Completed
Pull Request — master (#375)
by Richard
10:28
created

functions.php ➔ xoFormSelect()   A

Complexity

Conditions 4
Paths 6

Size

Total Lines 19
Code Lines 15

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 4
eloc 15
nc 6
nop 6
dl 0
loc 19
rs 9.2
c 0
b 0
f 0
1
<?php
2
/**
3
 * See the enclosed file license.txt for licensing information.
4
 * If you did not receive this file, get it at http://www.gnu.org/licenses/gpl-2.0.html
5
 *
6
 * @copyright    (c) 2000-2016 XOOPS Project (www.xoops.org)
7
 * @license          GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
8
 * @package          installer
9
 * @since            2.3.0
10
 * @author           Haruki Setoyama  <[email protected]>
11
 * @author           Kazumi Ono <[email protected]>
12
 * @author           Skalpa Keo <[email protected]>
13
 * @author           Taiwen Jiang <[email protected]>
14
 * @author           DuGris (aka L. JEN) <[email protected]>
15
 * @param string $hash
16
 * @return bool
17
 */
18
19
function install_acceptUser($hash = '')
0 ignored issues
show
Unused Code introduced by
The parameter $hash is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
20
{
21
    $GLOBALS['xoopsUser'] = null;
22
    $assertClaims = array(
23
        'sub' => 'xoopsinstall',
24
    );
25
    $claims = \Xmf\Jwt\TokenReader::fromCookie('install', 'xo_install_user', $assertClaims);
26
    if (false === $claims || empty($claims->uname)) {
27
        return false;
28
    }
29
    $uname = $claims->uname;
30
    /* @var $memberHandler XoopsMemberHandler */
31
    $memberHandler = xoops_getHandler('member');
32
    $user = array_pop($memberHandler->getUsers(new Criteria('uname', $uname)));
0 ignored issues
show
Bug introduced by
$memberHandler->getUsers...teria('uname', $uname)) cannot be passed to array_pop() as the parameter $array expects a reference.
Loading history...
33
34
    if (is_object($GLOBALS['xoops']) && method_exists($GLOBALS['xoops'], 'acceptUser')) {
35
        $res = $GLOBALS['xoops']->acceptUser($uname, true, '');
36
37
        return $res;
38
    }
39
40
    $GLOBALS['xoopsUser']        = $user;
41
    $_SESSION['xoopsUserId']     = $GLOBALS['xoopsUser']->getVar('uid');
42
    $_SESSION['xoopsUserGroups'] = $GLOBALS['xoopsUser']->getGroups();
43
44
    return true;
45
}
46
47
/**
48
 * @param $installer_modified
49
 */
50
function install_finalize($installer_modified)
51
{
52
    // Set mainfile.php readonly
53
    @chmod(XOOPS_ROOT_PATH . '/mainfile.php', 0444);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
54
    // Set Secure file readonly
55
    @chmod(XOOPS_VAR_PATH . '/data/secure.php', 0444);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
56
    // Rename installer folder
57
    @rename(XOOPS_ROOT_PATH . '/install', XOOPS_ROOT_PATH . '/' . $installer_modified);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
58
}
59
60
/**
61
 * @param        $name
62
 * @param        $value
63
 * @param        $label
64
 * @param string $help
65
 */
66
function xoFormField($name, $value, $label, $help = '')
67
{
68
    $myts  = MyTextSanitizer::getInstance();
69
    $label = $myts->htmlspecialchars($label, ENT_QUOTES, _INSTALL_CHARSET, false);
70
    $name  = $myts->htmlspecialchars($name, ENT_QUOTES, _INSTALL_CHARSET, false);
71
    $value = $myts->htmlspecialchars($value, ENT_QUOTES);
72
    echo '<div class="form-group">';
73
    echo '<label class="xolabel" for="' . $name . '">' . $label . '</label>';
74
    if ($help) {
75
        echo '<div class="xoform-help alert alert-info">' . $help . '</div>';
76
    }
77
    echo '<input type="text" class="form-control" name="'.$name.'" id="'.$name.'" value="'.$value.'">';
78
    echo '</div>';
79
}
80
81
/**
82
 * @param        $name
83
 * @param        $value
84
 * @param        $label
85
 * @param string $help
86
 */
87
function xoPassField($name, $value, $label, $help = '')
88
{
89
    $myts  = MyTextSanitizer::getInstance();
90
    $label = $myts->htmlspecialchars($label, ENT_QUOTES, _INSTALL_CHARSET, false);
91
    $name  = $myts->htmlspecialchars($name, ENT_QUOTES, _INSTALL_CHARSET, false);
92
    $value = $myts->htmlspecialchars($value, ENT_QUOTES);
93
    echo '<div class="form-group">';
94
    echo '<label class="xolabel" for="' . $name . '">' . $label . '</label>';
95
    if ($help) {
96
        echo '<div class="xoform-help alert alert-info">' . $help . '</div>';
97
    }
98
    if ($name === 'adminpass') {
99
        echo '<input type="password" class="form-control" name="'.$name.'" id="'.$name.'" value="'.$value.'"  onkeyup="passwordStrength(this.value)">';
100
    } else {
101
        echo '<input type="password" class="form-control" name="'.$name.'" id="'.$name.'" value="'.$value.'">';
102
    }
103
    echo '</div>';
104
}
105
106
/**
107
 * @param        $name
108
 * @param        $value
109
 * @param        $label
110
 * @param array  $options
111
 * @param string $help
112
 * @param        $extra
113
 */
114
function xoFormSelect($name, $value, $label, $options, $help = '', $extra='')
115
{
116
    $myts  = MyTextSanitizer::getInstance();
117
    $label = $myts->htmlspecialchars($label, ENT_QUOTES, _INSTALL_CHARSET, false);
118
    $name  = $myts->htmlspecialchars($name, ENT_QUOTES, _INSTALL_CHARSET, false);
119
    $value = $myts->htmlspecialchars($value, ENT_QUOTES);
120
    echo '<div class="form-group">';
121
    echo '<label class="xolabel" for="' . $name . '">' . $label . '</label>';
122
    if ($help) {
123
        echo '<div class="xoform-help alert alert-info">' . $help . '</div>';
124
    }
125
    echo '<select class="form-control" name="'.$name.'" id="'.$name.'" value="'.$value.'" '.$extra.'>';
126
    foreach ($options as $optionValue => $optionReadable) {
127
        $selected = ($value === $optionValue) ? ' selected' : '';
128
        echo '<option value="'.$optionValue . '"' . $selected . '>' . $optionReadable . '</option>';
129
    }
130
    echo '</select>';
131
    echo '</div>';
132
}
133
134
/*
135
 * gets list of name of directories inside a directory
136
 */
137
/**
138
 * @param $dirname
139
 *
140
 * @return array
141
 */
142 View Code Duplication
function getDirList($dirname)
0 ignored issues
show
Duplication introduced by
This function seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
143
{
144
    $dirlist = array();
145
    if ($handle = opendir($dirname)) {
146
        while ($file = readdir($handle)) {
147
            if ($file{0} !== '.' && is_dir($dirname . $file)) {
148
                $dirlist[] = $file;
149
            }
150
        }
151
        closedir($handle);
152
        asort($dirlist);
153
        reset($dirlist);
154
    }
155
156
    return $dirlist;
157
}
158
159
/**
160
 * @param        $status
161
 * @param string $str
162
 *
163
 * @return string
164
 */
165
function xoDiag($status = -1, $str = '')
166
{
167
    if ($status == -1) {
168
        $GLOBALS['error'] = true;
169
    }
170
    $classes = array(-1 => 'fa fa-fw fa-ban text-danger', 0 => 'fa fa-fw fa-square-o text-warning', 1 => 'fa fa-fw fa-check text-success');
171
    $strings = array(-1 => FAILED, 0 => WARNING, 1 => SUCCESS);
172
    if (empty($str)) {
173
        $str = $strings[$status];
174
    }
175
176
    return '<span class="' . $classes[$status] . '"></span>' . $str;
177
}
178
179
/**
180
 * @param      $name
181
 * @param bool $wanted
182
 * @param bool $severe
183
 *
184
 * @return string
185
 */
186
function xoDiagBoolSetting($name, $wanted = false, $severe = false)
187
{
188
    $setting = (bool) ini_get($name);
189
    if ($setting === (bool) $wanted) {
190
        return xoDiag(1, $setting ? 'ON' : 'OFF');
191
    } else {
192
        return xoDiag($severe ? -1 : 0, $setting ? 'ON' : 'OFF');
193
    }
194
}
195
196
/**
197
 * seems to only be used for license file?
198
 * @param string $path dir or file path
199
 *
200
 * @return string
201
 */
202
function xoDiagIfWritable($path)
203
{
204
    $path  = '../' . $path;
205
    $error = true;
206
    if (!is_dir($path)) {
207 View Code Duplication
        if (file_exists($path) && !is_writable($path)) {
208
            @chmod($path, 0664);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
209
            $error = !is_writable($path);
210
        }
211 View Code Duplication
    } else {
212
        if (!is_writable($path)) {
213
            @chmod($path, 0775);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
214
            $error = !is_writable($path);
215
        }
216
    }
217
218
    return xoDiag($error ? -1 : 1, $error ? ' ' : ' ');
219
}
220
221
/**
222
 * @return string
223
 */
224
function xoPhpVersion()
225
{
226
    if (version_compare(phpversion(), '5.3.7', '>=')) {
227
        return xoDiag(1, phpversion());
228
    //} elseif (version_compare(phpversion(), '5.3.7', '>=')) {
229
    //    return xoDiag(0, phpversion());
230
    } else {
231
        return xoDiag(-1, phpversion());
232
    }
233
}
234
235
/**
236
 * @param $path
237
 * @param $valid
238
 *
239
 * @return string
240
 */
241
function genPathCheckHtml($path, $valid)
242
{
243
    if ($valid) {
244
        switch ($path) {
245
            case 'root':
246
                $msg = sprintf(XOOPS_FOUND, XOOPS_VERSION);
247
                break;
248
249
            case 'lib':
250
            case 'data':
251
            default:
252
                $msg = XOOPS_PATH_FOUND;
253
                break;
254
        }
255
256
        return '<span class="pathmessage"><span class="fa fa-fw fa-check text-success"></span> ' . $msg . '</span>';
257
    } else {
258
        switch ($path) {
259
            case 'root':
260
                $msg = ERR_NO_XOOPS_FOUND;
261
                break;
262
263
            case 'lib':
264
            case 'data':
265
            default:
266
                $msg = ERR_COULD_NOT_ACCESS;
267
                break;
268
        }
269
        $GLOBALS['error'] = true;
270
        return '<div class="alert alert-danger"><span class="fa fa-fw fa-ban text-danger"></span> ' . $msg . '</div>';
271
    }
272
}
273
274
/**
275
 * @param $link
276
 *
277
 * @return mixed
278
 */
279
function getDbCharsets($link)
280
{
281
    static $charsets = array();
282
    if ($charsets) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $charsets of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
283
        return $charsets;
284
    }
285
286
    if ($result = mysqli_query($link, 'SHOW CHARSET')) {
287
        while ($row = mysqli_fetch_assoc($result)) {
288
            $charsets[$row['Charset']] = $row['Description'];
289
        }
290
    }
291
292
    return $charsets;
293
}
294
295
/**
296
 * @param $link
297
 * @param $charset
298
 *
299
 * @return mixed
300
 */
301
function getDbCollations($link, $charset)
302
{
303
    static $collations = array();
304
    if (!empty($collations[$charset])) {
305
        return $collations[$charset];
306
    }
307
308
    if ($result = mysqli_query($link, "SHOW COLLATION WHERE CHARSET = '" . mysqli_real_escape_string($link, $charset) . "'")) {
309
        while ($row = mysqli_fetch_assoc($result)) {
310
            $collations[$charset][$row['Collation']] = $row['Default'] ? 1 : 0;
311
        }
312
    }
313
314
    return $collations[$charset];
315
}
316
317
/**
318
 * @param $link
319
 * @param $charset
320
 * @param $collation
321
 *
322
 * @return null|string
323
 */
324
function validateDbCharset($link, &$charset, &$collation)
325
{
326
    $error = null;
327
328
    if (empty($charset)) {
329
        $collation = '';
330
    }
331
    if (empty($charset) && empty($collation)) {
332
        return $error;
333
    }
334
335
    $charsets = getDbCharsets($link);
336
    if (!isset($charsets[$charset])) {
337
        $error = sprintf(ERR_INVALID_DBCHARSET, $charset);
338
    } elseif (!empty($collation)) {
339
        $collations = getDbCollations($link, $charset);
340
        if (!isset($collations[$collation])) {
341
            $error = sprintf(ERR_INVALID_DBCOLLATION, $collation);
342
        }
343
    }
344
345
    return $error;
346
}
347
348
/**
349
 * @param $name
350
 * @param $value
351
 * @param $label
352
 * @param $help
353
 * @param $link
354
 * @param $charset
355
 *
356
 * @return string
0 ignored issues
show
Documentation introduced by
Should the return type not be string|null?

This check compares the return type specified in the @return annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.

Loading history...
357
 */
358
function xoFormFieldCollation($name, $value, $label, $help, $link, $charset)
359
{
360
    if (empty($charset) || !$collations = getDbCollations($link, $charset)) {
361
        return '';
362
    }
363
364
    $options           = array();
365
    foreach ($collations as $key => $isDefault) {
366
        $options[$key] = $key . (($isDefault) ? ' (Default)' : '');
367
    }
368
369
    return xoFormSelect($name, $value, $label, $options, $help);
370
}
371
372
/**
373
 * @param $name
374
 * @param $value
375
 * @param $label
376
 * @param $help
377
 * @param $link
378
 * @param $charset
379
 *
380
 * @return string
0 ignored issues
show
Documentation introduced by
Should the return type not be string|null?

This check compares the return type specified in the @return annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.

Loading history...
381
 */
382
function xoFormBlockCollation($name, $value, $label, $help, $link, $charset)
383
{
384
    return xoFormFieldCollation($name, $value, $label, $help, $link, $charset);
385
}
386
387
/**
388
 * @param        $name
389
 * @param        $value
390
 * @param        $label
391
 * @param string $help
392
 * @param        $link
393
 *
394
 * @return string
0 ignored issues
show
Documentation introduced by
Should the return type not be string|null?

This check compares the return type specified in the @return annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.

Loading history...
395
 */
396
function xoFormFieldCharset($name, $value, $label, $help = '', $link)
397
{
398
    if (!$charsets = getDbCharsets($link)) {
399
        return '';
400
    }
401
    foreach ($charsets as $k => $v) {
402
        $charsets[$k] = $v . ' (' . $k . ')';
403
    }
404
    asort($charsets);
405
    $myts  = MyTextSanitizer::getInstance();
406
    $label = $myts->htmlspecialchars($label, ENT_QUOTES, _INSTALL_CHARSET, false);
407
    $name  = $myts->htmlspecialchars($name, ENT_QUOTES, _INSTALL_CHARSET, false);
408
    $value = $myts->htmlspecialchars($value, ENT_QUOTES);
409
    $extra = 'onchange="setFormFieldCollation(\'DB_COLLATION\', this.value)"';
410
    return xoFormSelect($name, $value, $label, $charsets, $help, $extra);
411
}
412
413
/**
414
 * *#@+
415
 * Xoops Write Licence System Key
416
 * @param        $system_key
417
 * @param        $licensefile
418
 * @param string $license_file_dist
419
 * @return string
420
 */
421
function xoPutLicenseKey($system_key, $licensefile, $license_file_dist = 'license.dist.php')
422
{
423
    //chmod($licensefile, 0777);
424
    $fver     = fopen($licensefile, 'w');
425
    $fver_buf = file($license_file_dist);
426
    foreach ($fver_buf as $line => $value) {
427
        $ret = $value;
428
        if (strpos($value, 'XOOPS_LICENSE_KEY') > 0) {
429
            $ret = 'define(\'XOOPS_LICENSE_KEY\', \'' . $system_key . "');";
430
        }
431
        fwrite($fver, $ret, strlen($ret));
432
    }
433
    fclose($fver);
434
    chmod($licensefile, 0444);
435
436
    return sprintf(WRITTEN_LICENSE, XOOPS_LICENSE_CODE, $system_key);
437
}
438
439
/**
440
 * *#@+
441
 * Xoops Build Licence System Key
442
 */
443 View Code Duplication
function xoBuildLicenceKey()
0 ignored issues
show
Duplication introduced by
This function seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
444
{
445
    $xoops_serdat = array();
446
    mt_srand(((float)('0' . substr(microtime(), strpos(microtime(), ' ') + 1, strlen(microtime()) - strpos(microtime(), ' ') + 1))) * mt_rand(30, 99999));
447
    mt_srand(((float)('0' . substr(microtime(), strpos(microtime(), ' ') + 1, strlen(microtime()) - strpos(microtime(), ' ') + 1))) * mt_rand(30, 99999));
448
    $checksums = array(1 => 'md5', 2 => 'sha1');
449
    $type      = mt_rand(1, 2);
450
    $func      = $checksums[$type];
451
452
    error_reporting(0);
453
454
    // Public Key
455
    if ($xoops_serdat['version'] = $func(XOOPS_VERSION)) {
456
        $xoops_serdat['version'] = substr($xoops_serdat['version'], 0, 6);
457
    }
458
    if ($xoops_serdat['licence'] = $func(XOOPS_LICENSE_CODE)) {
459
        $xoops_serdat['licence'] = substr($xoops_serdat['licence'], 0, 2);
460
    }
461
    if ($xoops_serdat['license_text'] = $func(XOOPS_LICENSE_TEXT)) {
462
        $xoops_serdat['license_text'] = substr($xoops_serdat['license_text'], 0, 2);
463
    }
464
465
    if ($xoops_serdat['domain_host'] = $func($_SERVER['HTTP_HOST'])) {
466
        $xoops_serdat['domain_host'] = substr($xoops_serdat['domain_host'], 0, 2);
467
    }
468
469
    // Private Key
470
    $xoops_serdat['file']     = $func(__FILE__);
471
    $xoops_serdat['basename'] = $func(basename(__FILE__));
472
    $xoops_serdat['path']     = $func(__DIR__);
473
474
    foreach ($_SERVER as $key => $data) {
475
        $xoops_serdat[$key] = substr($func(serialize($data)), 0, 4);
476
    }
477
478
    $xoops_key = '';
479
    foreach ($xoops_serdat as $key => $data) {
480
        $xoops_key .= $data;
481
    }
482
    while (strlen($xoops_key) > 40) {
483
        $lpos      = mt_rand(18, strlen($xoops_key));
484
        $xoops_key = substr($xoops_key, 0, $lpos) . substr($xoops_key, $lpos + 1, strlen($xoops_key) - ($lpos + 1));
485
    }
486
487
    return xoStripeKey($xoops_key);
488
}
489
490
/**
491
 * *#@+
492
 * Xoops Stripe Licence System Key
493
 * @param $xoops_key
494
 * @return mixed|string
495
 */
496
function xoStripeKey($xoops_key)
497
{
498
    $uu     = 0;
499
    $num    = 6;
0 ignored issues
show
Unused Code introduced by
$num is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
500
    $length = 30;
501
    $strip  = floor(strlen($xoops_key) / 6);
502
    $strlen = strlen($xoops_key);
503
    $ret = '';
504
    for ($i = 0; $i < $strlen; ++$i) {
505
        if ($i < $length) {
506
            ++$uu;
507
            if ($uu == $strip) {
508
                $ret .= substr($xoops_key, $i, 1) . '-';
509
                $uu = 0;
510
            } else {
511
                if (substr($xoops_key, $i, 1) != '-') {
512
                    $ret .= substr($xoops_key, $i, 1);
513
                } else {
514
                    $uu--;
515
                }
516
            }
517
        }
518
    }
519
    $ret = str_replace('--', '-', $ret);
520
    if (substr($ret, 0, 1) == '-') {
521
        $ret = substr($ret, 2, strlen($ret));
522
    }
523
    if (substr($ret, strlen($ret) - 1, 1) == '-') {
524
        $ret = substr($ret, 0, strlen($ret) - 1);
525
    }
526
527
    return $ret;
528
}
529
530
531
/**
532
 * @return string
533
 */
534
function writeLicenseKey()
535
{
536
    return xoPutLicenseKey(xoBuildLicenceKey(), XOOPS_VAR_PATH . '/data/license.php', __DIR__ . '/license.dist.php');
537
}
538