This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Smallworld; |
||
4 | |||
5 | /* |
||
6 | * You may not change or alter any portion of this comment or credits |
||
7 | * of supporting developers from this source code or any supporting source code |
||
8 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
9 | * |
||
10 | * This program is distributed in the hope that it will be useful, |
||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
13 | */ |
||
14 | |||
15 | use Xmf\Request; |
||
16 | use XoopsModules\Smallworld\Constants; |
||
17 | |||
18 | /** |
||
19 | * SmallWorld |
||
20 | * |
||
21 | * @package \XoopsModules\SmallWorld |
||
22 | * @copyright The XOOPS Project (https://xoops.org) |
||
23 | * @copyright 2011 Culex |
||
24 | * @license GNU GPL (https://www.gnu.org/licenses/gpl-2.0.html/) |
||
25 | * @author Michael Albertsen (http://culex.dk) <[email protected]> |
||
26 | * @link https://github.com/XoopsModules25x/smallworld |
||
27 | * @since 1.0 |
||
28 | */ |
||
29 | |||
30 | /** |
||
31 | * |
||
32 | * SwDatabase to manage SW activity |
||
33 | * |
||
34 | */ |
||
35 | class SwDatabase |
||
36 | { |
||
37 | /** |
||
38 | * getJobsToDiv method |
||
39 | * |
||
40 | * @todo switch to use SwUser class methods |
||
41 | * @param int $id |
||
42 | * @return array |
||
43 | */ |
||
44 | public function getJobsToDiv($id) |
||
45 | { |
||
46 | $msg = []; |
||
47 | $sql = 'SELECT employer,position,jobstart,jobstop,description FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $id . "'"; |
||
48 | $result = $GLOBALS['xoopsDB']->query($sql); |
||
49 | while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) { |
||
50 | $employer = unserialize($row['employer']); |
||
51 | $position = unserialize($row['position']); |
||
52 | $jobstart = unserialize($row['jobstart']); |
||
53 | $jobstop = unserialize($row['jobstop']); |
||
54 | $description = unserialize($row['description']); |
||
55 | } |
||
56 | $start = 0; |
||
57 | $end = count($employer) - 1; |
||
0 ignored issues
–
show
|
|||
58 | while ($start <= $end) { |
||
59 | $msg[$start]['employer'] = $employer[$start]; |
||
60 | $msg[$start]['position'] = $position[$start]; |
||
0 ignored issues
–
show
The variable
$position does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
61 | $msg[$start]['jobstart'] = $jobstart[$start]; |
||
0 ignored issues
–
show
The variable
$jobstart does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
62 | $msg[$start]['jobstop'] = $jobstop[$start]; |
||
0 ignored issues
–
show
The variable
$jobstop does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
63 | $msg[$start]['description'] = $description[$start]; |
||
0 ignored issues
–
show
The variable
$description does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
64 | ++$start; |
||
65 | } |
||
66 | |||
67 | return $msg; |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * getSchoolToDiv function |
||
72 | * |
||
73 | * @param int $userId smallworld `userid` |
||
0 ignored issues
–
show
There is no parameter named
$userId . Was it maybe removed?
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter /**
* @param array $germany
* @param array $island
* @param array $italy
*/
function finale($germany, $island) {
return "2:1";
}
The most likely cause is that the parameter was removed, but the annotation was not. ![]() |
|||
74 | * @return array |
||
75 | */ |
||
76 | function getSchoolToDiv($id) |
||
0 ignored issues
–
show
|
|||
77 | { |
||
78 | global $arr7; |
||
79 | $msg=array(); |
||
80 | $sql = "SELECT school_type,school,schoolstart,schoolstop FROM " |
||
81 | . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $id . "'"; |
||
82 | $result = $GLOBALS['xoopsDB']->query($sql); |
||
83 | while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) { |
||
84 | $school_type = unserialize($row['school_type']); |
||
85 | $school = unserialize($row['school']); |
||
86 | $schoolstart = unserialize($row['schoolstart']); |
||
87 | $schoolstop = unserialize($row['schoolstop']); |
||
88 | } |
||
89 | $start = 0; |
||
90 | $end = count($school_type) - 1; |
||
0 ignored issues
–
show
The variable
$school_type does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
91 | while ($start<=$end) { |
||
92 | $msg[$start]['school_type'] = $school_type[$start]; |
||
93 | $msg[$start]['school'] = $arr7[$school[$start]]; |
||
0 ignored issues
–
show
The variable
$school does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
94 | $msg[$start]['schoolstart'] = $schoolstart[$start]; |
||
0 ignored issues
–
show
The variable
$schoolstart does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
95 | $msg[$start]['schoolstop'] = $schoolstop[$start]; |
||
0 ignored issues
–
show
The variable
$schoolstop does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
96 | $start++; |
||
97 | } |
||
98 | return $msg; |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * getScreennamesToDiv function |
||
103 | * |
||
104 | * @param int $userId smallworld `userid` |
||
105 | * @return array |
||
106 | */ |
||
107 | public function getScreennamesToDiv($userId) |
||
108 | { |
||
109 | global $arr06; |
||
110 | $msg = []; |
||
111 | $screenname_type = []; |
||
112 | $swUser = \XoopsModules\Smallworld\Helper::getInstance()->getHandler('SwUser')->getByUserId($userId); |
||
113 | if ($swUser instanceof \XoopsModules\Smallworld\SwUser) { |
||
114 | $screenname_type = $swUser->getVar('screenname_type'); |
||
115 | $screenname = $swUser->getVar('screenname'); |
||
116 | } |
||
117 | /* |
||
118 | $sql = 'SELECT screenname_type,screenname FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid ='" . $userId . "'"; |
||
119 | $result = $GLOBALS['xoopsDB']->query($sql); |
||
120 | while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) { |
||
121 | $screenname_type = unserialize($row['screenname_type']); |
||
122 | $screenname = unserialize($row['screenname']); |
||
123 | } |
||
124 | */ |
||
125 | $start = 0; |
||
126 | $end = count($screenname_type); |
||
127 | while ($start < $end) { |
||
128 | $msg[$start]['screenname'] = $screenname_type[$start]; |
||
129 | $msg[$start]['screenname_type'] = $arr06[$screenname[$start]]; |
||
0 ignored issues
–
show
The variable
$screenname does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
130 | $msg[$start]['link'] = "<span class='smallworld_website'>" . smallworld_sociallinks($screenname[$start], $msg[$start]['screenname']); |
||
131 | ++$start; |
||
132 | } |
||
133 | |||
134 | return $msg; |
||
135 | } |
||
136 | |||
137 | |||
138 | /** |
||
139 | * getVar function |
||
140 | * @param int $id |
||
141 | * @param string $var |
||
142 | * @returns Array |
||
143 | */ |
||
144 | function getVar($id, $var) |
||
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() |
|||
145 | { |
||
146 | global $xoopsUser, $xoopsDB; |
||
147 | $sql = "SELECT ".$var." FROM ".$xoopsDB->prefix('smallworld_user')." WHERE userid = '".$id."'"; |
||
148 | $result = $xoopsDB->queryF($sql); |
||
149 | if ($xoopsDB->getRowsNum($result) < 1) { |
||
150 | return 0;//_SMALLWORLD_REPLY_NOTSPECIFIED; |
||
151 | } |
||
152 | while ($row = $xoopsDB->fetchArray($result)) { |
||
153 | $msg[$var] = $row[$var]; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$msg was never initialized. Although not strictly required by PHP, it is generally a good practice to add $msg = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
154 | } |
||
155 | return $msg[$var]; |
||
0 ignored issues
–
show
The variable
$msg does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
156 | } |
||
157 | |||
158 | |||
159 | /** |
||
160 | * updateSingleValue function |
||
161 | * @param string $table |
||
162 | * @param int $userid |
||
163 | * @param string $field |
||
164 | * @param int $value |
||
165 | */ |
||
166 | public function updateSingleValue($table, $userid, $field, $value) |
||
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() |
|||
167 | { |
||
168 | $myts = \MyTextSanitizer::getInstance(); |
||
169 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix($table) . ' SET ' . $field . "='" . $myts->addSlashes($value) . "' WHERE userid='" . (int)$userid . "'"; |
||
170 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
171 | |||
172 | return $result; |
||
173 | } |
||
174 | |||
175 | /** |
||
176 | * saveImage function |
||
177 | * @param $values |
||
178 | */ |
||
179 | View Code Duplication | public function saveImage($values) |
|
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
180 | { |
||
181 | $myts = \MyTextSanitizer::getInstance(); |
||
0 ignored issues
–
show
$myts is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
182 | $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . ' VALUES (' . $values . ')'; |
||
183 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
184 | return $result; |
||
185 | } |
||
186 | |||
187 | /** |
||
188 | * DeleteImage function |
||
189 | * @param int $userid |
||
190 | * @param string $imagename |
||
191 | */ |
||
192 | View Code Duplication | public function deleteImage($userid, $imagename) |
|
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
193 | { |
||
194 | $myts = \MyTextSanitizer::getInstance(); |
||
0 ignored issues
–
show
$myts is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
195 | $sql = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " WHERE imgname = '" . stripslashes($imagename) . "' AND userid='" . (int)$userid . "'"; |
||
196 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
197 | |||
198 | return $result; |
||
199 | } |
||
200 | |||
201 | /** |
||
202 | * handlePosts function |
||
203 | */ |
||
204 | public function handlePosts() |
||
205 | { |
||
206 | $GLOBALS['xoopsLogger']->activated = false; |
||
207 | if ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser'] instanceof \XoopsUser) { |
||
0 ignored issues
–
show
The class
XoopsUser does not exist. Did you forget a USE statement, or did you not list all dependencies?
This error could be the result of: 1. Missing dependenciesPHP Analyzer uses your Are you sure this class is defined by one of your dependencies, or did you maybe
not list a dependency in either the 2. Missing use statementPHP does not complain about undefined classes in if ($x instanceof DoesNotExist) {
// Do something.
}
If you have not tested against this specific condition, such errors might go unnoticed. ![]() |
|||
208 | $uid = $GLOBALS['xoopsUser']->uid(); |
||
0 ignored issues
–
show
$uid is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
209 | } else { |
||
210 | return false; |
||
211 | } |
||
212 | $uid = ($GLOBALS['xoopsUser'] && $GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->uid() : 0; |
||
0 ignored issues
–
show
The class
XoopsUser does not exist. Did you forget a USE statement, or did you not list all dependencies?
This error could be the result of: 1. Missing dependenciesPHP Analyzer uses your Are you sure this class is defined by one of your dependencies, or did you maybe
not list a dependency in either the 2. Missing use statementPHP does not complain about undefined classes in if ($x instanceof DoesNotExist) {
// Do something.
}
If you have not tested against this specific condition, such errors might go unnoticed. ![]() |
|||
213 | |||
214 | $img = new Images; |
||
215 | $avatar = $this->getVar($uid, 'userimage'); |
||
216 | $partner = ''; |
||
217 | |||
218 | if (empty($avatar)) { |
||
219 | $avatar = $GLOBALS['xoopsUser']->user_avatar(); |
||
220 | } |
||
221 | if (Constants::RELATIONSHIP_SINGLE !== Request::getInt('relationship', Constants::RELATIONSHIP_COMPLICATED, 'POST')) { |
||
222 | $partner = smallworld_sanitize($_POST['partner']); |
||
223 | } |
||
224 | |||
225 | $regdate = time(); |
||
226 | $username = $GLOBALS['xoopsUser']->uname(); |
||
227 | $realname = smallworld_sanitize($_POST['realname']); |
||
228 | $gender = Request::getInt('gender', Constants::GENDER_UNKNOWN, 'POST'); |
||
229 | $intingender = isset($_POST['intingender']) ? smallworld_sanitize(serialize($_POST['intingender'])) : smallworld_sanitize(serialize([0 => '3'])); |
||
230 | $relationship = smallworld_sanitize($_POST['relationship']); |
||
231 | $searchrelat = isset($_POST['searchrelat']) ? smallworld_sanitize(serialize($_POST['searchrelat'])) : smallworld_sanitize(serialize([0 => '0'])); |
||
232 | $birthday = smallworld_sanitize(smallworld_euroToUsDate($_POST['birthday'])); |
||
233 | $birthplace = smallworld_sanitize($_POST['birthplace']); |
||
234 | $birthplace_lat = smallworld_sanitize($_POST['birthplace_lat']); |
||
235 | $birthplace_lng = smallworld_sanitize($_POST['birthplace_lng']); |
||
236 | $birthplace_country = smallworld_sanitize($_POST['birthplace_country']); |
||
237 | $birthplace_country_img = isset($_POST['birthplace_country_img']) ? smallworld_sanitize($_POST['birthplace_country_img']) : ''; |
||
0 ignored issues
–
show
$birthplace_country_img is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
238 | $politic = smallworld_sanitize($_POST['politic']); |
||
239 | $religion = smallworld_sanitize($_POST['religion']); |
||
240 | $emailtype = smallworld_sanitize(serialize($_POST['emailtype'])); |
||
241 | $screenname_type = smallworld_sanitize(serialize($_POST['screenname_type'])); |
||
242 | $screenname = smallworld_sanitize(serialize($_POST['screenname'])); |
||
243 | $mobile = smallworld_sanitize($_POST['mobile']); |
||
244 | $phone = smallworld_sanitize($_POST['phone']); |
||
245 | $adress = smallworld_sanitize($_POST['adress']); |
||
246 | $present_city = smallworld_sanitize($_POST['present_city']); |
||
247 | $present_lat = smallworld_sanitize($_POST['present_lat']); |
||
248 | $present_lng = smallworld_sanitize($_POST['present_lng']); |
||
249 | $present_country = smallworld_sanitize($_POST['present_country']); |
||
250 | $present_country_img = isset($_POST['present_country_img']) ? smallworld_sanitize($_POST['present_country_img']) : ''; |
||
0 ignored issues
–
show
$present_country_img is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
251 | $website = smallworld_sanitize($_POST['website']); |
||
252 | $interests = smallworld_sanitize($_POST['interests']); |
||
253 | $music = smallworld_sanitize($_POST['music']); |
||
254 | $tvshow = smallworld_sanitize($_POST['tvshow']); |
||
255 | $movie = smallworld_sanitize($_POST['movie']); |
||
256 | $books = smallworld_sanitize($_POST['books']); |
||
257 | $aboutme = smallworld_sanitize($_POST['aboutme']); |
||
258 | $school_type = smallworld_sanitize(serialize($_POST['school_type'])); |
||
259 | $school = smallworld_sanitize(serialize($_POST['school'])); |
||
260 | $schoolstart = smallworld_sanitize(serialize($_POST['schoolstart'])); |
||
261 | $schoolstop = smallworld_sanitize(serialize($_POST['schoolstop'])); |
||
262 | $jobemployer = smallworld_sanitize(serialize($_POST['employer'])); |
||
263 | $jobposition = smallworld_sanitize(serialize($_POST['position'])); |
||
264 | $jobstart = smallworld_sanitize(serialize(smallworld_YearOfArray($_POST['jobstart']))); |
||
265 | $jobstop = smallworld_sanitize(serialize(smallworld_YearOfArray($_POST['jobstop']))); |
||
266 | $jobdescription = smallworld_sanitize(serialize($_POST['description'])); |
||
267 | |||
268 | $swUserHandler = \XoopsModules\Smallworld\Helper::getInstance()->getHandler('SwUser'); |
||
0 ignored issues
–
show
$swUserHandler is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
269 | |||
270 | //@todo find better way to terminate routine than just 'die' on error(s) |
||
271 | if ('edit' === $_POST['function']) { |
||
272 | /* |
||
273 | $swUserObj = $swUserHandler->get($uid); |
||
274 | if (!$swUserObj instanceof \XoopsModules\Smallworld\SwUser) { |
||
275 | return; |
||
276 | } |
||
277 | $swUserObj->setVars([ |
||
278 | 'realname' => $realname, |
||
279 | 'username' => $username, |
||
280 | 'userimage' => $avatar, |
||
281 | 'gender' => $gender, |
||
282 | 'intingender' => $intingender, |
||
283 | 'relationship' => $relationship, |
||
284 | 'partner' => $partner, |
||
285 | 'searchrelat' => $searchrelat, |
||
286 | 'birthday' => $birthday, |
||
287 | 'birthplace' => $birthplace, |
||
288 | 'birthplace_lat' => (float)$birthplace_lat, |
||
289 | 'birthplace_lng' => (float)$birthplace_lng, |
||
290 | 'birthplace_country' => $birthplace_country, |
||
291 | 'politic' => $politic, |
||
292 | 'religion' => $religion, |
||
293 | 'emailtype' => $emailtype, |
||
294 | 'screenname_type' => $screenname_type, |
||
295 | 'screenname' => $screenname, |
||
296 | 'mobile' => (float)$mobile, |
||
297 | 'phone' => (float)$phone, |
||
298 | 'adress' => $adress, |
||
299 | 'present_city' => $present_city, |
||
300 | 'present_lat' => (float)$present_lat, |
||
301 | 'present_lng' => (float)$present_lng, |
||
302 | 'present_country' => $present_country, |
||
303 | 'website' => $website, |
||
304 | 'interests' => $interests, |
||
305 | 'music' => $music, |
||
306 | 'tvshow' => $tvshow, |
||
307 | 'movie' => $movie, |
||
308 | 'books' => $books, |
||
309 | 'aboutme' => $aboutme, |
||
310 | 'school_type' => $school_type, |
||
311 | 'school' => $school, |
||
312 | 'schoolstart' => $schoolstart, |
||
313 | 'schoolstop' => $schoolstop, |
||
314 | 'employer' => $jobemployer, |
||
315 | 'position' => $jobposition, |
||
316 | 'jobstart' => $jobstart, |
||
317 | 'jobstop' => $jobstop, |
||
318 | 'description' => $jobdescription |
||
319 | ]); |
||
320 | $result = $swUserHandler->insert($swUserObj); |
||
321 | if (false === $result) { |
||
322 | die('Failed inserting User'); |
||
323 | } |
||
324 | */ |
||
325 | |||
326 | // Update all values in user_table |
||
327 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . ' SET '; |
||
328 | $sql .= "realname = '" . $realname . "', username= '" . $username . "', userimage = '" . $avatar . "', gender = '" . $gender . "',"; |
||
329 | $sql .= "intingender = '" . $intingender . "',relationship = '" . $relationship . "', partner = '" . $partner . "', searchrelat = '" . $searchrelat . "',"; |
||
330 | $sql .= "birthday = '" . $birthday . "',birthplace = '" . $birthplace . "',birthplace_lat = '" . (float)$birthplace_lat . "',"; |
||
331 | $sql .= "birthplace_lng = '" . (float)$birthplace_lng . "',birthplace_country = '" . $birthplace_country . "',politic = '" . $politic . "',"; |
||
332 | $sql .= "religion = '" . $religion . "',emailtype = '" . $emailtype . "',screenname_type = '" . $screenname_type . "',"; |
||
333 | $sql .= "screenname = '" . $screenname . "',mobile = '" . (float)$mobile . "',phone = '" . (float)$phone . "',adress = '" . $adress . "',"; |
||
334 | $sql .= "present_city = '" . $present_city . "',present_lat = '" . (float)$present_lat . "',present_lng = '" . (float)$present_lng . "',"; |
||
335 | $sql .= "present_country = '" . $present_country . "',website = '" . $website . "',interests = '" . $interests . "',"; |
||
336 | $sql .= "music = '" . $music . "',tvshow = '" . $tvshow . "',movie = '" . $movie . "',"; |
||
337 | $sql .= "books = '" . $books . "',aboutme = '" . $aboutme . "',school_type = '" . $school_type . "',"; |
||
338 | $sql .= "school = '" . $school . "', schoolstart = '" . $schoolstart . "',schoolstop = '" . $schoolstop . "',"; |
||
339 | $sql .= "employer = '" . $jobemployer . "', position = '" . $jobposition . "',jobstart = '" . $jobstart . "',"; |
||
340 | $sql .= "jobstop = '" . $jobstop . "', description = '" . $jobdescription . "' "; |
||
341 | $sql .= "WHERE userid ='" . (int)$uid . "'"; |
||
342 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
343 | if (false === $result) { |
||
344 | die('SQL error:' . $sql . ''); |
||
345 | } |
||
346 | |||
347 | $this->EditAdmins($uid, $realname, $avatar); |
||
0 ignored issues
–
show
It seems like
$realname defined by smallworld_sanitize($_POST['realname']) on line 227 can also be of type array ; however, XoopsModules\Smallworld\SwDatabase::EditAdmins() does only seem to accept string , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. ![]() |
|||
348 | $img->createAlbum($uid); |
||
349 | } |
||
350 | |||
351 | if ('save' === $_POST['function']) { |
||
352 | $sql = 'INSERT INTO ' |
||
353 | . $GLOBALS['xoopsDB']->prefix('smallworld_user') |
||
354 | . ' (userid, regdate, username, userimage, realname, gender, intingender, relationship, partner, searchrelat, birthday, birthplace, birthplace_lat, birthplace_lng, birthplace_country, politic, religion, emailtype, screenname_type, screenname, mobile, phone, adress, present_city, present_lat, present_lng, present_country, website, interests, music, tvshow, movie, books, aboutme, school_type, school, schoolstart, schoolstop, employer, position, jobstart, jobstop, description, friends, followers, admin_flag) '; |
||
355 | $sql .= "VALUES ('" . (int)$uid . "', '" . $regdate . "', '" . $username . "', '" . $avatar . "', '" . $realname . "', '" . $gender . "', '" . $intingender . "', '" . $relationship . "', '" . $partner . "', '" . $searchrelat . "','"; |
||
356 | $sql .= $birthday . "', '" . $birthplace . "', '" . (float)$birthplace_lat . "', '" . (float)$birthplace_lng . "', '" . $birthplace_country . "', '" . $politic . "', '" . $religion . "','"; |
||
357 | $sql .= $emailtype . "', '" . $screenname_type . "', '" . $screenname . "', '" . (float)$mobile . "', '" . (float)$phone . "', '" . $adress . "', '" . $present_city . "', '" . (float)$present_lat . "','"; |
||
358 | $sql .= (float)$present_lng . "', '" . $present_country . "', '" . $website . "', '" . $interests . "', '" . $music . "', '" . $tvshow . "', '" . $movie . "', '" . $books . "', '" . $aboutme . "', '"; |
||
359 | $sql .= $school_type . "', '" . $school . "', '" . $schoolstart . "', '" . $schoolstop . "', '" . $jobemployer . "', '" . $jobposition . "', '" . $jobstart . "', '" . $jobstop . "', '" . $jobdescription . "', "; |
||
360 | $sql .= "'0', '0', '0')"; |
||
361 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
362 | if (false === $result) { |
||
363 | die('SQL error:' . $sql . ''); |
||
364 | } |
||
365 | $this->setAdmins($uid, $username, $realname, $avatar); |
||
0 ignored issues
–
show
It seems like
$realname defined by smallworld_sanitize($_POST['realname']) on line 227 can also be of type array ; however, XoopsModules\Smallworld\SwDatabase::setAdmins() does only seem to accept string , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. ![]() |
|||
366 | $img->createAlbum($uid); |
||
367 | } |
||
368 | } |
||
369 | /** |
||
370 | * SetAdmins function |
||
371 | * |
||
372 | * @param int $userID |
||
373 | * @param string $username |
||
374 | * @param string $realname |
||
375 | * @param mixed $avatar |
||
376 | */ |
||
377 | public function setAdmins($userID, $username, $realname, $avatar) |
||
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() |
|||
378 | { |
||
379 | $ip = $_SERVER['REMOTE_ADDR']; |
||
380 | $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . ' (userid,username, realname,userimage,ip,complaint,inspect_start, ' . "inspect_stop) VALUES ('" . (int)$userID . "', '" . $username . "','" . $realname . "', '" . $avatar . "','" . $ip . "','0','0','0')"; |
||
381 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
382 | |||
383 | return $result; |
||
384 | } |
||
385 | |||
386 | /** |
||
387 | * EditAdmins function |
||
388 | * |
||
389 | * @param int $userID |
||
390 | * @param string $realname |
||
391 | * @param mixed $avatar |
||
392 | */ |
||
393 | public function EditAdmins($userID, $realname, $avatar) |
||
0 ignored issues
–
show
The return type could not be reliably inferred; please add a
@return annotation.
Our type inference engine in quite powerful, but sometimes the code does not
provide enough clues to go by. In these cases we request you to add a ![]() |
|||
394 | { |
||
395 | // @todo need to sanitize realname and avatar |
||
396 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " SET realname = '" . $realname . "', userimage = '" . $avatar . "' WHERE userid = '" . (int)$userID . "'"; |
||
397 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
398 | |||
399 | return $result; |
||
400 | } |
||
401 | |||
402 | /** |
||
403 | * alreadycomplaint function |
||
404 | * |
||
405 | * Check if user has already sent complaint |
||
406 | * |
||
407 | * @param string $msg |
||
408 | * @param int $by |
||
409 | * @param int $against |
||
410 | * @return int |
||
411 | */ |
||
412 | public function alreadycomplaint($msg, $by, $against) |
||
413 | { |
||
414 | $sql = 'SELECT * FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " WHERE byuser_id = '" . (int)$by . "' AND owner = '" . (int)$against . "' AND link = '" . addslashes($msg) . "'"; |
||
415 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
416 | $i = $GLOBALS['xoopsDB']->getRowsNum($result); |
||
417 | if (1 > $i) { |
||
418 | $query = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " (complaint_id,link,byuser_id,owner) VALUES ('', '" . addslashes($msg) . "', '" . (int)$by . "', '" . (int)$against . "')"; |
||
419 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
0 ignored issues
–
show
$result is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
420 | } |
||
421 | |||
422 | return $i; |
||
423 | } |
||
424 | |||
425 | /** |
||
426 | * updateComplaint function |
||
427 | * |
||
428 | * @param int $userID |
||
429 | * @return bool true on successful update |
||
430 | */ |
||
431 | View Code Duplication | public function updateComplaint($userID) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
432 | { |
||
433 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . ' SET complaint = complaint + 1 ' . "WHERE userid = '" . (int)$userID . "'"; |
||
434 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
435 | |||
436 | return $result ? true : false; |
||
437 | } |
||
438 | |||
439 | /** |
||
440 | * updateInspection function |
||
441 | * @param int $userID |
||
442 | * @param int $start |
||
443 | * @param bool |
||
444 | */ |
||
445 | public function updateInspection($userID, $start, $stop) |
||
0 ignored issues
–
show
|
|||
446 | { |
||
447 | $time = time(); |
||
448 | $newstop = $time + $stop; |
||
449 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " SET inspect_start = '" . $time . "', instect_stop = '" . $newstop . "' WHERE userid ='" . (int)$userID . "'"; |
||
450 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
451 | |||
452 | return $result ? true : false; |
||
453 | } |
||
454 | |||
455 | /** |
||
456 | * handleImageEdit function |
||
457 | * |
||
458 | * @return bool true on success, false on failure |
||
459 | */ |
||
460 | public function handleImageEdit() |
||
461 | { |
||
462 | //@todo need to filter $_POST['imgdesc'] array |
||
463 | $return = true; |
||
464 | $postCount = count($_POST['id']); |
||
465 | for ($i = 0, $iMax = $postCount; $i < $iMax; ++$i) { |
||
466 | $id = (int)$_POST['id'][$i]; |
||
467 | $desc = $_POST['imgdesc'][$i]; |
||
468 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " SET `desc` = '" . addslashes($desc) . "' WHERE `id`='" . $id . "'"; |
||
469 | $result = $return && $GLOBALS['xoopsDB']->queryF($sql); |
||
470 | } |
||
471 | return $result ? true : false; |
||
0 ignored issues
–
show
The variable
$result does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
472 | } |
||
473 | |||
474 | /** |
||
475 | * updateInspection function |
||
476 | * |
||
477 | * insert application for friendship into db or delete if denied |
||
478 | * |
||
479 | * @param int $status |
||
480 | * @param int $friendid |
||
481 | * @param int $userid |
||
482 | * @return bool |
||
483 | */ |
||
484 | public function toogleFriendInvite($status, $friendid, $userid) |
||
485 | { |
||
486 | $result = true; |
||
487 | if (0 == $status) { |
||
488 | $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " (me,you,status,date) VALUES ('" . $userid . "', '" . $friendid . "', '1', UNIX_TIMESTAMP())"; |
||
489 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
490 | View Code Duplication | } elseif ($status > 0) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
491 | $sql = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$friendid . "' AND you = '" . (int)$userid . "'"; |
||
492 | $sql2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$userid . "' AND you = '" . (int)$friendid . "'"; |
||
493 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
494 | $result = $result && $GLOBALS['xoopsDB']->queryF($sql2); |
||
495 | |||
496 | // Since friendship is canceled also following is deleted |
||
497 | $this->toogleFollow(1, $userid, $friendid); |
||
498 | } |
||
499 | |||
500 | return $result ? true : false; |
||
501 | } |
||
502 | |||
503 | /** |
||
504 | * toogleFollow function |
||
505 | * |
||
506 | * Insert following to db or delete if requested |
||
507 | * |
||
508 | * @param int $following |
||
509 | * @param int $myUid |
||
510 | * @param int $friend |
||
511 | * @return bool true on success |
||
512 | */ |
||
513 | public function toogleFollow($following, $myUid, $friend) |
||
514 | { |
||
515 | if (0 == $following) { |
||
516 | $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " (me,you,status,date) VALUES ('" . $myUid . "', '" . $friend . "', '1', UNIX_TIMESTAMP())"; |
||
517 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
518 | } elseif ($following > 0) { |
||
519 | $sql = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE you = '" . (int)$friend . "'" |
||
520 | . " AND me = '" . (int)$myUid . "'"; |
||
521 | $sql2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE me = '" . (int)$friend . "'" |
||
0 ignored issues
–
show
$sql2 is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
522 | . " AND you = '" . (int)$myUid . "'"; |
||
523 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
524 | } |
||
525 | |||
526 | return $result ? true : false; |
||
0 ignored issues
–
show
The variable
$result does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
527 | } |
||
528 | |||
529 | /** |
||
530 | * Set Friendship Status in dB |
||
531 | * |
||
532 | * @param int $stat |
||
533 | * @param int $myUid |
||
534 | * @param int $friend |
||
535 | * @return bool true on success, false on failure |
||
536 | */ |
||
537 | public function setFriendshipStat($stat, $myUid, $friend) |
||
538 | { |
||
539 | $result = $result2 = false; |
||
0 ignored issues
–
show
$result2 is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
540 | if (1 == $stat) { |
||
541 | $query = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " SET status = '2' WHERE `me` = '" . $friend . "' AND `you` = '" . $myUid . "'"; |
||
542 | $query2 = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " (me,you,status,date) VALUES ('" . $myUid . "', '" . $friend . "', '2', UNIX_TIMESTAMP())"; |
||
543 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
544 | $result = $result && $GLOBALS['xoopsDB']->queryF($query2); |
||
545 | View Code Duplication | } elseif (0 > $stat) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
546 | $query = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . (int)$friend . "' AND you = '" . (int)$myUid . "'"; |
||
547 | $query2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE you = '" . (int)$friend . "' AND me = '" . (int)$myUid . "'"; |
||
548 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
549 | $result = $result && $GLOBALS['xoopsDB']->queryF($query2); |
||
550 | } |
||
551 | return $result ? true : false; |
||
552 | } |
||
553 | |||
554 | /** |
||
555 | * deleteWallMsg function |
||
556 | * @param int $id |
||
557 | * @param int $smallworld_msg_id |
||
558 | * @return bool |
||
559 | */ |
||
560 | public function deleteWallMsg($id, $smallworld_msg_id) |
||
0 ignored issues
–
show
|
|||
561 | { |
||
562 | $query = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_messages') . " WHERE msg_id = '" . $smallworld_msg_id . "'"; |
||
563 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
564 | $query2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE msg_id_fk = '" . $smallworld_msg_id . "'"; |
||
565 | $result = $result && $GLOBALS['xoopsDB']->queryF($query2); |
||
566 | //delete votes |
||
567 | $query3 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE msg_id = '" . $smallworld_msg_id . "'"; |
||
568 | $result = $result && $GLOBALS['xoopsDB']->queryF($query3); |
||
569 | |||
570 | return $result ? true : false; |
||
571 | } |
||
572 | |||
573 | /** |
||
574 | * deleteWallComment function |
||
575 | * - Delete Comments |
||
576 | * @param int $smallworld_com_id |
||
577 | * @return true |
||
0 ignored issues
–
show
|
|||
578 | */ |
||
579 | View Code Duplication | public function deleteWallComment($smallworld_com_id) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
580 | { |
||
581 | $query = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE com_id = '" . $smallworld_com_id . "'"; |
||
582 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
0 ignored issues
–
show
$result is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
583 | $query2 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE com_id = '" . $smallworld_com_id . "'"; |
||
584 | $result2 = $GLOBALS['xoopsDB']->queryF($query2); |
||
0 ignored issues
–
show
$result2 is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
585 | |||
586 | return true; |
||
587 | } |
||
588 | |||
589 | /** |
||
590 | * Count Users rates |
||
591 | * |
||
592 | * @param int $userid |
||
593 | * @param string $column |
||
594 | * @return int |
||
595 | */ |
||
596 | public function countUsersRates($userid, $column) |
||
597 | { |
||
598 | $sum = 0; |
||
599 | // @sanitize $column - make sure it's a valid column in the vote dB table |
||
600 | $validCol = in_array($column, ['up', 'down']) ? $column : 'vote_id'; |
||
601 | $query = 'SELECT SUM(' . $validCol . ') AS sum FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE owner = '" . (int)$userid . "'"; |
||
602 | $result = $GLOBALS['xoopsDB']->queryF($query); |
||
603 | while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) { |
||
604 | $sum = $row['sum']; |
||
605 | } |
||
606 | |||
607 | return (int)$sum; |
||
608 | } |
||
609 | |||
610 | /** |
||
611 | * Delete user account and associate rows across tables |
||
612 | * |
||
613 | * echos string to display |
||
614 | * |
||
615 | * @param int $userid |
||
616 | * @return bool true on success, false on failure |
||
617 | */ |
||
618 | public function deleteAccount($userid) |
||
619 | { |
||
620 | $userid = (int)$userid; |
||
621 | $user = new \XoopsUser($userid); |
||
622 | $username = $user->uname(); |
||
623 | $sql01 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_admin') . " WHERE userid = '" . $userid . "'"; |
||
624 | $sql02 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_comments') . " WHERE uid_fk = '" . $userid . "'"; |
||
625 | $sql03 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_followers') . " WHERE me = '" . $userid . "' OR you = '" . $userid . "'"; |
||
626 | $sql04 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_friends') . " WHERE me = '" . $userid . "' OR you = '" . $userid . "'"; |
||
627 | $sql05 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_images') . " WHERE userid = '" . $userid . "'"; |
||
628 | $sql06 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_messages') . " WHERE uid_fk = '" . $userid . "'"; |
||
629 | $sql07 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_user') . " WHERE userid = '" . $userid . "'"; |
||
630 | $sql08 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_vote') . " WHERE user_id = '" . $userid . "'"; |
||
631 | $sql09 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_complaints') . " WHERE owner = '" . $userid . "' OR byuser_id = '" . $userid . "'"; |
||
632 | $sql10 = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " WHERE userid = '" . $userid . "'"; |
||
633 | |||
634 | $result01 = $GLOBALS['xoopsDB']->queryF($sql01); |
||
635 | $result02 = $GLOBALS['xoopsDB']->queryF($sql02); |
||
636 | $result03 = $GLOBALS['xoopsDB']->queryF($sql03); |
||
637 | $result04 = $GLOBALS['xoopsDB']->queryF($sql04); |
||
638 | $result05 = $GLOBALS['xoopsDB']->queryF($sql05); |
||
639 | $result06 = $GLOBALS['xoopsDB']->queryF($sql06); |
||
640 | $result07 = $GLOBALS['xoopsDB']->queryF($sql07); |
||
641 | $result08 = $GLOBALS['xoopsDB']->queryF($sql08); |
||
642 | $result09 = $GLOBALS['xoopsDB']->queryF($sql09); |
||
643 | $result10 = $GLOBALS['xoopsDB']->queryF($sql10); |
||
644 | // Remove picture dir |
||
645 | $dirname = XOOPS_ROOT_PATH . '/uploads/albums_smallworld' . '/' . $userid . '/'; |
||
646 | $result11 = $this->smallworld_remDir($userid, $dirname, $empty = false); |
||
647 | echo $username . _AM_SMALLWORLD_ADMIN_USERDELETEDALERT; |
||
648 | |||
649 | return $result01 && $result02 && $result03 && $result04 && $result05 && $result06 && $result07 && $result08 && $result09 && $result10 && $result11; |
||
650 | } |
||
651 | |||
652 | /** |
||
653 | * Delete images from users on delete |
||
654 | * |
||
655 | * @param int $userid |
||
656 | * @return bool |
||
657 | */ |
||
658 | public function SmallworldDeleteDirectory($userid) |
||
659 | { |
||
660 | $dirname = XOOPS_ROOT_PATH . '/uploads/albums_smallworld' . '/' . (int)$userid . '/'; |
||
661 | if (is_dir($dirname)) { |
||
662 | $dir_handle = opendir($dirname); |
||
663 | } |
||
664 | if (!$dir_handle) { |
||
0 ignored issues
–
show
The variable
$dir_handle does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
665 | return false; |
||
666 | } |
||
667 | while (false !== ($file = readdir($dir_handle))) { |
||
668 | View Code Duplication | if ('.' !== $file && '..' !== $file) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
669 | if (!is_dir($dirname . '/' . $file)) { |
||
670 | unlink($dirname . '/' . $file); |
||
671 | } else { |
||
672 | $this->SmallworldDeleteDirectory($dirname . '/' . $file); |
||
673 | } |
||
674 | } |
||
675 | } |
||
676 | closedir($dir_handle); |
||
677 | rmdir($dirname); |
||
678 | |||
679 | return true; |
||
680 | } |
||
681 | |||
682 | /** |
||
683 | * Remove user image dir in uploads |
||
684 | * |
||
685 | * @param int $userid |
||
686 | * @param string|bool $directory |
||
687 | * @param bool|int $empty |
||
688 | * @return bool |
||
0 ignored issues
–
show
|
|||
689 | */ |
||
690 | View Code Duplication | public function smallworld_remDir($userid, $directory, $empty = false) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
691 | { |
||
692 | //@todo verify $userid should be int and then sanitize $userid accordingly before |
||
693 | // executing this routine |
||
694 | if (!empty($userid)) { |
||
695 | if ('/' === mb_substr($directory, -1)) { |
||
696 | $directory = mb_substr($directory, 0, -1); |
||
697 | } |
||
698 | |||
699 | if (!file_exists($directory) || !is_dir($directory)) { |
||
700 | return false; |
||
701 | } elseif (!is_readable($directory)) { |
||
702 | return false; |
||
703 | } |
||
704 | $directoryHandle = opendir($directory); |
||
705 | while (false !== ($contents = readdir($directoryHandle))) { |
||
706 | if ('.' !== $contents && '..' !== $contents) { |
||
707 | $path = $directory . '/' . $contents; |
||
708 | if (is_dir($path)) { |
||
709 | $this->smallworld_remDir($userid, $path); |
||
710 | } else { |
||
711 | unlink($path); |
||
712 | } |
||
713 | } |
||
714 | } |
||
715 | closedir($directoryHandle); |
||
716 | if (false === $empty) { |
||
717 | if (!rmdir($directory)) { |
||
718 | return false; |
||
719 | } |
||
720 | } |
||
721 | |||
722 | return true; |
||
723 | } |
||
724 | } |
||
725 | |||
726 | /** |
||
727 | * Update private settings |
||
728 | * |
||
729 | * @param mixed $id user's id |
||
730 | * @param mixed $posts |
||
731 | * @return string serialized settings for this id |
||
732 | */ |
||
733 | public function saveSettings($id, $posts) |
||
734 | { |
||
735 | $id = (int)$id; |
||
736 | $sql = 'SELECT value FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . ' WHERE userid = ' . $id . ''; |
||
737 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
738 | $i = $GLOBALS['xoopsDB']->getRowsNum($result); |
||
739 | if ($i > 0) { |
||
740 | $sql = 'UPDATE ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " SET value = '" . $posts . "' WHERE userid = " . (int)$id . ''; |
||
741 | } else { |
||
742 | $sql = 'INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . " (userid,value) VALUES ('" . $id . "', '" . $posts . "')"; |
||
743 | } |
||
744 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
0 ignored issues
–
show
$result is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the ![]() |
|||
745 | |||
746 | return $this->getSettings($id); |
||
747 | } |
||
748 | |||
749 | /** |
||
750 | * Retrieve private settings |
||
751 | * |
||
752 | * @param mixed $userid |
||
753 | * @return string serialized string |
||
754 | */ |
||
755 | public function getSettings($userid) |
||
756 | { |
||
757 | $sql = 'SELECT value FROM ' . $GLOBALS['xoopsDB']->prefix('smallworld_settings') . ' WHERE userid = ' . (int)$userid . ''; |
||
758 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||
759 | $i = $GLOBALS['xoopsDB']->getRowsNum($result); |
||
760 | if ($i < 1) { |
||
761 | $posts = serialize( |
||
762 | [ |
||
763 | 'posts' => 0, |
||
764 | 'comments' => 0, |
||
765 | 'notify' => 1, |
||
766 | ] |
||
767 | ); |
||
768 | $this->saveSettings($userid, $posts); |
||
769 | $retVal = $this->getSettings($userid); |
||
770 | } else { |
||
771 | while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) { |
||
772 | $data = $row['value']; |
||
773 | } |
||
774 | |||
775 | $retVal = json_encode(unserialize(stripslashes($data))); |
||
0 ignored issues
–
show
The variable
$data does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
![]() |
|||
776 | } |
||
777 | |||
778 | return $retVal; |
||
779 | } |
||
780 | } |
||
781 |
If you define a variable conditionally, it can happen that it is not defined for all execution paths.
Let’s take a look at an example:
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.
Available Fixes
Check for existence of the variable explicitly:
Define a default value for the variable:
Add a value for the missing path: