Issues in ratenews.php - All Issues - Inspection of "Updates for XOOPS 2.5.12" - XoopsModules25x/news - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#41)

by Michael

created 2025-01-19 03:52 UTC

ratenews.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php declare(strict_types=1);
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright      {@link https://xoops.org/ XOOPS Project}
 * @license        {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @author         XOOPS Development Team
 */

/*
 * Enable users to note a news
 *
 * This page is called from the page "article.php" and "index.php", it
 * enables users to vote for a news, according to the module's option named
 * "ratenews". This code is *heavily* based on the file "ratefile.php" from
 * the mydownloads module.
 * Possible hack : Enable only registred users to vote
 * Notes :
 *          Anonymous users can only vote 1 time per day (except if their IP change)
 *          Author's can't vote for their own news
 *          Registred users can only vote one time
 *
 * @package News
 * @author Xoops Modules Dev Team
 * @copyright   (c) XOOPS Project (https://xoops.org)
 *
 * Parameters received by this page :
 * @page_param  int     storyid Id of the story we are going to vote for
 * @page_param  string  submit  The submit button of the rating form
 * @page_param  int     rating  User's rating
 *
 * @page_title          Story's title - "Rate this news" - Module's name
 *
 * @template_name       news_ratenews.html
 *
 * Template's variables :
 * @template_var    string  lang_voteonce   Fixed text "Please do not vote for the same resource more than once."
 * @template_var    string  lang_ratingscale    Fixed text "The scale is 1 - 10, with 1 being poor and 10 being excellent."
 * @template_var    string  lang_beobjective    Fixed text "Please be objective, if everyone receives a 1 or a 10, the ratings aren't very useful."
 * @template_var    string  lang_donotvote      Fixed text "Do not vote for your own resource."
 * @template_var    string  lang_rateit         Fixed text "Rate It!"
 * @template_var    string  lang_cancel         Fixed text "Cancel"
 * @template_var    array   news                Contains some information about the story
 *                                  Structure :
 * @template_var                    int     storyid     Story's ID
 * @template_var                    string  title       story's title
 */

use Xmf\Request;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use XoopsModules\News\{
    NewsStory,
    Utility
};

require_once __DIR__ . '/header.php';
require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
// require_once XOOPS_ROOT_PATH . '/modules/news/class/class.newsstory.php';
require_once XOOPS_ROOT_PATH . '/modules/news/config.php';
$myts = \MyTextSanitizer::getInstance();

// Verify the perms
// 1) Is the vote activated in the module ?
$ratenews = Utility::getModuleOption('ratenews');
if (!$ratenews) {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
}

// Limit rating by registred users
if ($cfg['config_rating_registred_only']) {
    if (!isset($xoopsUser) || !is_object($xoopsUser)) {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
    }
}

// 2) Is the story published ?
$storyid = 0;
if (Request::hasVar('storyid', 'GET')) {
    $storyid = Request::getInt('storyid', 0, 'GET');
} elseif (Request::hasVar('storyid', 'POST')) {
    $storyid = Request::getInt('storyid', 0, 'POST');
}

if (!empty($storyid)) {
    $article = new NewsStory($storyid);
    if (0 == $article->published() || $article->published() > time()) {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
    }

    // Expired
    if (0 != $article->expired() && $article->expired() < time()) {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
    }
} else {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
}

// 3) Can the user see this news? If they can't see it, they can't vote for it
/** @var \XoopsGroupPermHandler $grouppermHandler */
$grouppermHandler = xoops_getHandler('groupperm');
if (is_object($xoopsUser)) {
    $groups = $xoopsUser->getGroups();
} else {
    $groups = XOOPS_GROUP_ANONYMOUS;
}
if (!$grouppermHandler->checkRight('news_view', $article->topicid(), $groups, $xoopsModule->getVar('mid'))) {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
}

if (!empty($_POST['submit'])) { // The form was submited
    $eh = new ErrorHandler(); //ErrorHandler object
    if (is_object($xoopsUser)) {
        $ratinguser = $xoopsUser->getVar('uid');
    } else {
        $ratinguser = 0;
    }

    //Make sure only 1 anonymous from an IP in a single day.
    $anonwaitdays = 1;
    $ip           = getenv('REMOTE_ADDR');
    $storyid      = Request::getInt('storyid', 0, 'POST');
    $rating       = Request::getInt('rating', 0, 'POST');

    // Check if Rating is Null
    if ('--' == $rating) {
        redirect_header(XOOPS_URL . '/modules/news/ratenews.php?storyid=' . $storyid, 4, _NW_NORATING);
    }

    if ($rating < 1 || $rating > 10) {
        exit(_ERRORS);
    }

    // Check if News POSTER is voting (UNLESS Anonymous users allowed to post)
    if (0 != $ratinguser) {
        $sql = 'SELECT uid FROM ' . $xoopsDB->prefix('news_stories') . " WHERE storyid=$storyid";
        $result = Utility::queryAndCheck($xoopsDB, $sql);
        while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
            if ($ratinguserDB == $ratinguser) {
                redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_CANTVOTEOWN);
            }
        }

        // Check if REG user is trying to vote twice.
        $sql = 'SELECT ratinguser FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid";
        $result = Utility::queryAndCheck($xoopsDB, $sql);
        while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
            if ($ratinguserDB == $ratinguser) {
                redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
            }
        }
    } else {
        // Check if ANONYMOUS user is trying to vote more than once per day.
//        $yesterday = (time() - (86400 * $anonwaitdays));
        $date = new \DateTime();
        $date->sub(new \DateInterval("P{$anonwaitdays}D"));
        $yesterday = $date->getTimestamp();



        $sql    = 'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid AND ratinguser=0 AND ratinghostname = '$ip'  AND ratingtimestamp > $yesterday";
        $result = Utility::queryAndCheck($xoopsDB, $sql);
        [$anonvotecount] = $xoopsDB->fetchRow($result);
        if ($anonvotecount >= 1) {
            redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
        }
    }

    //All is well.  Add to Line Item Rate to DB.
    $newid    = $xoopsDB->genId($xoopsDB->prefix('news_stories_votedata') . '_ratingid_seq');
    $datetime = time();
    $sql      = sprintf("INSERT INTO `%s` (ratingid, storyid, ratinguser, rating, ratinghostname, ratingtimestamp) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('news_stories_votedata'), $newid, $storyid, $ratinguser, $rating, $ip, $datetime);
    // $xoopsDB->query($sql) || ErrorHandler::show('0013');
    $xoopsDB->query($sql) or trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);

    //All is well.  Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
    Utility::updateRating($storyid);
    $ratemessage = _NW_VOTEAPPRE . '<br>' . sprintf(_NW_THANKYOU, $xoopsConfig['sitename']);
    redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, $ratemessage);
} else { // Display the form to vote
    $GLOBALS['xoopsOption']['template_main'] = 'news_ratenews.tpl';
    require_once XOOPS_ROOT_PATH . '/header.php';
    $news = null;
    $news = new NewsStory($storyid);
    if (is_object($news)) {
        $title = $news->title('Show');
    } else {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _ERRORS);
    }
    $xoopsTpl->assign('advertisement', Utility::getModuleOption('advertisement'));
    $xoopsTpl->assign('news', ['storyid' => $storyid, 'title' => $title]);
    $xoopsTpl->assign('lang_voteonce', _NW_VOTEONCE);
    $xoopsTpl->assign('lang_ratingscale', _NW_RATINGSCALE);
    $xoopsTpl->assign('lang_beobjective', _NW_BEOBJECTIVE);
    $xoopsTpl->assign('lang_donotvote', _NW_DONOTVOTE);
    $xoopsTpl->assign('lang_rateit', _NW_RATEIT);
    $xoopsTpl->assign('lang_cancel', _CANCEL);
    $xoopsTpl->assign('xoops_pagetitle', $title . ' - ' . _NW_RATETHISNEWS . ' - ' . $xoopsModule->name('s'));
    Utility::createMetaDatas();
    require_once XOOPS_ROOT_PATH . '/footer.php';
}
require_once XOOPS_ROOT_PATH . '/footer.php';


1			<?php declare(strict_types=1);
2			/*
3			* You may not change or alter any portion of this comment or credits
4			* of supporting developers from this source code or any supporting source code
5			* which is considered copyrighted (c) material of the original comment or credit authors.
6			*
7			* This program is distributed in the hope that it will be useful,
8			* but WITHOUT ANY WARRANTY; without even the implied warranty of
9			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* @copyright {@link https://xoops.org/ XOOPS Project}
14			* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15			* @author XOOPS Development Team
16			*/
17
18			/*
19			* Enable users to note a news
20			*
21			* This page is called from the page "article.php" and "index.php", it
22			* enables users to vote for a news, according to the module's option named
23			* "ratenews". This code is heavily based on the file "ratefile.php" from
24			* the mydownloads module.
25			* Possible hack : Enable only registred users to vote
26			* Notes :
27			* Anonymous users can only vote 1 time per day (except if their IP change)
28			* Author's can't vote for their own news
29			* Registred users can only vote one time
30			*
31			* @package News
32			* @author Xoops Modules Dev Team
33			* @copyright (c) XOOPS Project (https://xoops.org)
34			*
35			* Parameters received by this page :
36			* @page_param int storyid Id of the story we are going to vote for
37			* @page_param string submit The submit button of the rating form
38			* @page_param int rating User's rating
39			*
40			* @page_title Story's title - "Rate this news" - Module's name
41			*
42			* @template_name news_ratenews.html
43			*
44			* Template's variables :
45			* @template_var string lang_voteonce Fixed text "Please do not vote for the same resource more than once."
46			* @template_var string lang_ratingscale Fixed text "The scale is 1 - 10, with 1 being poor and 10 being excellent."
47			* @template_var string lang_beobjective Fixed text "Please be objective, if everyone receives a 1 or a 10, the ratings aren't very useful."
48			* @template_var string lang_donotvote Fixed text "Do not vote for your own resource."
49			* @template_var string lang_rateit Fixed text "Rate It!"
50			* @template_var string lang_cancel Fixed text "Cancel"
51			* @template_var array news Contains some information about the story
52			* Structure :
53			* @template_var int storyid Story's ID
54			* @template_var string title story's title
55			*/
56
57			use Xmf\Request;
			0 ignored issues – show Bug introduced 2025-01-16 11:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Request`. Consider defining an alias. Let?s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let?s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
58			use XoopsModules\News\{
59			NewsStory,
60			Utility
61			};
62
63			require_once __DIR__ . '/header.php';
64			require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
65			// require_once XOOPS_ROOT_PATH . '/modules/news/class/class.newsstory.php';
66			require_once XOOPS_ROOT_PATH . '/modules/news/config.php';
67			$myts = \MyTextSanitizer::getInstance();
68
69			// Verify the perms
70			// 1) Is the vote activated in the module ?
71			$ratenews = Utility::getModuleOption('ratenews');
72			if (!$ratenews) {
73			redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
74			}
75
76			// Limit rating by registred users
77			if ($cfg['config_rating_registred_only']) {
78			if (!isset($xoopsUser) \|\| !is_object($xoopsUser)) {
79			redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
80			}
81			}
82
83			// 2) Is the story published ?
84			$storyid = 0;
85			if (Request::hasVar('storyid', 'GET')) {
86			$storyid = Request::getInt('storyid', 0, 'GET');
87			} elseif (Request::hasVar('storyid', 'POST')) {
88			$storyid = Request::getInt('storyid', 0, 'POST');
89			}
90
91			if (!empty($storyid)) {
92			$article = new NewsStory($storyid);
93			if (0 == $article->published() \|\| $article->published() > time()) {
94			redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
95			}
96
97			// Expired
98			if (0 != $article->expired() && $article->expired() < time()) {
99			redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
100			}
101			} else {
102			redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
103			}
104
105			// 3) Can the user see this news? If they can't see it, they can't vote for it
106			/** @var \XoopsGroupPermHandler $grouppermHandler */
107			$grouppermHandler = xoops_getHandler('groupperm');
108			if (is_object($xoopsUser)) {
109			$groups = $xoopsUser->getGroups();
110			} else {
111			$groups = XOOPS_GROUP_ANONYMOUS;
112			}
113			if (!$grouppermHandler->checkRight('news_view', $article->topicid(), $groups, $xoopsModule->getVar('mid'))) {
114			redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
115			}
116
117			if (!empty($_POST['submit'])) { // The form was submited
118			$eh = new ErrorHandler(); //ErrorHandler object
119			if (is_object($xoopsUser)) {
120			$ratinguser = $xoopsUser->getVar('uid');
121			} else {
122			$ratinguser = 0;
123			}
124
125			//Make sure only 1 anonymous from an IP in a single day.
126			$anonwaitdays = 1;
127			$ip = getenv('REMOTE_ADDR');
128			$storyid = Request::getInt('storyid', 0, 'POST');
129			$rating = Request::getInt('rating', 0, 'POST');
130
131			// Check if Rating is Null
132			if ('--' == $rating) {
133			redirect_header(XOOPS_URL . '/modules/news/ratenews.php?storyid=' . $storyid, 4, _NW_NORATING);
134			}
135
136			if ($rating < 1 \|\| $rating > 10) {
137			exit(_ERRORS);
138			}
139
140			// Check if News POSTER is voting (UNLESS Anonymous users allowed to post)
141			if (0 != $ratinguser) {
142			$sql = 'SELECT uid FROM ' . $xoopsDB->prefix('news_stories') . " WHERE storyid=$storyid";
143			$result = Utility::queryAndCheck($xoopsDB, $sql);
144			while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
145			if ($ratinguserDB == $ratinguser) {
146			redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_CANTVOTEOWN);
147			}
148			}
149
150			// Check if REG user is trying to vote twice.
151			$sql = 'SELECT ratinguser FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid";
152			$result = Utility::queryAndCheck($xoopsDB, $sql);
153			while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
154			if ($ratinguserDB == $ratinguser) {
155			redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
156			}
157			}
158			} else {
159			// Check if ANONYMOUS user is trying to vote more than once per day.
160			// $yesterday = (time() - (86400 * $anonwaitdays));
161			$date = new \DateTime();
162			$date->sub(new \DateInterval("P{$anonwaitdays}D"));
163			$yesterday = $date->getTimestamp();
164
165
166
167			$sql = 'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid AND ratinguser=0 AND ratinghostname = '$ip' AND ratingtimestamp > $yesterday";
168			$result = Utility::queryAndCheck($xoopsDB, $sql);
169			[$anonvotecount] = $xoopsDB->fetchRow($result);
170			if ($anonvotecount >= 1) {
171			redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
172			}
173			}
174
175			//All is well. Add to Line Item Rate to DB.
176			$newid = $xoopsDB->genId($xoopsDB->prefix('news_stories_votedata') . '_ratingid_seq');
177			$datetime = time();
178			$sql = sprintf("INSERT INTO `%s` (ratingid, storyid, ratinguser, rating, ratinghostname, ratingtimestamp) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('news_stories_votedata'), $newid, $storyid, $ratinguser, $rating, $ip, $datetime);
179			// $xoopsDB->query($sql) \|\| ErrorHandler::show('0013');
180			$xoopsDB->query($sql) or trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
181
182			//All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
183			Utility::updateRating($storyid);
184			$ratemessage = _NW_VOTEAPPRE . '<br>' . sprintf(_NW_THANKYOU, $xoopsConfig['sitename']);
185			redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, $ratemessage);
186			} else { // Display the form to vote
187			$GLOBALS['xoopsOption']['template_main'] = 'news_ratenews.tpl';
188			require_once XOOPS_ROOT_PATH . '/header.php';
189			$news = null;
190			$news = new NewsStory($storyid);
191			if (is_object($news)) {
192			$title = $news->title('Show');
193			} else {
194			redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _ERRORS);
195			}
196			$xoopsTpl->assign('advertisement', Utility::getModuleOption('advertisement'));
197			$xoopsTpl->assign('news', ['storyid' => $storyid, 'title' => $title]);
198			$xoopsTpl->assign('lang_voteonce', _NW_VOTEONCE);
199			$xoopsTpl->assign('lang_ratingscale', _NW_RATINGSCALE);
200			$xoopsTpl->assign('lang_beobjective', _NW_BEOBJECTIVE);
201			$xoopsTpl->assign('lang_donotvote', _NW_DONOTVOTE);
202			$xoopsTpl->assign('lang_rateit', _NW_RATEIT);
203			$xoopsTpl->assign('lang_cancel', _CANCEL);
204			$xoopsTpl->assign('xoops_pagetitle', $title . ' - ' . _NW_RATETHISNEWS . ' - ' . $xoopsModule->name('s'));
205			Utility::createMetaDatas();
206			require_once XOOPS_ROOT_PATH . '/footer.php';
207			}
208			require_once XOOPS_ROOT_PATH . '/footer.php';
209

XoopsModules25x / news

Pull Request — master (#41)

ratenews.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like