Test Failed
Push — master ( 1356cb...6b9f63 )
by kill
14:10 queued 04:09
created

function.php ➔ data_auth_sign()   A

Complexity

Conditions 2
Paths 2

Size

Total Lines 12
Code Lines 7

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 2
eloc 7
nc 2
nop 1
dl 0
loc 12
rs 9.4285
c 0
b 0
f 0
1
<?php
2
3
/**
4
 * 获取客户端IP地址
5
 * @param integer $type 返回类型 0 返回IP地址 1 返回IPV4地址数字
6
 * @param boolean $adv 是否进行高级模式获取(有可能被伪装)
7
 * @return mixed
8
 */
9
function get_client_ip($type = 0, $adv = true)
0 ignored issues
show
Coding Style introduced by
get_client_ip uses the super-global variable $_SERVER which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
10
{
11
    $type = $type ? 1 : 0;
12
    static $ip = null;
13
    if (null !== $ip) {
14
        return $ip[$type];
15
    }
16
    if ($adv) {
17
        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
18
            $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
19
            $pos = array_search('unknown', $arr);
20
            if (false !== $pos) {
21
                unset($arr[$pos]);
22
            }
23
            $ip = trim($arr[0]);
24
        } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
25
            $ip = $_SERVER['HTTP_CLIENT_IP'];
26
        } elseif (isset($_SERVER['REMOTE_ADDR'])) {
27
            $ip = $_SERVER['REMOTE_ADDR'];
28
        }
29
    } elseif (isset($_SERVER['REMOTE_ADDR'])) {
30
        $ip = $_SERVER['REMOTE_ADDR'];
31
    }
32
    // IP地址合法验证
33
    $long = sprintf("%u", ip2long($ip));
34
    $ip = $long ? array($ip, $long) : array('0.0.0.0', 0);
35
    return $ip[$type];
36
}
37
//2为直接输出数组
38
function show_json($arr,$type=2)
39
{
40
    if(isset($arr['status']) && $type==2){
41
        $ret=$arr;
42
    }
43
    else{
44
        $ret['status'] = $type;
0 ignored issues
show
Coding Style Comprehensibility introduced by
$ret was never initialized. Although not strictly required by PHP, it is generally a good practice to add $ret = array(); before regardless.

Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code.

Let’s take a look at an example:

foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}

As you can see in this example, the array $myArray is initialized the first time when the foreach loop is entered. You can also see that the value of the bar key is only written conditionally; thus, its value might result from a previous iteration.

This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.

Loading history...
45
        $ret['data'] = $arr;
46
    }
47
48
    $obj = json_encode($ret);
49
    header('Content-Type: application/json');
50
    echo $obj;
51
    exit();
0 ignored issues
show
Coding Style Compatibility introduced by
The function show_json() contains an exit expression.

An exit expression should only be used in rare cases. For example, if you write a short command line script.

In most cases however, using an exit expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage.

Loading history...
52
}
53
54
function success($arr)
55
{
56
    show_json($arr,1);
57
}
58
59
function error($arr)
60
{
61
/*    $db=\MysqliDb::getInstance();
0 ignored issues
show
Unused Code Comprehensibility introduced by
63% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
62
    $db->_transaction_status_check();*/
63
    show_json($arr,0);
64
}
65
function not_found($str='page not found,that is all we know!'){
66
    header('HTTP/1.1 404 Not Found');
67
    header("status: 404 Not Found");
68
    exit($str);
0 ignored issues
show
Coding Style Compatibility introduced by
The function not_found() contains an exit expression.

An exit expression should only be used in rare cases. For example, if you write a short command line script.

In most cases however, using an exit expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage.

Loading history...
69
}
70
71
72
/**
73
74
 * 数据签名认证
75
76
 * @param  array  $data 被认证的数据
77
78
 * @return string       签名
79
80
 * @author 麦当苗儿 <[email protected]>
81
82
 */
83
function data_auth_sign($data) {
84
    //数据类型检测
85
86
    if(!is_array($data)){
87
88
        $data = (array)$data;
89
    }
90
    ksort($data); //排序
91
    $code = http_build_query($data); //url编码并生成query字符串
92
    $sign = sha1($code); //生成签名
93
    return $sign;
94
}
95
/**
96
 * session管理函数
97
 * @param string|array $name session名称 如果为数组则表示进行session设置
98
 * @param mixed $value session值
99
 * @return mixed
100
 */
101
function session($name = '', $value = '') {
0 ignored issues
show
Coding Style introduced by
session uses the super-global variable $_SESSION which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
102
    if (is_array($name)) {
103
104
        if (isset($name['id'])) {
105
            session_id($name['id']);
106
        }
107
108
        if (isset($name['name'])) {
109
            session_name($name['name']);
110
        }
111
112
        if (isset($name['path'])) {
113
            session_save_path($name['path']);
114
        }
115
116
        if (isset($name['domain'])) {
117
            ini_set('session.cookie_domain', $name['domain']);
118
        }
119
120
        if (isset($name['expire'])) {
121
            ini_set('session.gc_maxlifetime', $name['expire']);
122
            ini_set('session.cookie_lifetime', $name['expire']);
123
        }
124
        if (isset($name['use_trans_sid'])) {
125
            ini_set('session.use_trans_sid', $name['use_trans_sid'] ? 1 : 0);
126
        }
127
128
        if (isset($name['use_cookies'])) {
129
            ini_set('session.use_cookies', $name['use_cookies'] ? 1 : 0);
130
        }
131
132
        if (isset($name['cache_limiter'])) {
133
            session_cache_limiter($name['cache_limiter']);
134
        }
135
136
        if (isset($name['cache_expire'])) {
137
            session_cache_expire($name['cache_expire']);
138
        }
139
        session_start();
140
    } elseif ('' === $value) {
141
        if ('' === $name) {
142
            // 获取全部的session
143
            return $_SESSION;
144
        } elseif (0 === strpos($name, '[')) {
145
            // session 操作
146
            if ('[pause]' == $name) {// 暂停session
147
                session_write_close();
148
            } elseif ('[start]' == $name) {
149
                // 启动session
150
                session_start();
151
            } elseif ('[destroy]' == $name) {
152
                // 销毁session
153
                $_SESSION = array();
154
                session_unset();
155
                session_destroy();
156
            } elseif ('[regenerate]' == $name) {
157
                // 重新生成id
158
                session_regenerate_id();
159
            }
160
        }else {
161
            if (strpos($name, '.')) {
162
                list($name1, $name2) = explode('.', $name);
163
                return isset($_SESSION[$name1][$name2]) ? $_SESSION[$name1][$name2] : null;
164
            } else {
165
                return isset($_SESSION[$name]) ? $_SESSION[$name] : null;
166
            }
167
        }
168
    } elseif (is_null($value)) {
169
        // 删除session
170
        if (strpos($name, '.')) {
171
            list($name1, $name2) = explode('.', $name);
172
            unset($_SESSION[$name1][$name2]);
173
        } else {
174
            unset($_SESSION[$name]);
175
        }
176
    } else {
177
        // 设置session
178
        if (strpos($name, '.')) {
179
            list($name1, $name2) = explode('.', $name);
180
            $_SESSION[$name1][$name2] = $value;
181
        } else {
182
            $_SESSION[$name] = $value;
183
        }
184
    }
185
    return null;
186
}
187
188
189
function admin_is_login(){
190
    $user = session('admin_user_auth');
191
    if (empty($user)) {
192
        return 0;
193
    } else {
194
        $auth_sign=session('admin_user_auth_sign');
195
        if(data_auth_sign($user)!=$auth_sign){
196
            return 0;
197
        }
198
        return $user['uid'];
199
    }
200
}
201
function json($str){
202
    $obj = json_encode($str,JSON_UNESCAPED_UNICODE);
203
    header('Content-Type: application/json');
204
    echo $obj;
205
}
206
/**
207
 * 浏览器友好的变量输出
208
 * @param mixed         $var 变量
209
 * @param boolean       $echo 是否输出 默认为true 如果为false 则返回输出字符串
210
 * @param string        $label 标签 默认为空
211
 * @param integer       $flags htmlspecialchars flags
212
 * @return void|string
213
 */
214
function dump($var, $echo = true, $label = null, $flags = ENT_SUBSTITUTE)
215
{
216
    $label = (null === $label) ? '' : rtrim($label) . ':';
217
    ob_start();
218
    var_dump($var);
0 ignored issues
show
Security Debugging Code introduced by
var_dump($var); looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data.
Loading history...
219
    $output = ob_get_clean();
220
    $output = preg_replace('/\]\=\>\n(\s+)/m', '] => ', $output);
221
    if (IS_CLI) {
222
        $output = PHP_EOL . $label . $output . PHP_EOL;
223
    } else {
224
        if (!extension_loaded('xdebug')) {
225
            $output = htmlspecialchars($output, $flags);
226
        }
227
        $output = '<pre>' . $label . $output . '</pre>';
228
    }
229
    if ($echo) {
230
        echo($output);
231
        return;
232
    } else {
233
        return $output;
234
    }
235
}
236
237
238
/**
239
 * 获取输入参数 支持过滤和默认值
240
 * 使用方法:
241
 * <code>
242
 * I('id',0); 获取id参数 自动判断get或者post
243
 * I('post.name','','htmlspecialchars'); 获取$_POST['name']
244
 * I('get.'); 获取$_GET
245
 * </code>
246
 * @param string $name 变量的名称 支持指定类型
247
 * @param mixed $default 不存在的时候默认值
248
 * @param mixed $filter 参数过滤方法
249
 * @param mixed $datas 要获取的额外数据源
250
 * @return mixed
251
 */
252
function I($name, $default = '', $filter = null, $datas = null)
0 ignored issues
show
Coding Style introduced by
I uses the super-global variable $_GET which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $_POST which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $_SERVER which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $_REQUEST which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $_SESSION which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $_COOKIE which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
Coding Style introduced by
I uses the super-global variable $GLOBALS which is generally not recommended.

Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable:

// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
Loading history...
253
{
254
    static $_PUT = null;
255
    if (strpos($name, '/')) {
256
        // 指定修饰符
257
        list($name, $type) = explode('/', $name, 2);
258
    } else{
259
        // 默认强制转换为字符串
260
        $type = 's';
261
    }
262
    if (strpos($name, '.')) {
263
        // 指定参数来源
264
        list($method, $name) = explode('.', $name, 2);
265
    } else {
266
        // 默认为自动判断
267
        $method = 'param';
268
    }
269
    switch (strtolower($method)) {
270
        case 'get':
271
            $input = &$_GET;
272
            break;
273
        case 'post':
274
            $input = &$_POST;
275
            break;
276
        case 'put':
277
            if (is_null($_PUT)) {
278
                parse_str(file_get_contents('php://input'), $_PUT);
279
            }
280
            $input = $_PUT;
281
            break;
282
        case 'param':
283
            switch ($_SERVER['REQUEST_METHOD']) {
284
                case 'POST':
285
                    $input = $_POST;
286
                    break;
287
                case 'PUT':
288
                    if (is_null($_PUT)) {
289
                        parse_str(file_get_contents('php://input'), $_PUT);
290
                    }
291
                    $input = $_PUT;
292
                    break;
293
                default:
294
                    $input = $_GET;
295
            }
296
            break;
297
        case 'path':
298
            $input = array();
299
            if (!empty($_SERVER['PATH_INFO'])) {
300
                $depr  = C('URL_PATHINFO_DEPR');
301
                $input = explode($depr, trim($_SERVER['PATH_INFO'], $depr));
302
            }
303
            break;
304
        case 'request':
305
            $input = &$_REQUEST;
306
            break;
307
        case 'session':
308
            $input = &$_SESSION;
309
            break;
310
        case 'cookie':
311
            $input = &$_COOKIE;
312
            break;
313
        case 'server':
314
            $input = &$_SERVER;
315
            break;
316
        case 'globals':
317
            $input = &$GLOBALS;
318
            break;
319
        case 'data':
320
            $input = &$datas;
321
            break;
322
        default:
323
            return null;
324
    }
325
    if ('' == $name) {
326
        // 获取全部变量
327
        $data    = $input;
328
        $filters = isset($filter) ? $filter : 'htmlspecialchars';
329
        if ($filters) {
330
            if (is_string($filters)) {
331
                $filters = explode(',', $filters);
332
            }
333
            foreach ($filters as $filter) {
0 ignored issues
show
Bug introduced by
The expression $filters of type object|integer|double|null|array|boolean is not guaranteed to be traversable. How about adding an additional type check?

There are different options of fixing this problem.

  1. If you want to be on the safe side, you can add an additional type-check:

    $collection = json_decode($data, true);
    if ( ! is_array($collection)) {
        throw new \RuntimeException('$collection must be an array.');
    }
    
    foreach ($collection as $item) { /** ... */ }
    
  2. If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:

    /** @var array $collection */
    $collection = json_decode($data, true);
    
    foreach ($collection as $item) { /** .. */ }
    
  3. Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.

Loading history...
334
                $data = array_map_recursive($filter, $data); // 参数过滤
335
            }
336
        }
337
    } elseif (isset($input[$name])) {
338
        // 取值操作
339
        $data    = $input[$name];
340
        $filters = isset($filter) ? $filter : 'htmlspecialchars';
341
        if ($filters) {
342
            if (is_string($filters)) {
343
                if (0 === strpos($filters, '/')) {
344
                    if (1 !== preg_match($filters, (string) $data)) {
345
                        // 支持正则验证
346
                        return isset($default) ? $default : null;
347
                    }
348
                } else {
349
                    $filters = explode(',', $filters);
350
                }
351
            } elseif (is_int($filters)) {
352
                $filters = array($filters);
353
            }
354
355
            if (is_array($filters)) {
356
                foreach ($filters as $filter) {
357
                    $filter = trim($filter);
358
                    if (function_exists($filter)) {
359
                        $data = is_array($data) ? array_map_recursive($filter, $data) : $filter($data); // 参数过滤
360
                    } else {
361
                        $data = filter_var($data, is_int($filter) ? $filter : filter_id($filter));
362
                        if (false === $data) {
363
                            return isset($default) ? $default : null;
364
                        }
365
                    }
366
                }
367
            }
368
        }
369
        if (!empty($type)) {
370
            switch (strtolower($type)) {
371
                case 'a':    // 数组
372
                    $data = (array) $data;
373
                    break;
374
                case 'd':    // 数字
375
                    $data = (int) $data;
376
                    break;
377
                case 'f':    // 浮点
378
                    $data = (float) $data;
379
                    break;
380
                case 'b':    // 布尔
381
                    $data = (boolean) $data;
382
                    break;
383
                case 's':// 字符串
384
                default:
385
                    $data = (string) $data;
386
            }
387
        }
388
    } else {
389
        // 变量默认值
390
        $data = isset($default) ? $default : null;
391
    }
392
    is_array($data) && array_walk_recursive($data, 'think_filter');
393
    return $data;
394
}
395
function array_map_recursive($filter, $data)
396
{
397
    $result = array();
398
    foreach ($data as $key => $val) {
399
        $result[$key] = is_array($val)
400
            ? array_map_recursive($filter, $val)
401
            : call_user_func($filter, $val);
402
    }
403
    return $result;
404
}
405
function think_filter(&$value)
406
{
407
    // TODO 其他安全过滤
408
409
    // 过滤查询特殊字符
410
    if (preg_match('/^(EXP|NEQ|GT|EGT|LT|ELT|OR|XOR|LIKE|NOTLIKE|NOT BETWEEN|NOTBETWEEN|BETWEEN|NOTIN|NOT IN|IN)$/i', $value)) {
411
        $value .= ' ';
412
    }
413
}
414
function config($name=null,$value=null,$default=null){
415
    $config=\puck\Conf::load();
416
    if ($name===null){
417
        return $config->all();
418
    }
419
    if ($value===null){
420
        return $config->get($name,$default);
421
    }
422
    $config->set($name,$value);
423
}
424
/**
425
 * 字符串命名风格转换
426
 * type 0 将Java风格转换为C的风格 1 将C风格转换为Java的风格
427
 * @param string $name 字符串
428
 * @param integer $type 转换类型
429
 * @return string
430
 */
431
function parse_name($name, $type = 0) {
432
    if ($type) {
433
        return ucfirst(preg_replace_callback('/_([a-zA-Z])/', function ($match) {return strtoupper($match[1]);}, $name));
434
    } else {
435
        return strtolower(trim(preg_replace("/[A-Z]/", "_\\0", $name), "_"));
436
    }
437
}