XoopsModules\Smallworld\SwDatabase

Complexity

Total Complexity

100

Size/Duplication

Total Lines	746
Duplicated Lines	11.8 %

Coupling/Cohesion

Components	1
Dependencies	2

Importance

Changes

0

25 Methods

Rating	Name	Duplication	Size	Complexity
A	getJobsToDiv()	0	25	3
A	getSchoolToDiv()	0	24	3
A	getScreennamesToDiv()	0	29	3
A	saveImage()	7	7	1
A	deleteImage()	8	8	1
F	handlePosts()	0	165	15
A	setAdmins()	0	8	1
A	EditAdmins()	0	8	1
A	alreadycomplaint()	0	12	2
A	updateComplaint()	7	7	2
A	updateInspection()	0	9	2
A	handleImageEdit()	0	13	4
A	toogleFriendInvite()	9	18	5
A	toogleFollow()	0	15	4
A	setFriendshipStat()	6	16	6
A	deleteWallMsg()	0	12	4
A	deleteWallComment()	9	9	1
A	countUsersRates()	0	13	3
B	deleteAccount()	0	33	11
A	saveSettings()	0	15	2
A	getSettings()	0	25	3
A	getVar()	0	13	3
A	updateSingleValue()	0	8	1
B	SmallworldDeleteDirectory()	7	23	7
C	smallworld_remDir()	35	35	12

<?php

namespace XoopsModules\Smallworld;

/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

use Xmf\Request;
use XoopsModules\Smallworld\Constants;

/**
 * SmallWorld
 *
 * @package      \XoopsModules\SmallWorld
 * @copyright    The XOOPS Project (https://xoops.org)
 * @copyright    2011 Culex
 * @license      GNU GPL (https://www.gnu.org/licenses/gpl-2.0.html/)
 * @author       Michael Albertsen (http://culex.dk) <culex@culex.dk>
 * @link         https://github.com/XoopsModules25x/smallworld
 * @since        1.0
 */

/**
 *
 * SwDatabase to manage SW activity
 *
 */
class SwDatabase
{
    /**
     * getJobsToDiv method
     *
     * @todo switch to use SwUser class methods
     * @param int $id
     * @return array
     */
    public function getJobsToDiv($id)
    {
        $msg    = [];
        $sql    = 'SELECT employer,position,jobstart,jobstop,description  FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $id . "'";
        $result = $GLOBALS['xoopsDB']->query($sql);
        while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
            $employer    = unserialize($row['employer']);
            $position    = unserialize($row['position']);
            $jobstart    = unserialize($row['jobstart']);
            $jobstop     = unserialize($row['jobstop']);
            $description = unserialize($row['description']);
        }
        $start = 0;
        $end   = count($employer) - 1;

The variable $employer does not seem to be defined for all execution paths leading up to this point.

        while ($start <= $end) {
            $msg[$start]['employer']    = $employer[$start];
            $msg[$start]['position']    = $position[$start];

The variable $position does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['jobstart']    = $jobstart[$start];

The variable $jobstart does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['jobstop']     = $jobstop[$start];

The variable $jobstop does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['description'] = $description[$start];

The variable $description does not seem to be defined for all execution paths leading up to this point.

            ++$start;
        }

        return $msg;
    }

    /**
     * getSchoolToDiv function
     *
     * @param int $userId smallworld `userid`

There is no parameter named $userId. Was it maybe removed?

     * @return array
     */
    function getSchoolToDiv($id) 

It is generally recommended to explicitly declare the visibility for methods.

    {
        global $arr7;
        $msg=array();
        $sql = "SELECT school_type,school,schoolstart,schoolstop FROM "
            . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $id . "'";
        $result = $GLOBALS['xoopsDB']->query($sql);
        while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) { 
            $school_type = unserialize($row['school_type']);
            $school    = unserialize($row['school']);
            $schoolstart = unserialize($row['schoolstart']);
            $schoolstop = unserialize($row['schoolstop']);
        }
        $start = 0;
        $end = count($school_type) - 1;

The variable $school_type does not seem to be defined for all execution paths leading up to this point.

        while ($start<=$end) {
            $msg[$start]['school_type'] = $school_type[$start];
            $msg[$start]['school'] = $arr7[$school[$start]];

The variable $school does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['schoolstart'] = $schoolstart[$start];

The variable $schoolstart does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['schoolstop'] = $schoolstop[$start];

The variable $schoolstop does not seem to be defined for all execution paths leading up to this point.

            $start++;
        }
        return $msg;
    }

    /**
     * getScreennamesToDiv function
     *
     * @param int $userId smallworld `userid`
     * @return array
     */
    public function getScreennamesToDiv($userId)
    {
        global $arr06;
        $msg             = [];
        $screenname_type = [];
        $swUser = \XoopsModules\Smallworld\Helper::getInstance()->getHandler('SwUser')->getByUserId($userId);
        if ($swUser instanceof \XoopsModules\Smallworld\SwUser) {
            $screenname_type = $swUser->getVar('screenname_type');
            $screenname      = $swUser->getVar('screenname');
        }
        /*
        $sql    = 'SELECT screenname_type,screenname FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $userId . "'";
        $result = $GLOBALS['xoopsDB']->query($sql);
        while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
            $screenname_type = unserialize($row['screenname_type']);
            $screenname      = unserialize($row['screenname']);
        }
        */
        $start = 0;
        $end   = count($screenname_type);
        while ($start < $end) {
            $msg[$start]['screenname']      = $screenname_type[$start];
            $msg[$start]['screenname_type'] = $arr06[$screenname[$start]];

The variable $screenname does not seem to be defined for all execution paths leading up to this point.

            $msg[$start]['link']            = "<span class='smallworld_website'>" . smallworld_sociallinks($screenname[$start], $msg[$start]['screenname']);
            ++$start;
        }

        return $msg;
    }


    /**
     * getVar function   
     * @param int $id
     * @param string $var
     * @returns Array
     */   
    function getVar($id, $var)

The return type could not be reliably inferred; please add a @return annotation.

It is generally recommended to explicitly declare the visibility for methods.

    {
        global $xoopsUser, $xoopsDB;
        $sql = "SELECT ".$var." FROM ".$xoopsDB->prefix('smallworld_user')." WHERE userid = '".$id."'";
        $result = $xoopsDB->queryF($sql);
        if ($xoopsDB->getRowsNum($result) < 1) {
            return 0;//_SMALLWORLD_REPLY_NOTSPECIFIED;
        }
            while ($row = $xoopsDB->fetchArray($result)) { 
                $msg[$var] = $row[$var];

$msg was never initialized. Although not strictly required by PHP, it is generally a good practice to add $msg = array(); before regardless.

            }
            return $msg[$var];

The variable $msg does not seem to be defined for all execution paths leading up to this point.

    }
    

    /**
     * updateSingleValue function
     * @param string $table
     * @param int    $userid
     * @param string $field
     * @param int    $value
     */
    public function updateSingleValue($table, $userid, $field, $value)

The return type could not be reliably inferred; please add a @return annotation.

    {
        $myts   = \MyTextSanitizer::getInstance();
        $sql    = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix($table) . ' SET ' . $field . "='" . $myts->addSlashes($value) . "' WHERE userid='" . (int)$userid . "'";
        $result = $GLOBALS['xoopsDB']->queryF($sql);

        return $result;
    }

    /**
     * saveImage function
     * @param $values
     */
    public function saveImage($values)

The return type could not be reliably inferred; please add a @return annotation.

This method seems to be duplicated in your project.

    {
        $myts   = \MyTextSanitizer::getInstance();

$myts is not used, you could remove the assignment.

        $sql    = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . ' VALUES (' . $values . ')';
        $result = $GLOBALS['xoopsDB']->queryF($sql);
        return $result;
    }

    /**
     * DeleteImage function
     * @param int    $userid
     * @param string $imagename
     */
    public function deleteImage($userid, $imagename)

The return type could not be reliably inferred; please add a @return annotation.

This method seems to be duplicated in your project.

    {
        $myts   = \MyTextSanitizer::getInstance();

$myts is not used, you could remove the assignment.

        $sql    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " WHERE imgname = '" . stripslashes($imagename) . "' AND userid='" . (int)$userid . "'";
        $result = $GLOBALS['xoopsDB']->queryF($sql);

        return $result;
    }

    /**
     * handlePosts function
     */
    public function handlePosts()
    {
		$GLOBALS['xoopsLogger']->activated = false;
		if ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser'] instanceof \XoopsUser) {

The class XoopsUser does not exist. Did you forget a USE statement, or did you not list all dependencies?

            $uid = $GLOBALS['xoopsUser']->uid();

$uid is not used, you could remove the assignment.

        } else {
            return false;
        }
        $uid     = ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->uid() : 0;

The class XoopsUser does not exist. Did you forget a USE statement, or did you not list all dependencies?

        $img     = new Images;
        $avatar  = $this->getVar($uid, 'userimage');
        $partner = '';

        if (empty($avatar)) {
            $avatar = $GLOBALS['xoopsUser']->user_avatar();
        }
        if (Constants::RELATIONSHIP_SINGLE !== Request::getInt('relationship', Constants::RELATIONSHIP_COMPLICATED, 'POST')) {
            $partner = smallworld_sanitize($_POST['partner']);
        }

        $regdate                = time();
        $username               = $GLOBALS['xoopsUser']->uname();
        $realname               = smallworld_sanitize($_POST['realname']);
        $gender                 = Request::getInt('gender', Constants::GENDER_UNKNOWN, 'POST');
        $intingender            = isset($_POST['intingender']) ? smallworld_sanitize(serialize($_POST['intingender'])) : smallworld_sanitize(serialize([0 => '3']));
        $relationship           = smallworld_sanitize($_POST['relationship']);
        $searchrelat            = isset($_POST['searchrelat']) ? smallworld_sanitize(serialize($_POST['searchrelat'])) : smallworld_sanitize(serialize([0 => '0']));
        $birthday               = smallworld_sanitize(smallworld_euroToUsDate($_POST['birthday']));
        $birthplace             = smallworld_sanitize($_POST['birthplace']);
        $birthplace_lat         = smallworld_sanitize($_POST['birthplace_lat']);
        $birthplace_lng         = smallworld_sanitize($_POST['birthplace_lng']);
        $birthplace_country     = smallworld_sanitize($_POST['birthplace_country']);
        $birthplace_country_img = isset($_POST['birthplace_country_img']) ? smallworld_sanitize($_POST['birthplace_country_img']) : '';

$birthplace_country_img is not used, you could remove the assignment.

        $politic                = smallworld_sanitize($_POST['politic']);
        $religion               = smallworld_sanitize($_POST['religion']);
        $emailtype              = smallworld_sanitize(serialize($_POST['emailtype']));
        $screenname_type        = smallworld_sanitize(serialize($_POST['screenname_type']));
        $screenname             = smallworld_sanitize(serialize($_POST['screenname']));
        $mobile                 = smallworld_sanitize($_POST['mobile']);
        $phone                  = smallworld_sanitize($_POST['phone']);
        $adress                 = smallworld_sanitize($_POST['adress']);
        $present_city           = smallworld_sanitize($_POST['present_city']);
        $present_lat            = smallworld_sanitize($_POST['present_lat']);
        $present_lng            = smallworld_sanitize($_POST['present_lng']);
        $present_country        = smallworld_sanitize($_POST['present_country']);
        $present_country_img    = isset($_POST['present_country_img']) ? smallworld_sanitize($_POST['present_country_img']) : '';

$present_country_img is not used, you could remove the assignment.

        $website                = smallworld_sanitize($_POST['website']);
        $interests              = smallworld_sanitize($_POST['interests']);
        $music                  = smallworld_sanitize($_POST['music']);
        $tvshow                 = smallworld_sanitize($_POST['tvshow']);
        $movie                  = smallworld_sanitize($_POST['movie']);
        $books                  = smallworld_sanitize($_POST['books']);
        $aboutme                = smallworld_sanitize($_POST['aboutme']);
        $school_type            = smallworld_sanitize(serialize($_POST['school_type']));
        $school                 = smallworld_sanitize(serialize($_POST['school']));
        $schoolstart            = smallworld_sanitize(serialize($_POST['schoolstart']));
        $schoolstop             = smallworld_sanitize(serialize($_POST['schoolstop']));
        $jobemployer            = smallworld_sanitize(serialize($_POST['employer']));
        $jobposition            = smallworld_sanitize(serialize($_POST['position']));
        $jobstart               = smallworld_sanitize(serialize(smallworld_YearOfArray($_POST['jobstart'])));
        $jobstop                = smallworld_sanitize(serialize(smallworld_YearOfArray($_POST['jobstop'])));
        $jobdescription         = smallworld_sanitize(serialize($_POST['description']));

        $swUserHandler = \XoopsModules\Smallworld\Helper::getInstance()->getHandler('SwUser');

$swUserHandler is not used, you could remove the assignment.

        //@todo find better way to terminate routine than just 'die' on error(s)
        if ('edit' === $_POST['function']) {
            /*
			$swUserObj = $swUserHandler->get($uid);
            if (!$swUserObj instanceof \XoopsModules\Smallworld\SwUser) {
                return;
            }
            $swUserObj->setVars([
                'realname'           => $realname,
                'username'           => $username,
                'userimage'          => $avatar,
                'gender'             => $gender,
                'intingender'        => $intingender,
                'relationship'       => $relationship,
                'partner'            => $partner,
                'searchrelat'        => $searchrelat,
                'birthday'           => $birthday,
                'birthplace'         => $birthplace,
                'birthplace_lat'     => (float)$birthplace_lat,
                'birthplace_lng'     => (float)$birthplace_lng,
                'birthplace_country' => $birthplace_country,
                'politic'            => $politic,
                'religion'           => $religion,
                'emailtype'          => $emailtype,
                'screenname_type'    => $screenname_type,
                'screenname'         => $screenname,
                'mobile'             => (float)$mobile,
                'phone'              => (float)$phone,
                'adress'             => $adress,
                'present_city'       =>  $present_city,
                'present_lat'        => (float)$present_lat,
                'present_lng'        => (float)$present_lng,
                'present_country'    => $present_country,
                'website'            => $website,
                'interests'          => $interests,
                'music'              => $music,
                'tvshow'             => $tvshow,
                'movie'              => $movie,
                'books'              => $books,
                'aboutme'            => $aboutme,
                'school_type'        => $school_type,
                'school'             => $school,
                'schoolstart'        => $schoolstart,
                'schoolstop'         => $schoolstop,
                'employer'           => $jobemployer,
                'position'           => $jobposition,
                'jobstart'           => $jobstart,
                'jobstop'            => $jobstop,
                'description'        => $jobdescription
            ]);
            $result = $swUserHandler->insert($swUserObj);
            if (false === $result) {
                die('Failed inserting User');
            }
            */
			
            // Update all values in user_table
            $sql    = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . ' SET ';
            $sql    .= "realname = '" . $realname . "', username= '" . $username . "', userimage = '" . $avatar . "', gender = '" . $gender . "',";
            $sql    .= "intingender = '" . $intingender . "',relationship = '" . $relationship . "', partner = '" . $partner . "', searchrelat = '" . $searchrelat . "',";
            $sql    .= "birthday = '" . $birthday . "',birthplace = '" . $birthplace . "',birthplace_lat = '" . (float)$birthplace_lat . "',";
            $sql    .= "birthplace_lng = '" . (float)$birthplace_lng . "',birthplace_country = '" . $birthplace_country . "',politic = '" . $politic . "',";
            $sql    .= "religion = '" . $religion . "',emailtype = '" . $emailtype . "',screenname_type = '" . $screenname_type . "',";
            $sql    .= "screenname = '" . $screenname . "',mobile = '" . (float)$mobile . "',phone = '" . (float)$phone . "',adress = '" . $adress . "',";
            $sql    .= "present_city = '" . $present_city . "',present_lat = '" . (float)$present_lat . "',present_lng = '" . (float)$present_lng . "',";
            $sql    .= "present_country = '" . $present_country . "',website = '" . $website . "',interests = '" . $interests . "',";
            $sql    .= "music = '" . $music . "',tvshow = '" . $tvshow . "',movie = '" . $movie . "',";
            $sql    .= "books = '" . $books . "',aboutme = '" . $aboutme . "',school_type = '" . $school_type . "',";
            $sql    .= "school = '" . $school . "', schoolstart = '" . $schoolstart . "',schoolstop = '" . $schoolstop . "',";
            $sql    .= "employer = '" . $jobemployer . "', position = '" . $jobposition . "',jobstart = '" . $jobstart . "',";
            $sql    .= "jobstop = '" . $jobstop . "', description = '" . $jobdescription . "' ";
            $sql    .= "WHERE userid ='" . (int)$uid . "'";
            $result = $GLOBALS['xoopsDB']->queryF($sql);
            if (false === $result) {
                die('SQL error:' . $sql . '');
            }
            
            $this->EditAdmins($uid, $realname, $avatar);

It seems like $realname defined by smallworld_sanitize($_POST['realname']) on line 227 can also be of type array; however, XoopsModules\Smallworld\SwDatabase::EditAdmins() does only seem to accept string, maybe add an additional type check?

            $img->createAlbum($uid);
        }

        if ('save' === $_POST['function']) {
            $sql    = 'INSERT INTO '
                      . $GLOBALS['xoopsDB']->prefix('smallworld_user')
                      . ' (userid, regdate, username, userimage, realname, gender, intingender, relationship, partner, searchrelat, birthday, birthplace, birthplace_lat, birthplace_lng, birthplace_country, politic, religion, emailtype, screenname_type, screenname, mobile, phone, adress, present_city, present_lat, present_lng, present_country, website, interests, music, tvshow, movie, books, aboutme, school_type, school, schoolstart, schoolstop, employer, position, jobstart, jobstop, description, friends, followers, admin_flag) ';
            $sql    .= "VALUES ('" . (int)$uid . "', '" . $regdate . "', '" . $username . "', '" . $avatar . "', '" . $realname . "', '" . $gender . "', '" . $intingender . "', '" . $relationship . "', '" . $partner . "', '" . $searchrelat . "','";
            $sql    .= $birthday . "', '" . $birthplace . "', '" . (float)$birthplace_lat . "', '" . (float)$birthplace_lng . "', '" . $birthplace_country . "', '" . $politic . "', '" . $religion . "','";
            $sql    .= $emailtype . "', '" . $screenname_type . "', '" . $screenname . "', '" . (float)$mobile . "', '" . (float)$phone . "', '" . $adress . "', '" . $present_city . "', '" . (float)$present_lat . "','";
            $sql    .= (float)$present_lng . "', '" . $present_country . "', '" . $website . "', '" . $interests . "', '" . $music . "', '" . $tvshow . "', '" . $movie . "', '" . $books . "', '" . $aboutme . "', '";
            $sql    .= $school_type . "', '" . $school . "', '" . $schoolstart . "', '" . $schoolstop . "', '" . $jobemployer . "', '" . $jobposition . "', '" . $jobstart . "', '" . $jobstop . "', '" . $jobdescription . "', ";
            $sql    .= "'0', '0', '0')";
            $result = $GLOBALS['xoopsDB']->queryF($sql);
            if (false === $result) {
                die('SQL error:' . $sql . '');
            }
            $this->setAdmins($uid, $username, $realname, $avatar);

It seems like $realname defined by smallworld_sanitize($_POST['realname']) on line 227 can also be of type array; however, XoopsModules\Smallworld\SwDatabase::setAdmins() does only seem to accept string, maybe add an additional type check?

            $img->createAlbum($uid);
        }
    }
    /**
     * SetAdmins function
     *
     * @param int    $userID
     * @param string $username
     * @param string $realname
     * @param mixed  $avatar
     */
    public function setAdmins($userID, $username, $realname, $avatar)

The return type could not be reliably inferred; please add a @return annotation.

    {
        $ip     = $_SERVER['REMOTE_ADDR'];
        $sql    = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . ' (userid,username, realname,userimage,ip,complaint,inspect_start, ' . "inspect_stop) VALUES ('" . (int)$userID . "', '" . $username . "','" . $realname . "', '" . $avatar . "','" . $ip . "','0','0','0')";
        $result = $GLOBALS['xoopsDB']->queryF($sql);

        return $result;
    }

    /**
     * EditAdmins function
     *
     * @param int    $userID
     * @param string $realname
     * @param mixed  $avatar
     */
    public function EditAdmins($userID, $realname, $avatar)

The return type could not be reliably inferred; please add a @return annotation.

    {
        // @todo need to sanitize realname and avatar
        $sql    = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " SET realname = '" . $realname . "', userimage = '" . $avatar . "' WHERE userid = '" . (int)$userID . "'";
        $result = $GLOBALS['xoopsDB']->queryF($sql);

        return $result;
    }

    /**
     * alreadycomplaint function
     *
     * Check if user has already sent complaint
     *
     * @param string $msg
     * @param int    $by
     * @param int    $against
     * @return int
     */
    public function alreadycomplaint($msg, $by, $against)
    {
        $sql    = 'SELECT * FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " WHERE byuser_id = '" . (int)$by . "' AND owner = '" . (int)$against . "' AND link = '" . addslashes($msg) . "'";
        $result = $GLOBALS['xoopsDB']->queryF($sql);
        $i      = $GLOBALS['xoopsDB']->getRowsNum($result);
        if (1 > $i) {
            $query  = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " (complaint_id,link,byuser_id,owner) VALUES ('', '" . addslashes($msg) . "', '" . (int)$by . "', '" . (int)$against . "')";
            $result = $GLOBALS['xoopsDB']->queryF($query);

$result is not used, you could remove the assignment.

        }

        return $i;
    }

    /**
     * updateComplaint function
     *
     * @param int $userID
     * @return bool true on successful update
     */
    public function updateComplaint($userID)

This method seems to be duplicated in your project.

    {
        $sql    = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . ' SET complaint = complaint + 1 ' . "WHERE userid = '" . (int)$userID . "'";
        $result = $GLOBALS['xoopsDB']->queryF($sql);

        return $result ? true : false;
    }

    /**
     * updateInspection function
     * @param int   $userID
     * @param int   $start
     * @param bool
     */
    public function updateInspection($userID, $start, $stop)

The parameter $start is not used and could be removed.

    {
        $time    = time();
        $newstop = $time + $stop;
        $sql     = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " SET inspect_start = '" . $time . "', instect_stop = '" . $newstop . "' WHERE userid ='" . (int)$userID . "'";
        $result  = $GLOBALS['xoopsDB']->queryF($sql);

        return $result ? true : false;
    }

    /**
     * handleImageEdit function
     *
     * @return bool true on success, false on failure
     */
    public function handleImageEdit()
    {
        //@todo need to filter $_POST['imgdesc'] array
        $return = true;
        $postCount = count($_POST['id']);
        for ($i = 0, $iMax = $postCount; $i < $iMax; ++$i) {
            $id     = (int)$_POST['id'][$i];
            $desc   = $_POST['imgdesc'][$i];
            $sql    = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " SET `desc` = '" . addslashes($desc) . "' WHERE `id`='" . $id . "'";
            $result = $return && $GLOBALS['xoopsDB']->queryF($sql);
        }
        return $result ? true : false;

The variable $result does not seem to be defined for all execution paths leading up to this point.

    }

    /**
     * updateInspection function
     *
     * insert application for friendship into db or delete if denied
     *
     * @param int $status
     * @param int $friendid
     * @param int $userid
     * @return bool
     */
    public function toogleFriendInvite($status, $friendid, $userid)
    {
        $result = true;
        if (0 == $status) {
            $sql    = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " (me,you,status,date) VALUES ('" . $userid . "', '" . $friendid . "', '1', UNIX_TIMESTAMP())";
            $result = $GLOBALS['xoopsDB']->queryF($sql);
        } elseif ($status > 0) {

This code seems to be duplicated across your project.

            $sql     = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$friendid . "' AND you = '" . (int)$userid . "'";
            $sql2    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$userid . "' AND you = '" . (int)$friendid . "'";
            $result  = $GLOBALS['xoopsDB']->queryF($sql);
            $result = $result && $GLOBALS['xoopsDB']->queryF($sql2);

            // Since friendship is canceled also following is deleted
            $this->toogleFollow(1, $userid, $friendid);
        }

        return $result ? true : false;
    }

    /**
     * toogleFollow function
     *
     * Insert following to db or delete if requested
     *
     * @param int $following
     * @param int $myUid
     * @param int $friend
     * @return bool true on success
     */
    public function toogleFollow($following, $myUid, $friend)
    {
        if (0 == $following) {
            $sql    = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " (me,you,status,date) VALUES ('" . $myUid . "', '" . $friend . "', '1', UNIX_TIMESTAMP())";
            $result = $GLOBALS['xoopsDB']->queryF($sql);
        } elseif ($following > 0) {
            $sql     = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE you = '" . (int)$friend . "'"
                     . " AND me = '" . (int)$myUid . "'";
            $sql2    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE me = '" . (int)$friend . "'"

$sql2 is not used, you could remove the assignment.

                     . " AND you = '" . (int)$myUid . "'";
            $result = $GLOBALS['xoopsDB']->queryF($sql);
        }

        return $result ? true : false;

The variable $result does not seem to be defined for all execution paths leading up to this point.

    }

    /**
     * Set Friendship Status in dB
     *
     * @param int $stat
     * @param int $myUid
     * @param int $friend
     * @return bool true on success, false on failure
     */
    public function setFriendshipStat($stat, $myUid, $friend)
    {
        $result = $result2 = false;

$result2 is not used, you could remove the assignment.

        if (1 == $stat) {
            $query  = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " SET status = '2' WHERE `me` = '" . $friend . "' AND `you` = '" . $myUid . "'";
            $query2 = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " (me,you,status,date) VALUES ('" . $myUid . "', '" . $friend . "', '2', UNIX_TIMESTAMP())";
            $result = $GLOBALS['xoopsDB']->queryF($query);
            $result = $result && $GLOBALS['xoopsDB']->queryF($query2);
        } elseif (0 > $stat) {

This code seems to be duplicated across your project.

            $query  = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$friend . "' AND you = '" . (int)$myUid . "'";
            $query2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE you = '" . (int)$friend . "' AND me = '" . (int)$myUid . "'";
            $result = $GLOBALS['xoopsDB']->queryF($query);
            $result = $result && $GLOBALS['xoopsDB']->queryF($query2);
        }
        return $result ? true : false;
    }

    /**
     * deleteWallMsg function
     * @param int $id
     * @param int $smallworld_msg_id
     * @return bool
     */
    public function deleteWallMsg($id, $smallworld_msg_id)

The parameter $id is not used and could be removed.

    {
        $query  = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_messages') . " WHERE msg_id = '" . $smallworld_msg_id . "'";
        $result = $GLOBALS['xoopsDB']->queryF($query);
        $query2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE msg_id_fk = '" . $smallworld_msg_id . "'";
        $result = $result && $GLOBALS['xoopsDB']->queryF($query2);
        //delete votes
        $query3 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE msg_id = '" . $smallworld_msg_id . "'";
        $result = $result && $GLOBALS['xoopsDB']->queryF($query3);

        return $result ? true : false;
    }

    /**
     * deleteWallComment function
     * - Delete Comments
     * @param int $smallworld_com_id
     * @return true

Should the return type not be boolean?

     */
    public function deleteWallComment($smallworld_com_id)

This method seems to be duplicated in your project.

    {
        $query   = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE com_id = '" . $smallworld_com_id . "'";
        $result  = $GLOBALS['xoopsDB']->queryF($query);

$result is not used, you could remove the assignment.

        $query2  = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE com_id = '" . $smallworld_com_id . "'";
        $result2 = $GLOBALS['xoopsDB']->queryF($query2);

$result2 is not used, you could remove the assignment.

        return true;
    }

    /**
     * Count Users rates
     *
     * @param int    $userid
     * @param string $column
     * @return int
     */
    public function countUsersRates($userid, $column)
    {
        $sum    = 0;
        // @sanitize $column - make sure it's a valid column in the vote dB table
        $validCol = in_array($column, ['up', 'down']) ? $column : 'vote_id';
        $query    = 'SELECT SUM(' . $validCol . ') AS sum FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE owner = '" . (int)$userid . "'";
        $result   = $GLOBALS['xoopsDB']->queryF($query);
        while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
            $sum = $row['sum'];
        }

        return (int)$sum;
    }

    /**
     * Delete user account and associate rows across tables
     *
     * echos string to display
     *
     * @param int $userid
     * @return bool  true on success, false on failure
     */
    public function deleteAccount($userid)
    {
        $userid = (int)$userid;
        $user     = new \XoopsUser($userid);
        $username = $user->uname();
        $sql01    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " WHERE userid = '" . $userid . "'";
        $sql02    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE uid_fk = '" . $userid . "'";
        $sql03    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE me = '" . $userid . "' OR you = '" . $userid . "'";
        $sql04    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . $userid . "' OR you = '" . $userid . "'";
        $sql05    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " WHERE userid = '" . $userid . "'";
        $sql06    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_messages') . " WHERE uid_fk = '" . $userid . "'";
        $sql07    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid = '" . $userid . "'";
        $sql08    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE user_id = '" . $userid . "'";
        $sql09    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " WHERE owner = '" . $userid . "' OR byuser_id = '" . $userid . "'";
        $sql10    = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " WHERE userid = '" . $userid . "'";

        $result01 = $GLOBALS['xoopsDB']->queryF($sql01);
        $result02 = $GLOBALS['xoopsDB']->queryF($sql02);
        $result03 = $GLOBALS['xoopsDB']->queryF($sql03);
        $result04 = $GLOBALS['xoopsDB']->queryF($sql04);
        $result05 = $GLOBALS['xoopsDB']->queryF($sql05);
        $result06 = $GLOBALS['xoopsDB']->queryF($sql06);
        $result07 = $GLOBALS['xoopsDB']->queryF($sql07);
        $result08 = $GLOBALS['xoopsDB']->queryF($sql08);
        $result09 = $GLOBALS['xoopsDB']->queryF($sql09);
        $result10 = $GLOBALS['xoopsDB']->queryF($sql10);
        // Remove picture dir
        $dirname = XOOPS_ROOT_PATH . '/uploads/albums_smallworld' . '/' . $userid . '/';
        $result11 = $this->smallworld_remDir($userid, $dirname, $empty = false);
        echo $username . _AM_SMALLWORLD_ADMIN_USERDELETEDALERT;

        return $result01 && $result02 && $result03 && $result04 && $result05 && $result06 && $result07 && $result08 && $result09 && $result10 && $result11;
    }

    /**
     * Delete images from users on delete
     *
     * @param int $userid
     * @return bool
     */
    public function SmallworldDeleteDirectory($userid)
    {
        $dirname = XOOPS_ROOT_PATH . '/uploads/albums_smallworld' . '/' . (int)$userid . '/';
        if (is_dir($dirname)) {
            $dir_handle = opendir($dirname);
        }
        if (!$dir_handle) {

The variable $dir_handle does not seem to be defined for all execution paths leading up to this point.

            return false;
        }
        while (false !== ($file = readdir($dir_handle))) {
            if ('.' !== $file && '..' !== $file) {

This code seems to be duplicated across your project.

                if (!is_dir($dirname . '/' . $file)) {
                    unlink($dirname . '/' . $file);
                } else {
                    $this->SmallworldDeleteDirectory($dirname . '/' . $file);
                }
            }
        }
        closedir($dir_handle);
        rmdir($dirname);

        return true;
    }

    /**
     * Remove user image dir in uploads
     *
     * @param int         $userid
     * @param string|bool $directory
     * @param bool|int    $empty
     * @return bool

Should the return type not be boolean|null?

     */
    public function smallworld_remDir($userid, $directory, $empty = false)

This method seems to be duplicated in your project.

    {
        //@todo verify $userid should be int and then sanitize $userid accordingly before
        //      executing this routine
        if (!empty($userid)) {
            if ('/' === mb_substr($directory, -1)) {
                $directory = mb_substr($directory, 0, -1);
            }

            if (!file_exists($directory) || !is_dir($directory)) {
                return false;
            } elseif (!is_readable($directory)) {
                return false;
            }
            $directoryHandle = opendir($directory);
            while (false !== ($contents = readdir($directoryHandle))) {
                if ('.' !== $contents && '..' !== $contents) {
                    $path = $directory . '/' . $contents;
                    if (is_dir($path)) {
                        $this->smallworld_remDir($userid, $path);
                    } else {
                        unlink($path);
                    }
                }
            }
            closedir($directoryHandle);
            if (false === $empty) {
                if (!rmdir($directory)) {
                    return false;
                }
            }

            return true;
        }
    }

    /**
     * Update private settings
     *
     * @param mixed $id user's id
     * @param mixed $posts
     * @return string serialized settings for this id
     */
    public function saveSettings($id, $posts)
    {
        $id = (int)$id;
        $sql    = 'SELECT value FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . ' WHERE userid = ' . $id . '';
        $result = $GLOBALS['xoopsDB']->queryF($sql);
        $i      = $GLOBALS['xoopsDB']->getRowsNum($result);
        if ($i > 0) {
            $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " SET value = '" . $posts . "' WHERE userid = " . (int)$id . '';
        } else {
            $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " (userid,value) VALUES ('" . $id . "', '" . $posts . "')";
        }
        $result = $GLOBALS['xoopsDB']->queryF($sql);

$result is not used, you could remove the assignment.

        return $this->getSettings($id);
    }

    /**
     * Retrieve private settings
     *
     * @param mixed $userid
     * @return string serialized string
     */
    public function getSettings($userid)
    {
        $sql    = 'SELECT value FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . ' WHERE userid = ' . (int)$userid . '';
        $result = $GLOBALS['xoopsDB']->queryF($sql);
        $i      = $GLOBALS['xoopsDB']->getRowsNum($result);
        if ($i < 1) {
            $posts = serialize(
                [
                    'posts'    => 0,
                    'comments' => 0,
                    'notify'   => 1,
                ]
            );
            $this->saveSettings($userid, $posts);
            $retVal = $this->getSettings($userid);
        } else {
            while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
                $data = $row['value'];
            }

            $retVal = json_encode(unserialize(stripslashes($data)));

The variable $data does not seem to be defined for all execution paths leading up to this point.

        }

        return $retVal;
    }
}