These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see LICENSE.md |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | require __DIR__ . '/lib2/web.inc.php'; |
||
7 | |||
8 | $tpl->name = 'adoptcache'; |
||
9 | $tpl->menuitem = MNU_CACHES_ADOPT; |
||
10 | |||
11 | $login->verify(); |
||
12 | if ($login->userid == 0) { |
||
13 | $tpl->redirect_login(); |
||
14 | } |
||
15 | |||
16 | $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'listbyuser'; |
||
17 | $cacheId = isset($_REQUEST['cacheid']) ? (int) $_REQUEST['cacheid'] : 0; |
||
18 | $tpl->assign('action', $action); |
||
19 | $tpl->assign('error', ''); |
||
20 | if (isset($_REQUEST['cacheid'])) { |
||
21 | $tpl->assign('cacheid', (int) $_REQUEST['cacheid']); |
||
22 | } |
||
23 | |||
24 | if ($action === 'listbycache') { |
||
25 | listRequestsByCacheId($cacheId); |
||
26 | } elseif ($action === 'add') { |
||
27 | $tpl->assign('action', 'listbycache'); |
||
28 | |||
29 | $tou = isset($_REQUEST['tou']) ? (int) $_REQUEST['tou'] : 0; |
||
30 | $submit = isset($_REQUEST['submit']) ? (int) $_REQUEST['submit'] : 0; |
||
31 | |||
32 | $username = isset($_REQUEST['username']) ? $_REQUEST['username'] : ''; |
||
33 | $tpl->assign('adoptusername', $username); |
||
34 | |||
35 | if ($submit === 1) { |
||
36 | $userId = (int) sql_value("SELECT `user_id` FROM `user` WHERE `username`='&1'", 0, $username); |
||
37 | if ($userId === 0) { |
||
38 | $tpl->assign('error', 'userunknown'); |
||
39 | } elseif ($tou !== 1) { |
||
40 | $tpl->assign('error', 'tou'); |
||
41 | } else { |
||
42 | addRequest($cacheId, $userId); |
||
43 | } |
||
44 | } |
||
45 | |||
46 | listRequestsByCacheId($cacheId); |
||
47 | } elseif ($action === 'cancel') { |
||
48 | $userId = isset($_REQUEST['userid']) ? (int) $_REQUEST['userid']: 0; |
||
49 | cancelRequest($cacheId, $userId); |
||
50 | } elseif ($action === 'commit') { |
||
51 | $submit = isset($_REQUEST['submit']) ? (int) $_REQUEST['submit'] : 0; |
||
52 | $tou = isset($_REQUEST['tou']) ? (int) $_REQUEST['tou'] : 0; |
||
53 | |||
54 | if ($submit === 1 && $tou === 1) { |
||
55 | commitRequest($cacheId); |
||
56 | } else { |
||
57 | showAdoptScreen($cacheId, $submit); |
||
58 | } |
||
59 | } else { |
||
60 | $tpl->assign('action', 'listbyuser'); |
||
61 | listRequestsByUserId(); |
||
62 | } |
||
63 | |||
64 | $tpl->error(ERROR_UNKNOWN); |
||
65 | |||
66 | /** |
||
67 | * @param $cacheId |
||
68 | * @param $touError |
||
69 | */ |
||
70 | function showAdoptScreen($cacheId, $touError) |
||
71 | { |
||
72 | global $tpl, $login; |
||
73 | |||
74 | $rs = sql( |
||
75 | "SELECT `caches`.`name`, |
||
76 | `user`.`username`, |
||
77 | `cache_adoption`.`date_created` |
||
78 | FROM `caches` |
||
79 | INNER JOIN `user` ON `caches`.`user_id`=`user`.`user_id` |
||
80 | INNER JOIN `cache_adoption` ON `caches`.`cache_id`=`cache_adoption`.`cache_id` |
||
81 | WHERE `caches`.`cache_id`='&1' |
||
82 | AND `cache_adoption`.`user_id`='&2'", |
||
83 | $cacheId, |
||
84 | $login->userid |
||
85 | ); |
||
86 | $r = sql_fetch_assoc($rs); |
||
87 | if ($r === false) { |
||
88 | $tpl->error(ERROR_NO_ACCESS); |
||
89 | } |
||
90 | |||
91 | $tpl->assign('cache', $r); |
||
92 | sql_free_result($rs); |
||
93 | |||
94 | if ($touError != 0) { |
||
95 | $tpl->assign('error', 'tou'); |
||
96 | } |
||
97 | |||
98 | $tpl->display(); |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * @param $cacheId |
||
103 | */ |
||
104 | function listRequestsByCacheId($cacheId) |
||
105 | { |
||
106 | global $tpl, $login; |
||
107 | |||
108 | // cache exists? |
||
109 | $cache = new cache($cacheId); |
||
110 | if ($cache->exist() == false) { |
||
0 ignored issues
–
show
|
|||
111 | $tpl->error(ERROR_CACHE_NOT_EXISTS); |
||
112 | } |
||
113 | |||
114 | // is the current user the owner of the cache? |
||
115 | if ($cache->getUserId() != $login->userid) { |
||
116 | $tpl->error(ERROR_NO_ACCESS); |
||
117 | } |
||
118 | |||
119 | $rs = sql( |
||
120 | "SELECT |
||
121 | `caches`.`cache_id` AS `id`, |
||
122 | `user`.`user_id` AS `userid`, |
||
123 | `user`.`username` AS `username`, |
||
124 | `cache_adoption`.`date_created` |
||
125 | FROM `caches` |
||
126 | INNER JOIN `cache_adoption` |
||
127 | ON `caches`.`cache_id` = `cache_adoption`.`cache_id` |
||
128 | INNER JOIN `user` |
||
129 | ON `cache_adoption`.`user_id`=`user`.`user_id` |
||
130 | WHERE `caches`.`cache_id`='&1'", |
||
131 | $cacheId |
||
132 | ); |
||
133 | $tpl->assign_rs('adoptions', $rs); |
||
134 | sql_free_result($rs); |
||
135 | |||
136 | $tpl->assign('cachename', $cache->getName()); |
||
137 | |||
138 | $tpl->display(); |
||
139 | } |
||
140 | |||
141 | View Code Duplication | function listRequestsByUserId() |
|
142 | { |
||
143 | global $tpl, $login; |
||
144 | |||
145 | $tpl->menuitem = MNU_MYPROFILE_ADOPT; |
||
146 | |||
147 | $rs = sql( |
||
148 | "SELECT |
||
149 | `caches`.`cache_id` AS `id`, |
||
150 | `caches`.`name` AS `cachename`, |
||
151 | `user`.`user_id` AS `ownerid`, |
||
152 | `user`.`username` AS `ownername`, |
||
153 | `cache_adoption`.`date_created` |
||
154 | FROM `caches` |
||
155 | INNER JOIN `cache_adoption` |
||
156 | ON `caches`.`cache_id` = `cache_adoption`.`cache_id` |
||
157 | INNER JOIN `user` |
||
158 | ON `caches`.`user_id`=`user`.`user_id` |
||
159 | WHERE `cache_adoption`.`user_id`='&1'", |
||
160 | $login->userid |
||
161 | ); |
||
162 | $tpl->assign_rs('adoptions', $rs); |
||
163 | sql_free_result($rs); |
||
164 | |||
165 | $tpl->display(); |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * @param $cacheId |
||
170 | * @param $userId |
||
171 | */ |
||
172 | function addRequest($cacheId, $userId) |
||
173 | { |
||
174 | global $tpl; |
||
175 | |||
176 | // cache exists? |
||
177 | $cache = new cache($cacheId); |
||
178 | if ($cache->exist() == false) { |
||
0 ignored issues
–
show
|
|||
179 | $tpl->error(ERROR_CACHE_NOT_EXISTS); |
||
180 | } |
||
181 | |||
182 | $adopt_result = $cache->addAdoption($userId); |
||
183 | if ($adopt_result === true) { |
||
184 | $tpl->redirect('adoptcache.php?action=listbycache&cacheid=' . $cacheId); |
||
185 | } else { |
||
186 | $tpl->assign('error', $adopt_result); |
||
187 | listRequestsByCacheId($cacheId); |
||
188 | } |
||
189 | } |
||
190 | |||
191 | /** |
||
192 | * @param $cacheId |
||
193 | */ |
||
194 | function commitRequest($cacheId) |
||
195 | { |
||
196 | global $tpl, $login; |
||
197 | |||
198 | // cache exists? |
||
199 | $cache = new cache($cacheId); |
||
200 | if ($cache->exist() == false) { |
||
0 ignored issues
–
show
|
|||
201 | $tpl->error(ERROR_CACHE_NOT_EXISTS); |
||
202 | } |
||
203 | |||
204 | if ($cache->commitAdoption($login->userid) == false) { |
||
0 ignored issues
–
show
|
|||
205 | $tpl->error(ERROR_UNKNOWN); |
||
206 | } |
||
207 | |||
208 | $tpl->redirect('viewcache.php?cacheid=' . $cacheId); |
||
209 | } |
||
210 | |||
211 | /** |
||
212 | * @param $cacheId |
||
213 | * @param $userId |
||
214 | */ |
||
215 | function cancelRequest($cacheId, $userId) |
||
216 | { |
||
217 | global $tpl, $login; |
||
218 | |||
219 | // cache exists? |
||
220 | $cache = new cache($cacheId); |
||
221 | if ($cache->exist() == false) { |
||
0 ignored issues
–
show
|
|||
222 | $tpl->error(ERROR_CACHE_NOT_EXISTS); |
||
223 | } |
||
224 | |||
225 | if ($cache->allowEdit() == false && $login->userid != $userId) { |
||
0 ignored issues
–
show
|
|||
226 | $tpl->error(ERROR_NO_ACCESS); |
||
227 | } |
||
228 | |||
229 | if ($cache->cancelAdoption($userId) == false) { |
||
0 ignored issues
–
show
|
|||
230 | $tpl->error(ERROR_UNKNOWN); |
||
231 | } |
||
232 | |||
233 | if ($userId == $login->userid) { |
||
234 | $tpl->redirect('adoptcache.php'); |
||
235 | } else { |
||
236 | $tpl->redirect('adoptcache.php?action=listbycache&cacheid=' . $cacheId); |
||
237 | } |
||
238 | } |
||
239 |
When comparing two booleans, it is generally considered safer to use the strict comparison operator.