Home - Code Metrics - Inspection of "making the update user less complex" - Starbugstone/blogoc - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — Security_and_bug_fixes ( cc57a2...cb92f3 )

by Stone

created 2018-10-30 11:24 UTC

Home A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	269
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	124
dl	0
loc	269
rs	9.76
c	0
b	0
f	0
wmc	33

8 Methods

Rating	Name	Size	Complexity
A	index()	33	3
A	__construct()	12	1
C	updateUser()	64	12
A	viewUser()	20	2
A	checkOriginalAdmin()	25	6
A	checkForm()	18	4
A	listUsers()	14	2
A	deleteUser()	15	3

<?php

namespace App\Controllers\Admin;


use App\Models\RoleModel;
use App\Models\UserModel;
use Core\Constant;
use Core\Container;
use Core\Traits\PasswordFunctions;
use Core\Traits\StringFunctions;

class Home extends \Core\AdminController
{
    use StringFunctions;
    use PasswordFunctions;
    protected $siteConfig;
    protected $pagination;

    private $userModel;
    private $roleModel;

    private $user;
    private $registerErrors;

    public function __construct(Container $container)
    {
        $this->loadModules[] = 'SiteConfig';
        $this->loadModules[] = 'pagination';
        parent::__construct($container);
        $this->userModel = new UserModel($this->container);
        $this->roleModel = new RoleModel($this->container);

        $this->registerErrors = new \stdClass();
        $this->user = new \stdClass();

        $this->data['configs'] = $this->siteConfig->getSiteConfig();
    }

    /**
     * check if the set user is the original admin
     * @return bool
     */
    private function checkOriginalAdmin(): bool
    {
        $userId = (int)$this->user->userId;
        //The admin selector should be disables and not sent so forcing default role
        $userLockedOut = $this->user->userLockedOut ?? 0;
        $userRoleSelector = $this->user->userRoleSelector ?? 2;
        $error = false;
        //doing a quick check to send back error message
        if ($userId === 1 && $userLockedOut === 1) {
            $error = true;
            $this->alertBox->setAlert("Original admin may not be deactivated", "error");
        }

        if ($userId === 1 && $userRoleSelector !== 2) {
            $error = true;
            $this->alertBox->setAlert("Original admin must stay admin", "error");
        }

        //forcing the default values
        if($userId === 1){
            $this->user->userRoleSelector = 2;
            $this->user->userLockedOut = 0;
        }

        return $error;
    }

    /**
     * check if the set data is valid
     * @return bool
     */
    private function checkForm(): bool
    {
        $error = false;

        if ($this->user->userName == "") {
            $error = true;
            $this->registerErrors->userName = "name must not be empty";
        }
        if ($this->user->userSurname == "") {
            $error = true;
            $this->registerErrors->userSurname = "surname must not be empty";
        }
        if ($this->user->userUsername == "") {
            $error = true;
            $this->registerErrors->userUsername = "username must not be empty";
        }

        return $error;
    }

    /**
     * The front page of the admin section. We display the user info
     * @throws \ReflectionException
     * @throws \Twig_Error_Loader
     * @throws \Twig_Error_Runtime
     * @throws \Twig_Error_Syntax
     */
    public function index()
    {
        $this->onlyUser();

        //check if have prefilled form data and error mesages
        $this->data["registrationInfo"] = $this->session->get("registrationInfo");
        $this->data["registrationErrors"] = $this->session->get("registrationErrors");

        //remove the set data as it is now sent to the template
        $this->session->remove("registrationInfo");
        $this->session->remove("registrationErrors");

        $userId = $this->session->get("userId");
        if ($userId === null) {
            //this should never happen but scrutinizer thows an alert
            throw new \Exception("Session error, no ID");
        }

        $userDetails = $this->userModel->getUserDetailsById($userId);

        if ($userDetails === false) {
            //the user is still logged in his session but deleted from the DB.
            $this->cookie->deleteCookie("rememberMe");
            $this->session->destroySession();
            $this->alertBox->setAlert('your user no longer exists, please contact the admin');
            $this->response->redirect();
        }

        $this->data["user"] = $userDetails;

        $this->data["roles"] = $this->roleModel->getRoleList();

        $this->renderView('Admin/Home');
    }

    /**
     * Administrate a user as an admin
     * @param int $userId
     * @throws \ReflectionException
     * @throws \Twig_Error_Loader
     * @throws \Twig_Error_Runtime
     * @throws \Twig_Error_Syntax
     */
    public function viewUser(int $userId)
    {
        $this->onlyAdmin();
        if (!$this->isInt($userId)) {
            throw new \Exception("Error in passed ID");
        }

        //check if have prefilled form data and error messages
        $this->data["registrationInfo"] = $this->session->get("registrationInfo");
        $this->data["registrationErrors"] = $this->session->get("registrationErrors");

        //remove the set data as it is now sent to the template
        $this->session->remove("registrationInfo");
        $this->session->remove("registrationErrors");

        $this->data["user"] = $this->userModel->getUserDetailsById($userId);

        $this->data["roles"] = $this->roleModel->getRoleList();

        $this->renderView('Admin/Home');
    }

    /**
     * Update the user info via post
     * @throws \Exception
     */
    public function updateUser()
    {
        $this->onlyUser();
        $this->onlyPost();

        $this->user = (object)$this->request->getDataFull();
        $redirectUrl = "/admin";

        if ($this->user->userId !== $this->session->get("userId") || isset($this->user->userRoleSelector) || isset($this->user->locked_out)) {
            //an admin is trying to update a user or form tampered with
            $this->onlyAdmin();
            $redirectUrl = "/admin/home/view-user/" . $this->user->userId;
        } else {
            //set the role to the original state for update
            $beforeUser = $this->userModel->getUserDetailsById($this->user->userId);
            $this->user->userRoleSelector = $beforeUser->roles_idroles;
            $this->user->userLockedOut = $beforeUser->locked_out;
        }

        $userId = $this->user->userId;
        $password = $this->user->forgotPassword ?? "";
        $confirm = $this->user->forgotConfirm ?? "";
        $resetPassword = false;
        $error = false;



        if ($this->checkOriginalAdmin()) {
            $error = true;
        }

        if ($password !== "" || $confirm !== "") {
            //we are resetting the password
            $resetPassword = true;
            if ($password !== $confirm) {
                $error = true;
                $this->registerErrors->forgotPassword = "password and confirmation do not match";
                $this->registerErrors->forgotConfirm = "password and confirmation do not match";
            }

            $passwordError = $this->isPasswordComplex($password);
            if (!$passwordError["success"]) {
                $error = true;
                $this->registerErrors->forgotPassword = $passwordError["message"];
            }
        }

        if ($this->checkForm()) {
            $error = true;
        }

        if ($error) {
            $this->session->set("registrationErrors", $this->registerErrors);
            $this->response->redirect($redirectUrl);
        }

        if ($resetPassword) {
            $this->userModel->resetPassword($userId, $password);
        }

        $this->userModel->updateUser($this->user);

        $this->alertBox->setAlert('User details updated');
        $this->response->redirect($redirectUrl);
    }

    /**
     * List all the users
     * @param string $page
     * @param int $linesPerPage
     * @throws \ReflectionException
     * @throws \Twig_Error_Loader
     * @throws \Twig_Error_Runtime
     * @throws \Twig_Error_Syntax
     */
    public function listUsers(string $page = "page-1", int $linesPerPage = Constant::LIST_PER_PAGE)
    {
        $this->onlyAdmin();

        $totalUsers = $this->userModel->countUsers();
        $pagination = $this->pagination->getPagination($page, $totalUsers, $linesPerPage);

        if ($linesPerPage !== Constant::LIST_PER_PAGE) {
            $this->data['paginationPostsPerPage'] = $linesPerPage;
        }

        $this->data["posts"] = $this->userModel->getUserList($pagination["offset"], $linesPerPage);
        $this->data['pagination'] = $pagination;
        $this->renderView("Admin/ListUser");
    }

    /**
     * permanantly delete a user
     * @param int $userId
     * @throws \Exception
     */
    public function deleteUser(int $userId)
    {
        $this->onlyAdmin();
        if (!$this->isInt($userId)) {
            throw new \Exception("Error in passed ID");
        }

        if ($userId === 1) {
            $this->alertBox->setAlert('Original Admin can not be deleted', "error");
            $this->response->redirect("/admin/home/list-users");
        }

        $this->userModel->deleteUser($userId);
        $this->alertBox->setAlert('User deleted');
        $this->response->redirect("/admin/home/list-users");
    }
}

1			<?php
2
3			namespace App\Controllers\Admin;
4
5
6			use App\Models\RoleModel;
7			use App\Models\UserModel;
8			use Core\Constant;
9			use Core\Container;
10			use Core\Traits\PasswordFunctions;
11			use Core\Traits\StringFunctions;
12
13			class Home extends \Core\AdminController
14			{
15			use StringFunctions;
16			use PasswordFunctions;
17			protected $siteConfig;
18			protected $pagination;
19
20			private $userModel;
21			private $roleModel;
22
23			private $user;
24			private $registerErrors;
25
26			public function __construct(Container $container)
27			{
28			$this->loadModules[] = 'SiteConfig';
29			$this->loadModules[] = 'pagination';
30			parent::__construct($container);
31			$this->userModel = new UserModel($this->container);
32			$this->roleModel = new RoleModel($this->container);
33
34			$this->registerErrors = new \stdClass();
35			$this->user = new \stdClass();
36
37			$this->data['configs'] = $this->siteConfig->getSiteConfig();
38			}
39
40			/**
41			* check if the set user is the original admin
42			* @return bool
43			*/
44			private function checkOriginalAdmin(): bool
45			{
46			$userId = (int)$this->user->userId;
47			//The admin selector should be disables and not sent so forcing default role
48			$userLockedOut = $this->user->userLockedOut ?? 0;
49			$userRoleSelector = $this->user->userRoleSelector ?? 2;
50			$error = false;
51			//doing a quick check to send back error message
52			if ($userId === 1 && $userLockedOut === 1) {
53			$error = true;
54			$this->alertBox->setAlert("Original admin may not be deactivated", "error");
55			}
56
57			if ($userId === 1 && $userRoleSelector !== 2) {
58			$error = true;
59			$this->alertBox->setAlert("Original admin must stay admin", "error");
60			}
61
62			//forcing the default values
63			if($userId === 1){
64			$this->user->userRoleSelector = 2;
65			$this->user->userLockedOut = 0;
66			}
67
68			return $error;
69			}
70
71			/**
72			* check if the set data is valid
73			* @return bool
74			*/
75			private function checkForm(): bool
76			{
77			$error = false;
78
79			if ($this->user->userName == "") {
80			$error = true;
81			$this->registerErrors->userName = "name must not be empty";
82			}
83			if ($this->user->userSurname == "") {
84			$error = true;
85			$this->registerErrors->userSurname = "surname must not be empty";
86			}
87			if ($this->user->userUsername == "") {
88			$error = true;
89			$this->registerErrors->userUsername = "username must not be empty";
90			}
91
92			return $error;
93			}
94
95			/**
96			* The front page of the admin section. We display the user info
97			* @throws \ReflectionException
98			* @throws \Twig_Error_Loader
99			* @throws \Twig_Error_Runtime
100			* @throws \Twig_Error_Syntax
101			*/
102			public function index()
103			{
104			$this->onlyUser();
105
106			//check if have prefilled form data and error mesages
107			$this->data["registrationInfo"] = $this->session->get("registrationInfo");
108			$this->data["registrationErrors"] = $this->session->get("registrationErrors");
109
110			//remove the set data as it is now sent to the template
111			$this->session->remove("registrationInfo");
112			$this->session->remove("registrationErrors");
113
114			$userId = $this->session->get("userId");
115			if ($userId === null) {
116			//this should never happen but scrutinizer thows an alert
117			throw new \Exception("Session error, no ID");
118			}
119
120			$userDetails = $this->userModel->getUserDetailsById($userId);
121
122			if ($userDetails === false) {
123			//the user is still logged in his session but deleted from the DB.
124			$this->cookie->deleteCookie("rememberMe");
125			$this->session->destroySession();
126			$this->alertBox->setAlert('your user no longer exists, please contact the admin');
127			$this->response->redirect();
128			}
129
130			$this->data["user"] = $userDetails;
131
132			$this->data["roles"] = $this->roleModel->getRoleList();
133
134			$this->renderView('Admin/Home');
135			}
136
137			/**
138			* Administrate a user as an admin
139			* @param int $userId
140			* @throws \ReflectionException
141			* @throws \Twig_Error_Loader
142			* @throws \Twig_Error_Runtime
143			* @throws \Twig_Error_Syntax
144			*/
145			public function viewUser(int $userId)
146			{
147			$this->onlyAdmin();
148			if (!$this->isInt($userId)) {
149			throw new \Exception("Error in passed ID");
150			}
151
152			//check if have prefilled form data and error messages
153			$this->data["registrationInfo"] = $this->session->get("registrationInfo");
154			$this->data["registrationErrors"] = $this->session->get("registrationErrors");
155
156			//remove the set data as it is now sent to the template
157			$this->session->remove("registrationInfo");
158			$this->session->remove("registrationErrors");
159
160			$this->data["user"] = $this->userModel->getUserDetailsById($userId);
161
162			$this->data["roles"] = $this->roleModel->getRoleList();
163
164			$this->renderView('Admin/Home');
165			}
166
167			/**
168			* Update the user info via post
169			* @throws \Exception
170			*/
171			public function updateUser()
172			{
173			$this->onlyUser();
174			$this->onlyPost();
175
176			$this->user = (object)$this->request->getDataFull();
177			$redirectUrl = "/admin";
178
179			if ($this->user->userId !== $this->session->get("userId") \|\| isset($this->user->userRoleSelector) \|\| isset($this->user->locked_out)) {
180			//an admin is trying to update a user or form tampered with
181			$this->onlyAdmin();
182			$redirectUrl = "/admin/home/view-user/" . $this->user->userId;
183			} else {
184			//set the role to the original state for update
185			$beforeUser = $this->userModel->getUserDetailsById($this->user->userId);
186			$this->user->userRoleSelector = $beforeUser->roles_idroles;
187			$this->user->userLockedOut = $beforeUser->locked_out;
188			}
189
190			$userId = $this->user->userId;
191			$password = $this->user->forgotPassword ?? "";
192			$confirm = $this->user->forgotConfirm ?? "";
193			$resetPassword = false;
194			$error = false;
195
196
197
198			if ($this->checkOriginalAdmin()) {
199			$error = true;
200			}
201
202			if ($password !== "" \|\| $confirm !== "") {
203			//we are resetting the password
204			$resetPassword = true;
205			if ($password !== $confirm) {
206			$error = true;
207			$this->registerErrors->forgotPassword = "password and confirmation do not match";
208			$this->registerErrors->forgotConfirm = "password and confirmation do not match";
209			}
210
211			$passwordError = $this->isPasswordComplex($password);
212			if (!$passwordError["success"]) {
213			$error = true;
214			$this->registerErrors->forgotPassword = $passwordError["message"];
215			}
216			}
217
218			if ($this->checkForm()) {
219			$error = true;
220			}
221
222			if ($error) {
223			$this->session->set("registrationErrors", $this->registerErrors);
224			$this->response->redirect($redirectUrl);
225			}
226
227			if ($resetPassword) {
228			$this->userModel->resetPassword($userId, $password);
229			}
230
231			$this->userModel->updateUser($this->user);
232
233			$this->alertBox->setAlert('User details updated');
234			$this->response->redirect($redirectUrl);
235			}
236
237			/**
238			* List all the users
239			* @param string $page
240			* @param int $linesPerPage
241			* @throws \ReflectionException
242			* @throws \Twig_Error_Loader
243			* @throws \Twig_Error_Runtime
244			* @throws \Twig_Error_Syntax
245			*/
246			public function listUsers(string $page = "page-1", int $linesPerPage = Constant::LIST_PER_PAGE)
247			{
248			$this->onlyAdmin();
249
250			$totalUsers = $this->userModel->countUsers();
251			$pagination = $this->pagination->getPagination($page, $totalUsers, $linesPerPage);
252
253			if ($linesPerPage !== Constant::LIST_PER_PAGE) {
254			$this->data['paginationPostsPerPage'] = $linesPerPage;
255			}
256
257			$this->data["posts"] = $this->userModel->getUserList($pagination["offset"], $linesPerPage);
258			$this->data['pagination'] = $pagination;
259			$this->renderView("Admin/ListUser");
260			}
261
262			/**
263			* permanantly delete a user
264			* @param int $userId
265			* @throws \Exception
266			*/
267			public function deleteUser(int $userId)
268			{
269			$this->onlyAdmin();
270			if (!$this->isInt($userId)) {
271			throw new \Exception("Error in passed ID");
272			}
273
274			if ($userId === 1) {
275			$this->alertBox->setAlert('Original Admin can not be deleted', "error");
276			$this->response->redirect("/admin/home/list-users");
277			}
278
279			$this->userModel->deleteUser($userId);
280			$this->alertBox->setAlert('User deleted');
281			$this->response->redirect("/admin/home/list-users");
282			}
283			}

Starbugstone / blogoc

Push — Security_and_bug_fixes ( cc57a2...cb92f3 )

Home A

Complexity

Size/Duplication

Importance

8 Methods

Duplication Side-by-Side

Filter issues like