Issues in ratenews.php - All Issues - Inspection of "Fix issue 19" - XoopsModules25x/news - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#20)

by Michael

created 2017-11-05 06:37 UTC

ratenews.php (4 issues)

Labels

Duplication 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright      {@link https://xoops.org/ XOOPS Project}
 * @license        {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @package
 * @since
 * @author         XOOPS Development Team
 */

/*
 * Enable users to note a news
 *
 * This page is called from the page "article.php" and "index.php", it
 * enables users to vote for a news, according to the module's option named
 * "ratenews". This code is *heavily* based on the file "ratefile.php" from
 * the mydownloads module.
 * Possible hack : Enable only registred users to vote
 * Notes :
 *          Anonymous users can only vote 1 time per day (except if their IP change)
 *          Author's can't vote for their own news
 *          Registred users can only vote one time
 *
 * @package News
 * @author Xoops Modules Dev Team
 * @copyright   (c) XOOPS Project (https://xoops.org)
 *
 * Parameters received by this page :
 * @page_param  int     storyid Id of the story we are going to vote for
 * @page_param  string  submit  The submit button of the rating form
 * @page_param  int     rating  User's rating
 *
 * @page_title          Story's title - "Rate this news" - Module's name
 *
 * @template_name       news_ratenews.html
 *
 * Template's variables :
 * @template_var    string  lang_voteonce   Fixed text "Please do not vote for the same resource more than once."
 * @template_var    string  lang_ratingscale    Fixed text "The scale is 1 - 10, with 1 being poor and 10 being excellent."
 * @template_var    string  lang_beobjective    Fixed text "Please be objective, if everyone receives a 1 or a 10, the ratings aren't very useful."
 * @template_var    string  lang_donotvote      Fixed text "Do not vote for your own resource."
 * @template_var    string  lang_rateit         Fixed text "Rate It!"
 * @template_var    string  lang_cancel         Fixed text "Cancel"
 * @template_var    array   news                Contains some information about the story
 *                                  Structure :
 * @template_var                    int     storyid     Story's ID
 * @template_var                    string  title       story's title
 */

require_once __DIR__ . '/header.php';
require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
require_once XOOPS_ROOT_PATH . '/modules/news/class/utility.php';
require_once XOOPS_ROOT_PATH . '/modules/news/class/class.newsstory.php';
require_once XOOPS_ROOT_PATH . '/modules/news/config.php';
$myts = MyTextSanitizer::getInstance();

// Verify the perms
// 1) Is the vote activated in the module ?
$ratenews = NewsUtility::getModuleOption('ratenews');
if (!$ratenews) {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
}

// Limit rating by registred users
if ($cfg['config_rating_registred_only']) {
    if (!isset($xoopsUser) || !is_object($xoopsUser)) {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
    }
}

// 2) Is the story published ?
$storyid = 0;
if (isset($_GET['storyid'])) {

    $storyid = (int)$_GET['storyid'];
} else {
    if (isset($_POST['storyid'])) {
        $storyid = (int)$_POST['storyid'];
    }
}

if (!empty($storyid)) {
    $article = new NewsStory($storyid);
    if (0 == $article->published() || $article->published() > time()) {

        redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
    }

    // Expired
    if (0 != $article->expired() && $article->expired() < time()) {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
    }
} else {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
}

// 3) Does the user can see this news ? If he can't see it, he can't vote for
$gpermHandler = xoops_getHandler('groupperm');
if (is_object($xoopsUser)) {
    $groups = $xoopsUser->getGroups();
} else {
    $groups = XOOPS_GROUP_ANONYMOUS;
}
if (!$gpermHandler->checkRight('news_view', $article->topicid(), $groups, $xoopsModule->getVar('mid'))) {
    redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
}

if (!empty($_POST['submit'])) { // The form was submited
    $eh = new ErrorHandler; //ErrorHandler object
    if (!is_object($xoopsUser)) {
        $ratinguser = 0;
    } else {
        $ratinguser = $xoopsUser->getVar('uid');
    }

    //Make sure only 1 anonymous from an IP in a single day.
    $anonwaitdays = 1;
    $ip           = getenv('REMOTE_ADDR');
    $storyid      = (int)$_POST['storyid'];
    $rating       = (int)$_POST['rating'];

    // Check if Rating is Null
    if ('--' == $rating) {
        redirect_header(XOOPS_URL . '/modules/news/ratenews.php?storyid=' . $storyid, 4, _NW_NORATING);
    }

    if ($rating < 1 || $rating > 10) {
        die(_ERRORS);
    }

    // Check if News POSTER is voting (UNLESS Anonymous users allowed to post)
    if (0 != $ratinguser) {
        $result = $xoopsDB->query('SELECT uid FROM ' . $xoopsDB->prefix('news_stories') . " WHERE storyid=$storyid");
        while (list($ratinguserDB) = $xoopsDB->fetchRow($result)) {

            if ($ratinguserDB == $ratinguser) {
                redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_CANTVOTEOWN);
            }
        }

        // Check if REG user is trying to vote twice.
        $result = $xoopsDB->query('SELECT ratinguser FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid");
        while (list($ratinguserDB) = $xoopsDB->fetchRow($result)) {

            if ($ratinguserDB == $ratinguser) {
                redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
            }
        }
    } else {
        // Check if ANONYMOUS user is trying to vote more than once per day.
        $yesterday = (time() - (86400 * $anonwaitdays));
        $result    = $xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid AND ratinguser=0 AND ratinghostname = '$ip'  AND ratingtimestamp > $yesterday");
        list($anonvotecount) = $xoopsDB->fetchRow($result);
        if ($anonvotecount >= 1) {
            redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
        }
    }

    //All is well.  Add to Line Item Rate to DB.
    $newid    = $xoopsDB->genId($xoopsDB->prefix('news_stories_votedata') . '_ratingid_seq');
    $datetime = time();
    $sql      = sprintf("INSERT INTO %s (ratingid, storyid, ratinguser, rating, ratinghostname, ratingtimestamp) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('news_stories_votedata'), $newid, $storyid, $ratinguser, $rating, $ip, $datetime);
    $xoopsDB->query($sql) || ErrorHandler::show('0013');

    //All is well.  Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
    NewsUtility::updateRating($storyid);
    $ratemessage = _NW_VOTEAPPRE . '<br>' . sprintf(_NW_THANKYOU, $xoopsConfig['sitename']);
    redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, $ratemessage);
} else { // Display the form to vote
    $GLOBALS['xoopsOption']['template_main'] = 'news_ratenews.tpl';
    require_once XOOPS_ROOT_PATH . '/header.php';
    $news = null;
    $news = new NewsStory($storyid);
    if (is_object($news)) {
        $title = $news->title('Show');
    } else {
        redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _ERRORS);
    }
    $xoopsTpl->assign('advertisement', NewsUtility::getModuleOption('advertisement'));
    $xoopsTpl->assign('news', ['storyid' => $storyid, 'title' => $title]);
    $xoopsTpl->assign('lang_voteonce', _NW_VOTEONCE);
    $xoopsTpl->assign('lang_ratingscale', _NW_RATINGSCALE);
    $xoopsTpl->assign('lang_beobjective', _NW_BEOBJECTIVE);
    $xoopsTpl->assign('lang_donotvote', _NW_DONOTVOTE);
    $xoopsTpl->assign('lang_rateit', _NW_RATEIT);
    $xoopsTpl->assign('lang_cancel', _CANCEL);
    $xoopsTpl->assign('xoops_pagetitle', $title . ' - ' . _NW_RATETHISNEWS . ' - ' . $xoopsModule->name('s'));
    NewsUtility::createMetaDatas();
    require_once XOOPS_ROOT_PATH . '/footer.php';
}
require_once XOOPS_ROOT_PATH . '/footer.php';


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link https://xoops.org/ XOOPS Project}
14		* @license {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15		* @package
16		* @since
17		* @author XOOPS Development Team
18		*/
19
20		/*
21		* Enable users to note a news
22		*
23		* This page is called from the page "article.php" and "index.php", it
24		* enables users to vote for a news, according to the module's option named
25		* "ratenews". This code is heavily based on the file "ratefile.php" from
26		* the mydownloads module.
27		* Possible hack : Enable only registred users to vote
28		* Notes :
29		* Anonymous users can only vote 1 time per day (except if their IP change)
30		* Author's can't vote for their own news
31		* Registred users can only vote one time
32		*
33		* @package News
34		* @author Xoops Modules Dev Team
35		* @copyright (c) XOOPS Project (https://xoops.org)
36		*
37		* Parameters received by this page :
38		* @page_param int storyid Id of the story we are going to vote for
39		* @page_param string submit The submit button of the rating form
40		* @page_param int rating User's rating
41		*
42		* @page_title Story's title - "Rate this news" - Module's name
43		*
44		* @template_name news_ratenews.html
45		*
46		* Template's variables :
47		* @template_var string lang_voteonce Fixed text "Please do not vote for the same resource more than once."
48		* @template_var string lang_ratingscale Fixed text "The scale is 1 - 10, with 1 being poor and 10 being excellent."
49		* @template_var string lang_beobjective Fixed text "Please be objective, if everyone receives a 1 or a 10, the ratings aren't very useful."
50		* @template_var string lang_donotvote Fixed text "Do not vote for your own resource."
51		* @template_var string lang_rateit Fixed text "Rate It!"
52		* @template_var string lang_cancel Fixed text "Cancel"
53		* @template_var array news Contains some information about the story
54		* Structure :
55		* @template_var int storyid Story's ID
56		* @template_var string title story's title
57		*/
58
59		require_once __DIR__ . '/header.php';
60		require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
61		require_once XOOPS_ROOT_PATH . '/modules/news/class/utility.php';
62		require_once XOOPS_ROOT_PATH . '/modules/news/class/class.newsstory.php';
63		require_once XOOPS_ROOT_PATH . '/modules/news/config.php';
64		$myts = MyTextSanitizer::getInstance();
65
66		// Verify the perms
67		// 1) Is the vote activated in the module ?
68		$ratenews = NewsUtility::getModuleOption('ratenews');
69		if (!$ratenews) {
70		redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
71		}
72
73		// Limit rating by registred users
74		if ($cfg['config_rating_registred_only']) {
75		if (!isset($xoopsUser) \|\| !is_object($xoopsUser)) {
76		redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
77		}
78		}
79
80		// 2) Is the story published ?
81		$storyid = 0;
82	View Code Duplication	if (isset($_GET['storyid'])) {
		0 ignored issues – show Duplication introduced 2016-01-18 10:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
83		$storyid = (int)$_GET['storyid'];
84		} else {
85		if (isset($_POST['storyid'])) {
86		$storyid = (int)$_POST['storyid'];
87		}
88		}
89
90		if (!empty($storyid)) {
91		$article = new NewsStory($storyid);
92	View Code Duplication	if (0 == $article->published() \|\| $article->published() > time()) {
		0 ignored issues – show Duplication introduced 2016-01-18 10:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
93		redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
94		}
95
96		// Expired
97		if (0 != $article->expired() && $article->expired() < time()) {
98		redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
99		}
100		} else {
101		redirect_header(XOOPS_URL . '/modules/news/index.php', 2, _NW_NOSTORY);
102		}
103
104		// 3) Does the user can see this news ? If he can't see it, he can't vote for
105		$gpermHandler = xoops_getHandler('groupperm');
106		if (is_object($xoopsUser)) {
107		$groups = $xoopsUser->getGroups();
108		} else {
109		$groups = XOOPS_GROUP_ANONYMOUS;
110		}
111		if (!$gpermHandler->checkRight('news_view', $article->topicid(), $groups, $xoopsModule->getVar('mid'))) {
112		redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _NOPERM);
113		}
114
115		if (!empty($_POST['submit'])) { // The form was submited
116		$eh = new ErrorHandler; //ErrorHandler object
117		if (!is_object($xoopsUser)) {
118		$ratinguser = 0;
119		} else {
120		$ratinguser = $xoopsUser->getVar('uid');
121		}
122
123		//Make sure only 1 anonymous from an IP in a single day.
124		$anonwaitdays = 1;
125		$ip = getenv('REMOTE_ADDR');
126		$storyid = (int)$_POST['storyid'];
127		$rating = (int)$_POST['rating'];
128
129		// Check if Rating is Null
130		if ('--' == $rating) {
131		redirect_header(XOOPS_URL . '/modules/news/ratenews.php?storyid=' . $storyid, 4, _NW_NORATING);
132		}
133
134		if ($rating < 1 \|\| $rating > 10) {
135		die(_ERRORS);
136		}
137
138		// Check if News POSTER is voting (UNLESS Anonymous users allowed to post)
139		if (0 != $ratinguser) {
140		$result = $xoopsDB->query('SELECT uid FROM ' . $xoopsDB->prefix('news_stories') . " WHERE storyid=$storyid");
141	View Code Duplication	while (list($ratinguserDB) = $xoopsDB->fetchRow($result)) {
		0 ignored issues – show Duplication introduced 2016-01-18 10:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
142		if ($ratinguserDB == $ratinguser) {
143		redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_CANTVOTEOWN);
144		}
145		}
146
147		// Check if REG user is trying to vote twice.
148		$result = $xoopsDB->query('SELECT ratinguser FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid");
149	View Code Duplication	while (list($ratinguserDB) = $xoopsDB->fetchRow($result)) {
		0 ignored issues – show Duplication introduced 2016-01-18 10:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
150		if ($ratinguserDB == $ratinguser) {
151		redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
152		}
153		}
154		} else {
155		// Check if ANONYMOUS user is trying to vote more than once per day.
156		$yesterday = (time() - (86400 * $anonwaitdays));
157		$result = $xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('news_stories_votedata') . " WHERE storyid=$storyid AND ratinguser=0 AND ratinghostname = '$ip' AND ratingtimestamp > $yesterday");
158		list($anonvotecount) = $xoopsDB->fetchRow($result);
159		if ($anonvotecount >= 1) {
160		redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, _NW_VOTEONCE);
161		}
162		}
163
164		//All is well. Add to Line Item Rate to DB.
165		$newid = $xoopsDB->genId($xoopsDB->prefix('news_stories_votedata') . '_ratingid_seq');
166		$datetime = time();
167		$sql = sprintf("INSERT INTO %s (ratingid, storyid, ratinguser, rating, ratinghostname, ratingtimestamp) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('news_stories_votedata'), $newid, $storyid, $ratinguser, $rating, $ip, $datetime);
168		$xoopsDB->query($sql) \|\| ErrorHandler::show('0013');
169
170		//All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
171		NewsUtility::updateRating($storyid);
172		$ratemessage = _NW_VOTEAPPRE . '<br>' . sprintf(_NW_THANKYOU, $xoopsConfig['sitename']);
173		redirect_header(XOOPS_URL . '/modules/news/article.php?storyid=' . $storyid, 4, $ratemessage);
174		} else { // Display the form to vote
175		$GLOBALS['xoopsOption']['template_main'] = 'news_ratenews.tpl';
176		require_once XOOPS_ROOT_PATH . '/header.php';
177		$news = null;
178		$news = new NewsStory($storyid);
179		if (is_object($news)) {
180		$title = $news->title('Show');
181		} else {
182		redirect_header(XOOPS_URL . '/modules/news/index.php', 3, _ERRORS);
183		}
184		$xoopsTpl->assign('advertisement', NewsUtility::getModuleOption('advertisement'));
185		$xoopsTpl->assign('news', ['storyid' => $storyid, 'title' => $title]);
186		$xoopsTpl->assign('lang_voteonce', _NW_VOTEONCE);
187		$xoopsTpl->assign('lang_ratingscale', _NW_RATINGSCALE);
188		$xoopsTpl->assign('lang_beobjective', _NW_BEOBJECTIVE);
189		$xoopsTpl->assign('lang_donotvote', _NW_DONOTVOTE);
190		$xoopsTpl->assign('lang_rateit', _NW_RATEIT);
191		$xoopsTpl->assign('lang_cancel', _CANCEL);
192		$xoopsTpl->assign('xoops_pagetitle', $title . ' - ' . _NW_RATETHISNEWS . ' - ' . $xoopsModule->name('s'));
193		NewsUtility::createMetaDatas();
194		require_once XOOPS_ROOT_PATH . '/footer.php';
195		}
196		require_once XOOPS_ROOT_PATH . '/footer.php';
197

XoopsModules25x / news

Pull Request — master (#20)

ratenews.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like