setText($translate->t(
999
                        'The user account has been disabled.',
1000
                        '',
1001
                        '',
1002
                        0,
1003
                        '',
1004
                        1,
1005
                        $cache->getDefaultDescLanguage()
1006
                    ));
1007
                    $log->setTextHtml(false);
1008
                    if ($log->save()) {
1009
                        $error = false;
1010
                    }
1011
                }
1012
            }
1013
            echo "\n";
1014
        }
1015
        sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1016
1017
        return !$error;
1018
    }
1019
1020 View Code Duplication
    public function canDisableDueLicense()
0 ignored issues
show
Duplication introduced by
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
1021
    {
1022
        global $login;
1023
        $login->verify();
1024
1025
        if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) {
1026
            return false;
1027
        }
1028
1029
        return true;
1030
    }
1031
1032
    /**
1033
     * disables user (if not disabled), removes all licensed content from db and
1034
     * replaces every picture with a dummy one
1035
     *
1036
     * @param bool $old_disabled
1037
     * @return string error message, if anything went wrong, true otherwise
1038
     * old_disabled: the user was disabled already before license transition
1039
     * and therefore could not accept/decline the license
1040
     */
1041
    public function disduelicense($old_disabled = false)
1042
    {
1043
1044
        // get translation-object
1045
        global $translate;
1046
1047
        // check if disabled, disable if not
1048
        if (!$this->canDisableDueLicense()) {
1049
            return 'this user must not be disabled';
1050
        }
1051
1052
        if (!$old_disabled) {
1053
            if ($this->canDisable()) {
1054
                if (!$this->disable()) {
1055
                    return 'disable user failed';
1056
                }
1057
            }
1058
        }
1059
1060
        // remember that data license was declined
1061
        sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1062
            "UPDATE user SET data_license='&2' WHERE user_id='&1'",
1063
            $this->getUserId(),
1064
            $old_disabled ? NEW_DATA_LICENSE_PASSIVELY_DECLINED : NEW_DATA_LICENSE_ACTIVELY_DECLINED
1065
        );
1066
1067
        /*
1068
         * set all cache_desc and hint to '', save old texts
1069
         */
1070
        // check if there are caches
1071
        $num_caches = sql_value(
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1072
            "SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'",
1073
            0,
1074
            $this->getUserId()
1075
        );
1076
        if ($num_caches > 0) {
1077
            $cache_descs = array();
1078
            $rs = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1079
                'SELECT `id`, `language`, `desc`, `hint` ' .
1080
                'FROM `cache_desc`,`caches` ' .
1081
                'WHERE `caches`.`cache_id`=`cache_desc`.`cache_id` ' .
1082
                "AND `caches`.`user_id`='&1'",
1083
                $this->getUserId()
1084
            );
1085
            while ($cache_desc = sql_fetch_array($rs, MYSQLI_ASSOC)) {
0 ignored issues
show
Documentation introduced by
$rs is of type object<mysqli_result>, but the function expects a resource.

It seems like the type of the argument is not accepted by the function/method which you are calling.

In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.

We suggest to add an explicit type cast like in the following example:

function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
Loading history...
Unused Code introduced by
The call to sql_fetch_array() has too many arguments starting with MYSQLI_ASSOC.

This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.

In this case you can add the @ignore PhpDoc annotation to the duplicate definition and it will be ignored.

Loading history...
Deprecated Code introduced by
The function sql_fetch_array() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1086
                $cache_descs[] = $cache_desc;
1087
            }
1088
            sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1089
1090
            // walk through cache_descs and set message for each language
1091
            foreach ($cache_descs as $desc) {
1092
                // save text - added 2013/03/18 to be enable restoring data on reactivation
1093
                // of accounts that were disabled before license transition
1094 View Code Duplication
                if ($desc['desc'] != '') {
1095
                    sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1096
                        "INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)
1097
                         VALUES ('&1', '&2', '&3', '&4')",
1098
                        OBJECT_CACHEDESC,
1099
                        $desc['id'],
1100
                        1,
1101
                        $desc['desc']
1102
                    );
1103
                }
1104 View Code Duplication
                if ($desc['hint'] != '') {
1105
                    sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1106
                        "INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)
1107
                         VALUES ('&1', '&2', '&3', '&4')",
1108
                        OBJECT_CACHEDESC,
1109
                        $desc['id'],
1110
                        2,
1111
                        $desc['hint']
1112
                    );
1113
                }
1114
1115
                if ($desc['desc'] != '') {
1116
                    if ($old_disabled) {
1117
                        $descmsg = $translate->t("cache description was removed because the owner's account was inactive when the <a href='articles.php?page=impressum#datalicense'>new content license</a> was launched", '', basename(__FILE__), __LINE__, '', 1, $desc['language']);
1118
                    } else {
1119
                        $descmsg = $translate->t('cache description was removed because owner declined content license', '', basename(__FILE__), __LINE__, '', 1, $desc['language']);
1120
                    }
1121
                } else {
1122
                    $descmsg = '';
1123
                }
1124
1125
                sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1126
                    'UPDATE `cache_desc` ' .
1127
                    "SET `desc`='&1',`hint`='&2' " .
1128
                    "WHERE `id`='&3'",
1129
                    '<em>' . $descmsg . '</em>',
1130
                    '',
1131
                    $desc['id']
1132
                );
1133
            }
1134
1135
            // replace pictures
1136
            $errmesg = $this->replace_pictures(OBJECT_CACHE);
1137
            if ($errmesg !== true) {
1138
                return "removing cache pictures: $errmesg";
1139
            }
1140
        }
1141
1142
        // delete additional waypoint texts
1143
        $rs = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1144
            "SELECT `id`, `description` FROM `coordinates`
1145
             WHERE `type`='&1'
1146
             AND `cache_id` IN (SELECT `cache_id` FROM `caches` WHERE `user_id`='&2')",
1147
            COORDINATE_WAYPOINT,
1148
            $this->getUserId()
1149
        );
1150
        while ($wp = sql_fetch_assoc($rs)) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_fetch_assoc() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1151
            if ($wp['description'] != '') {
1152
                sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1153
                    "INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)
1154
                     VALUES ('&1', '&2', '&3', '&4')",
1155
                    OBJECT_WAYPOINT,
1156
                    $wp['id'],
1157
                    0,
1158
                    $wp['description']
1159
                );
1160
            }
1161
1162
            sql("UPDATE `coordinates` SET `description`='' WHERE `id`='&1'", $wp['id']);
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1163
        }
1164
        sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1165
1166
        /*
1167
         * set all cache_logs '', save old texts and delete pictures
1168
         */
1169
        $rs = sql("SELECT `id`, `text` FROM `cache_logs` WHERE `user_id`='&1'", $this->getUserId());
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1170
        while ($log = sql_fetch_array($rs, MYSQLI_ASSOC)) {
0 ignored issues
show
Documentation introduced by
$rs is of type object<mysqli_result>, but the function expects a resource.

It seems like the type of the argument is not accepted by the function/method which you are calling.

In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.

We suggest to add an explicit type cast like in the following example:

function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
Loading history...
Unused Code introduced by
The call to sql_fetch_array() has too many arguments starting with MYSQLI_ASSOC.

This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.

In this case you can add the @ignore PhpDoc annotation to the duplicate definition and it will be ignored.

Loading history...
Deprecated Code introduced by
The function sql_fetch_array() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1171
            // save text - added 2013/03/18 to be enable restoring data on reactivation
1172
            // of accounts that were disabled before license transition
1173
            sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1174
                "INSERT IGNORE INTO `saved_texts` (`object_type`, `object_id`, `subtype`, `text`)
1175
                 VALUES ('&1', '&2', '&3', '&4')",
1176
                OBJECT_CACHELOG,
1177
                $log['id'],
1178
                0,
1179
                $log['text']
1180
            );
1181
1182
            // set text ''
1183
            sql("UPDATE `cache_logs` SET `text`='' WHERE `id`='&1'", $log['id']);
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1184
1185
            /*
1186
            // replace pictures
1187
            $errmesg = $this->replace_pictures(OBJECT_CACHELOG);
1188
            if ($errmesg !== true)
1189
                return "removing log pictures: $errmesg";
1190
            */
1191
1192
            // delete log pictures
1193
            $rsp = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1194
                "SELECT `id` FROM `pictures`
1195
                 WHERE `object_type`='&1' AND `object_id`='&2'",
1196
                OBJECT_CACHELOG,
1197
                $log['id']
1198
            );
1199
            while ($pic = sql_fetch_assoc($rsp)) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_fetch_assoc() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1200
                $picture = new picture($pic['id']);
1201
                $picture->delete();
1202
            }
1203
            sql_free_result($rsp);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1204
        }
1205
        sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1206
1207
        // discard achived logs' texts
1208
        sql("UPDATE `cache_logs_archived` SET `text`='' WHERE `user_id`='&1'", $this->getUserId());
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1209
1210
        // success
1211
        return true;
0 ignored issues
show
Bug Best Practice introduced by
The return type of return true; (boolean) is incompatible with the return type documented by user::disduelicense of type string.

If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.

Let’s take a look at an example:

class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}

Our function my_function expects a Post object, and outputs the author of the post. The base class Post returns a simple string and outputting a simple string will work just fine. However, the child class BlogPost which is a sub-type of Post instead decided to return an object, and is therefore violating the SOLID principles. If a BlogPost were passed to my_function, PHP would not complain, but ultimately fail when executing the strtoupper call in its body.

Loading history...
1212
    }
1213
1214
    /**
1215
     * replaces all pictures of $this-user with a dummy for the given object-type
1216
     *
1217
     * @param int $object_type object_types-id from table object_types
1218
     *
1219
     * @return bool true, if replacement worked, false otherwise
1220
     */
1221
    public function replace_pictures($object_type)
1222
    {
1223
        // get optionsarray
1224
        global $opt;
1225
1226
        // load bmp-support
1227
        require_once __DIR__ . '/../imagebmp.inc.php';
1228
1229
        // paths cleared by trailing '/'
1230
        if (substr($opt['logic']['pictures']['dir'], - 1) != '/') {
1231
            $picpath = $opt['logic']['pictures']['dir'];
1232
        } else {
1233
            $picpath = substr($opt['logic']['pictures']['dir'], 0, - 1);
1234
        }
1235
1236
        $thumbpath = "$picpath/thumbs";
1237
1238
        $pdummy = isset($opt['logic']['pictures']['dummy']);
1239 View Code Duplication
        if ($pdummy && isset($opt['logic']['pictures']['dummy']['bgcolor']) && is_array($opt['logic']['pictures']['dummy']['bgcolor'])) {
1240
            $dummybg = $opt['logic']['pictures']['dummy']['bgcolor'];
1241
        } else {
1242
            $dummybg = [
1243
                255,
1244
                255,
1245
                255,
1246
            ];
1247
        }
1248
1249 View Code Duplication
        if ($pdummy && isset($opt['logic']['pictures']['dummy']['text'])) {
1250
            $dummytext = $opt['logic']['pictures']['dummy']['text'];
1251
        } else {
1252
            $dummytext = '';
1253
        }
1254
1255 View Code Duplication
        if ($pdummy && isset($opt['logic']['pictures']['dummy']['textcolor']) && is_array($opt['logic']['pictures']['dummy']['textcolor'])) {
1256
            $dummytextcolor = $opt['logic']['pictures']['dummy']['textcolor'];
1257
        } else {
1258
            $dummytextcolor = array(
1259
                0,
1260
                0,
1261
                0,
1262
            );
1263
        }
1264
1265
        $tmh = 0;
0 ignored issues
show
Unused Code introduced by
$tmh is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
1266
        $tmw = 0;
0 ignored issues
show
Unused Code introduced by
$tmw is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
1267
1268
        /*
1269
         * check log or cache
1270
         */
1271
        if ($object_type == OBJECT_CACHE) {
1272
            // get filenames of the pictures of $this' caches
1273
            $rs = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1274
                'SELECT `pictures`.`url` ' .
1275
                'FROM `pictures`,`caches` ' .
1276
                'WHERE `caches`.`cache_id`=`pictures`.`object_id`' .
1277
                " AND `pictures`.`object_type`='&1' AND `caches`.`user_id`='&2'",
1278
                OBJECT_CACHE,
1279
                $this->getUserId()
1280
            );
1281
        } elseif ($object_type == OBJECT_CACHELOG) {
1282
            // get filenames of the pictures of $this' logs
1283
            $rs = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1284
                'SELECT `pictures`.`url` ' .
1285
                'FROM `pictures`,`cache_logs` ' .
1286
                'WHERE `cache_logs`.`id`=`pictures`.`object_id`' .
1287
                " AND `pictures`.`object_type`='&1' AND `cache_logs`.`user_id`='&2'",
1288
                OBJECT_CACHELOG,
1289
                $this->getUserId()
1290
            );
1291
        }
1292
1293
        // set thumb-dimensions
1294
        $tmh = $opt['logic']['pictures']['thumb_max_height'];
1295
        $tmw = $opt['logic']['pictures']['thumb_max_width'];
1296
1297
        $filenames = array();
1298
        while ($url = sql_fetch_array($rs, MYSQLI_NUM)) {
0 ignored issues
show
Bug introduced by
The variable $rs does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
Documentation introduced by
$rs is of type object<mysqli_result>, but the function expects a resource.

It seems like the type of the argument is not accepted by the function/method which you are calling.

In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.

We suggest to add an explicit type cast like in the following example:

function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
Loading history...
Unused Code introduced by
The call to sql_fetch_array() has too many arguments starting with MYSQLI_NUM.

This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.

In this case you can add the @ignore PhpDoc annotation to the duplicate definition and it will be ignored.

Loading history...
Deprecated Code introduced by
The function sql_fetch_array() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1299
            $filenames[] = substr($url['url'], - 40);
1300
        }
1301
1302
        // free result
1303
        sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1304
1305
        /*
1306
         * walk through filenames and replace original
1307
         */
1308
        // check if there is something to replace
1309
        if (count($filenames) > 0) {
1310
            foreach ($filenames as $fn) {
1311
                // get uuid and extension
1312
                $uuid = substr($fn, 0, 36);
1313
                $ext = substr($fn, - 3);
1314
                $thumb_dir1 = substr($uuid, 0, 1);
1315
                $thumb_dir2 = substr($uuid, 1, 1);
1316
1317
                // read original size
1318
                if (file_exists("$picpath/$fn")) {
1319
                    list($w, $h, $t, $attr) = getimagesize("$picpath/$fn");
0 ignored issues
show
Unused Code introduced by
The assignment to $t is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
Unused Code introduced by
The assignment to $attr is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
1320
                } else {
1321
                    $w = 600;
1322
                    $h = 480;
1323
                }
1324
1325
                // create new image
1326
                $im = imagecreatetruecolor($w, $h);
1327
                // allocate colors
1328
                $col_bg = imagecolorallocate($im, $dummybg[0], $dummybg[1], $dummybg[2]);
1329
                $col_text = imagecolorallocate($im, $dummytextcolor[0], $dummytextcolor[1], $dummytextcolor[2]);
1330
1331
                // fill bg
1332
                imagefill($im, 0, 0, $col_bg);
1333
1334
                // check for replacement-image
1335
                if ($pdummy && isset($opt['logic']['pictures']['dummy']['replacepic'])
1336
                    && $opt['logic']['pictures']['dummy']['replacepic'] != $opt['rootpath'] . 'images/'
1337
                    && file_exists($opt['logic']['pictures']['dummy']['replacepic'])
1338
                ) {
1339
                    // get dimensions of the replacement
1340
                    list($rw, $rh, $rt, $rattr) = getimagesize($opt['logic']['pictures']['dummy']['replacepic']);
0 ignored issues
show
Unused Code introduced by
The assignment to $rt is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
Unused Code introduced by
The assignment to $rattr is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
1341
                    $rwh = 0;
0 ignored issues
show
Unused Code introduced by
$rwh is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
1342
                    if ($rw > $rh) {
1343
                        $rwh = $rh;
1344
                    } else {
1345
                        $rwh = $rw;
1346
                    }
1347
1348
                    // check dimensions of original and set replacement size
1349
                    $rsize = 0;
0 ignored issues
show
Unused Code introduced by
$rsize is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
1350
                    if ($w > $h) {
1351
                        if (($h * 0.85) > $rwh) {
1352
                            $rsize = $rwh;
1353
                        } else {
1354
                            $rsize = $h * 0.9;
1355
                        }
1356
                    } else {
1357
                        if (($w * 0.85) > $rwh) {
1358
                            $rsize = $rwh;
1359
                        } else {
1360
                            $rsize = $w * 0.9;
1361
                        }
1362
                    }
1363
                    $dx = ($w - $rsize) / 2;
1364
                    $dy = ($h - $rsize) / 2;
1365
1366
                    // get replacement image
1367
                    $rext = substr($opt['logic']['pictures']['dummy']['replacepic'], - 3);
1368
                    $rim = null;
1369
                    if ($rext == 'jpg') {
1370
                        $rim = imagecreatefromjpeg($opt['logic']['pictures']['dummy']['replacepic']);
1371 View Code Duplication
                    } elseif ($rext == 'png') {
1372
                        $rim = imagecreatefrompng($opt['logic']['pictures']['dummy']['replacepic']);
1373
                    } elseif ($rext == 'gif') {
1374
                        $rim = imagecreatefromgif($opt['logic']['pictures']['dummy']['replacepic']);
1375 View Code Duplication
                    } elseif ($rext == 'bmp') {
1376
                        $rim = imagecreatefrombmp($opt['logic']['pictures']['dummy']['replacepic']);
1377
                    }
1378
1379
                    // copy image
1380
                    if (null !== $rim) {
1381
                        imagecopyresampled($im, $rim, $dx, $dy, 0, 0, $rsize, $rsize, $rw, $rh);
1382
                    }
1383
                } else {
1384
                    // set text
1385
                    if ($dummytext != '') {
1386
                        imagestring($im, 1, 10, $h / 2, $dummytext, $col_text);
1387
                    } else {
1388
                        imageline($im, 0, 0, $w, $h, 0xff0000);
1389
                        imageline($im, 0, $h, $w, 0, 0xff0000);
1390
                    }
1391
                }
1392
1393
                // save dummy
1394
                if ($ext == 'jpg') {
1395
                    if (!imagejpeg($im, "$picpath/$fn", 75)) {
1396
                        return "save dummy failed [$ext]";
1397
                    }
1398
                } elseif ($ext == 'png') {
1399
                    if (!imagepng($im, "$picpath/$fn", 4)) {
1400
                        return "save dummy failed [$ext]";
1401
                    }
1402
                } elseif ($ext == 'gif') {
1403
                    if (!imagegif($im, "$picpath/$fn")) {
1404
                        return "save dummy failed [$ext]";
1405
                    }
1406
                } elseif ($ext == 'bmp') {
1407
                    if (!imagebmp($im, "$picpath/$fn")) {
1408
                        return "save dummy failed [$ext]";
1409
                    }
1410
                } else {
1411
                    return "save dummy failed [$ext], unknown extension";
1412
                }
1413
1414
                // set thumb-dimensions
1415
                if (($h > $tmh) || ($w > $tmw)) {
1416
                    if ($h > $w) {
1417
                        $th = $tmh;
1418
                        $tw = $w * ($th / $h);
1419
                    } else {
1420
                        $tw = $tmw;
1421
                        $th = $h * ($tw / $w);
1422
                    }
1423
                } else {
1424
                    $tw = $w;
1425
                    $th = $h;
1426
                }
1427
1428
                // copy dummy
1429
                $tim = imagecreatetruecolor($tw, $th);
1430
                imagecopyresampled($tim, $im, 0, 0, 0, 0, $tw, $th, $w, $h);
1431
1432
                // check directories or create them
1433 View Code Duplication
                if (!file_exists("$thumbpath/$thumb_dir1")) {
1434
                    if (!mkdir("$thumbpath/$thumb_dir1")) {
1435
                        return 'mkdir in thumbpath failed';
0 ignored issues
show
Bug Best Practice introduced by
The return type of return 'mkdir in thumbpath failed'; (string) is incompatible with the return type documented by user::replace_pictures of type boolean.

If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.

Let’s take a look at an example:

class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}

Our function my_function expects a Post object, and outputs the author of the post. The base class Post returns a simple string and outputting a simple string will work just fine. However, the child class BlogPost which is a sub-type of Post instead decided to return an object, and is therefore violating the SOLID principles. If a BlogPost were passed to my_function, PHP would not complain, but ultimately fail when executing the strtoupper call in its body.

Loading history...
1436
                    }
1437
                }
1438 View Code Duplication
                if (!file_exists("$thumbpath/$thumb_dir1/$thumb_dir2")) {
1439
                    if (!mkdir("$thumbpath/$thumb_dir1/$thumb_dir2")) {
1440
                        return 'mkdir in thumbpath failed';
0 ignored issues
show
Bug Best Practice introduced by
The return type of return 'mkdir in thumbpath failed'; (string) is incompatible with the return type documented by user::replace_pictures of type boolean.

If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.

Let’s take a look at an example:

class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}

Our function my_function expects a Post object, and outputs the author of the post. The base class Post returns a simple string and outputting a simple string will work just fine. However, the child class BlogPost which is a sub-type of Post instead decided to return an object, and is therefore violating the SOLID principles. If a BlogPost were passed to my_function, PHP would not complain, but ultimately fail when executing the strtoupper call in its body.

Loading history...
1441
                    }
1442
                }
1443
1444
                // save thumb
1445
                if ($ext == 'jpg') {
1446
                    if (!imagejpeg($tim, "$thumbpath/$thumb_dir1/$thumb_dir2/$fn", 75)) {
1447
                        return "save thumb failed [$ext]";
1448
                    }
1449 View Code Duplication
                } elseif ($ext == 'png') {
1450
                    if (!imagepng($tim, "$thumbpath/$thumb_dir1/$thumb_dir2/$fn", 4)) {
1451
                        return "save thumb failed [$ext]";
1452
                    }
1453
                } elseif ($ext == 'gif') {
1454
                    if (!imagegif($tim, "$thumbpath/$thumb_dir1/$thumb_dir2/$fn")) {
1455
                        return "save thumb failed [$ext]";
1456
                    }
1457 View Code Duplication
                } elseif ($ext == 'bmp') {
1458
                    if (!imagebmp($tim, "$thumbpath/$thumb_dir1/$thumb_dir2/$fn")) {
1459
                        return "save thumb failed [$ext]";
1460
                    }
1461
                } else {
1462
                    return "save thumb failed [$ext], unknown extension";
1463
                }
1464
            }
1465
        }
1466
1467
        // success
1468
        return true;
1469
    }
1470
1471
    public function canGdprDelete(): bool
1472
    {
1473
        global $login;
1474
        $login->verify();
1475
1476
        return !($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER);
1477
    }
1478
1479
    public function canDelete()
1480
    {
1481
        global $login;
1482
        $login->verify();
1483
1484
        if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) {
1485
            return false;
1486
        }
1487
1488
        return
1489
            sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $this->nUserId)
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1490
            + sql_value("SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`='&1'", 0, $this->nUserId)
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1491
            + sql_value("SELECT COUNT(*) FROM `cache_logs_archived` WHERE `user_id`='&1'", 0, $this->nUserId)
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1492
            + sql_value("SELECT COUNT(*) FROM `cache_reports` WHERE `userid`='&1'", 0, $this->nUserId)
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1493
            == 0;
1494
    }
1495
1496
    public function delete()
1497
    {
1498
        global $login;
1499
1500
        if ($this->canDelete() == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
1501
            return false;
1502
        }
1503
1504
        // write old record to log
1505
        $backup = array();
1506
        $backup['username'] = $this->getUsername();
1507
        $backup['email'] = $this->getEMail();
1508
        $backup['last_name'] = $this->getLastName();
1509
        $backup['first_name'] = $this->getFirstName();
1510
1511
        sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1512
            "INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`)
1513
             VALUES ('user', 7, '&1', '&2', '&3', '&4', '&5')",
1514
            $login->userid,
1515
            $this->nUserId,
1516
            0,
1517
            'User ' . sql_escape($this->getUsername()) . ' deleted',
0 ignored issues
show
Deprecated Code introduced by
The function sql_escape() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1518
            serialize($backup)
1519
        );
1520
1521
        sql('SET @allowdelete=1');
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1522
        sql("DELETE FROM `user` WHERE `user_id`='&1'", $this->nUserId);
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1523
        // all data in depending tables is cleared via trigger
1524
1525
        $this->reload();
1526
1527
        return true;
1528
    }
1529
1530
    // email bounce processing
1531
    public function addEmailProblem($licenseEmail = false)
1532
    {
1533
        // mailing_problems is a bit-flag field to remember nonDelivered, important mailings
1534
        if ($licenseEmail) {
1535
            if (!$this->reUser->setValue('mailing_problems', $this->reUser->getValue('mailing_problems') | 1)) {
1536
                return false;
1537
            }
1538
        }
1539
1540
        return $this->reUser->setValue('email_problems', $this->getEmailProblems() + 1) &&
1541
        $this->reUser->setValue('last_email_problem', date('Y-m-d H:i:s')) &&
1542
        $this->save();
1543
    }
1544
1545
    public function getEmailProblems()
1546
    {
1547
        // see also common.inc.php "SELECT `email_problems`"
1548
        return $this->reUser->getValue('email_problems');
1549
    }
1550
1551
    public function getDataLicense()
1552
    {
1553
        return $this->reUser->getValue('data_license');
1554
    }
1555
1556
    public function getLicenseDeclined()
1557
    {
1558
        return $this->getDataLicense() == NEW_DATA_LICENSE_ACTIVELY_DECLINED ||
1559
        $this->getDataLicense() == NEW_DATA_LICENSE_PASSIVELY_DECLINED;
1560
    }
1561
1562
    public function missedDataLicenseMail()
1563
    {
1564
        return $this->reUser->getValue('mailing_problems') & 1;
1565
    }
1566
1567
    public function shownDataLicenseMail()
1568
    {
1569
        return
1570
            $this->reUser->setValue('mailing_problems', $this->reUser->getValue('mailing_problems') & ~1)
1571
            && $this->save();
1572
    }
1573
1574
    public function confirmEmailAddress()
1575
    {
1576
        return $this->reUser->setValue('email_problems', 0) && $this->save();
1577
    }
1578
1579
    public function reload(): void
1580
    {
1581
        $this->reUser->reload();
1582
        $this->reUserStat->reload();
1583
    }
1584
1585
    public function getGivenRatings()
1586
    {
1587
        // get number of cache ratings for this user
1588
        return sql_value(
0 ignored issues
show
Deprecated Code introduced by
The function sql_value() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1589
            "SELECT COUNT(`user_id`)
1590
             FROM `cache_rating`
1591
             WHERE `user_id`='&1'",
1592
            0,
1593
            $this->getUserId()
1594
        );
1595
    }
1596
1597
    public function getRatingParameters(): array
1598
    {
1599
        global $opt;
1600
1601
        $findsPerRating = $opt['logic']['rating']['findsPerRating'];
1602
        $finds = $this->getStatFound();
1603
        $ratings = $this->getGivenRatings();
1604
1605
        return [
1606
            'maxRatings' => floor($finds / $findsPerRating),
1607
            'givenRatings' => $ratings,
1608
            'findsUntilNextRating' => ($ratings + 1) * $findsPerRating - $finds,
1609
        ];
1610
    }
1611
1612
    public function allowRatings()
1613
    {
1614
        $ratingParams = $this->getRatingParameters();
1615
1616
        return $ratingParams['givenRatings'] < $ratingParams['maxRatings'];
1617
    }
1618
1619
    public function showStatFounds()
1620
    {
1621
        // whether to show the number of founds on log page
1622
        // TODO: make customisable in user profile, see #241
1623
        return false;
1624
    }
1625
1626
    public function guessLanguage()
1627
    {
1628
        global $opt;
1629
1630
        $language = false;
1631
1632
        // If the user has selected a country and a translation is available for
1633
        // that country's primary language, use this language.
1634
1635
        $country = $this->getCountryCode();
1636
        if ($country) {
1637
            foreach ($opt['locale'] as $code => $props) {
1638
                if ($props['mostly_translated'] && in_array($country, $props['primary_lang_of'])) {
1639
                    $language = $code;
1640
                }
1641
            }
1642
        }
1643
1644
        if (!$language) {
1645
            // If the user has logged caches with at least three descriptions,
1646
            // at least 65% of those descriptions have the same language,
1647
            // and a translation is available for that language, use it.
1648
1649
            $rs = sql(
0 ignored issues
show
Deprecated Code introduced by
The function sql() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1650
                "
1651
                SELECT COUNT(*) AS `count`, `cache_desc`.`language`
1652
                FROM `cache_logs`
1653
                JOIN `cache_desc` ON `cache_desc`.`cache_id`=`cache_logs`.`cache_id`
1654
                WHERE `cache_logs`.`user_id`='&1'
1655
                GROUP BY `cache_desc`.`language`
1656
                ORDER BY `count` DESC",
1657
                $this->nUserId
1658
            );
1659
            $total = 0;
1660
            while ($r = sql_fetch_assoc($rs)) {
0 ignored issues
show
Deprecated Code introduced by
The function sql_fetch_assoc() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1661
                if ($total == 0) {
1662
                    $first = $r;
1663
                }
1664
                $total += $r['count'];
1665
            }
1666
            sql_free_result($rs);
0 ignored issues
show
Deprecated Code introduced by
The function sql_free_result() has been deprecated with message: use DBAL Conenction instead. See adminreports.php for an example implementation

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
1667
            $locale = $opt['locale'];
1668
            if ($total >= 3 && $first['count'] / $total >= 0.65) {
1669
                if (isset($locale[$first['language']]) && $locale[$first['language']]['mostly_translated']) {
1670
                    $language = $first['language'];
0 ignored issues
show
Bug introduced by
The variable $first does not seem to be defined for all execution paths leading up to this point.

If you define a variable conditionally, it can happen that it is not defined for all execution paths.

Let’s take a look at an example:

function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.

Available Fixes

  1. Check for existence of the variable explicitly:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        if (isset($x)) { // Make sure it's always set.
            echo $x;
        }
    }
    
  2. Define a default value for the variable:

    function myFunction($a) {
        $x = ''; // Set a default which gets overridden for certain paths.
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
        }
    
        echo $x;
    }
    
  3. Add a value for the missing path:

    function myFunction($a) {
        switch ($a) {
            case 'foo':
                $x = 1;
                break;
    
            case 'bar':
                $x = 2;
                break;
    
            // We add support for the missing case.
            default:
                $x = '';
                break;
        }
    
        echo $x;
    }
    
Loading history...
1671
                }
1672
            }
1673
        }
1674
1675
        return $language;
1676
    }
1677
}
1678