Issues in Member.php (master) - Issues in master - angelov/storgman - Measure and Improve Code Quality continuously with Scrutinizer

Issues (159)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Members/Member.php (2 issues)

Labels

Documentation 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Storgman - Student Organizations Management
 * Copyright (C) 2014-2016, Dejan Angelov <[email protected]>
 *
 * This file is part of Storgman.
 *
 * Storgman is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Storgman is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Storgman.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @package Storgman
 * @copyright Copyright (C) 2014-2016, Dejan Angelov <[email protected]>
 * @license https://github.com/angelov/storgman/blob/master/LICENSE
 * @author Dejan Angelov <[email protected]>
 */

namespace Angelov\Storgman\Members;

use Angelov\Storgman\Faculties\Faculty;
use Angelov\Storgman\Meetings\Meeting;
use Angelov\Storgman\Membership\Fee;
use Carbon\Carbon;
use DateTime;
use Illuminate\Auth\Authenticatable;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableInterface;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordInterface;
use Illuminate\Database\Eloquent\Model;

class Member extends Model implements AuthenticatableInterface, CanResetPasswordInterface
{
    use Authenticatable, CanResetPassword;

    protected $table = 'members';

    protected $hidden = ['password', 'remember_token'];

    protected $appends = ['full_name', 'membership_status', 'membership_expiration_date'];

    protected $dates = ['birthday'];

    public function getId()
    {
        return $this->getAttribute('id');
    }

    public function getEmail()
    {
        return $this->getAttribute('email');
    }

    /**
     * @param string $email
     */
    public function setEmail($email)
    {
        $this->setAttribute('email', $email);
    }

    public function getPassword()
    {
        return $this->getAttribute('password');
    }

    /**
     * @param string $password
     */
    public function setPassword($password)
    {
        $this->setAttribute('password', $password);
    }

    public function getFirstName()
    {
        return $this->getAttribute('first_name');
    }

    /**
     * @param string $firstName
     */
    public function setFirstName($firstName)
    {
        $this->setAttribute('first_name', $firstName);
    }

    public function getLastName()
    {
        return $this->getAttribute('last_name');
    }

    /**
     * @param string $lastName
     */
    public function setLastName($lastName)
    {
        $this->setAttribute('last_name', $lastName);
    }

    public function getFullName()
    {
        return $this->getFirstName() . " " . $this->getLastName();
    }

    public function faculty()
    {
        return $this->belongsTo(Faculty::class, 'faculty_id');
    }

    /**
     * @return Faculty
     */
    public function getFaculty()
    {
        return $this->faculty;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
    }

    public function setFaculty(Faculty $faculty)
    {
        $this->faculty()->associate($faculty);
    }

    public function getFieldOfStudy()
    {
        return $this->getAttribute('field_of_study');
    }

    /**
     * @param string $field
     */
    public function setFieldOfStudy($field)
    {
        $this->setAttribute('field_of_study', $field);
    }

    public function getYearOfGraduation()
    {
        return $this->getAttribute('year_of_graduation');
    }

    /**
     * @param int $year
     */
    public function setYearOfGraduation($year)
    {
        $this->setAttribute('year_of_graduation', $year);
    }

    public function getPhoto()
    {
        $photo = $this->getAttribute('photo');

        return ($photo) ? $photo : "default-member-photo.png";
    }

    /**
     * @param string $photoFileName
     */
    public function setPhoto($photoFileName)
    {
        $this->setAttribute('photo', $photoFileName);
    }

    /**
     * @return Carbon
     */
    public function getBirthday()
    {
        return $this->getAttribute('birthday');
    }

    public function setBirthday(DateTime $birthday)
    {
        $this->setAttribute('birthday', $birthday);
    }

    /**
     * @return int
     */
    public function getAge()
    {
        return $this->getBirthday()->age;
    }

    public function isBoardMember()
    {
        return $this->getAttribute('board_member');
    }

    /**
     * @param boolean $isBoardMember
     */
    public function setBoardMember($isBoardMember)
    {
        $this->setAttribute('board_member', $isBoardMember);
    }

    public function getPositionTitle()
    {
        return $this->getAttribute('position_title');
    }

    /**
     * @param string $title
     */
    public function setPositionTitle($title)
    {
        $this->setAttribute('position_title', $title);
    }

    /**
     * @return Carbon
     */
    public function getCreatedAt()
    {
        return $this->getAttribute('created_at');
    }

    /**
     * @return Carbon
     */
    public function getUpdatedAt()
    {
        return $this->getAttribute('updated_at');
    }

    public function getFacebook()
    {
        return $this->getAttribute('facebook');
    }

    /**
     * @param string $profile
     */
    public function setFacebook($profile)
    {
        $this->setAttribute('facebook', $profile);
    }

    public function getTwitter()
    {
        return $this->getAttribute('twitter');
    }

    /**
     * @param string $profile
     */
    public function setTwitter($profile)
    {
        $this->setAttribute('twitter', $profile);
    }

    public function getGooglePlus()
    {
        return $this->getAttribute('google_plus');
    }

    /**
     * @param string $profile
     */
    public function setGooglePlus($profile)
    {
        $this->setAttribute('google_plus', $profile);
    }

    public function getPhoneNumber()
    {
        return $this->getAttribute('phone');
    }

    /**
     * @param string $number
     */
    public function setPhoneNumber($number)
    {
        $this->setAttribute('phone', $number);
    }

    public function getWebsite()
    {
        return $this->getAttribute('website');
    }

    /**
     * @param string $url
     */
    public function setWebsite($url)
    {
        $this->setAttribute('website', $url);
    }

    public function isAlumniMember()
    {
        return $this->getAttribute('alumni');
    }

    /**
     * @param boolean $isAlumni
     */
    public function setAlumniMember($isAlumni)
    {
        $this->setAttribute('alumni', $isAlumni);
    }

    public function isApproved()
    {
        return $this->getAttribute('approved');
    }

    /**
     * @param boolean $isApproved
     */
    public function setApproved($isApproved)
    {
        $this->setAttribute('approved', $isApproved);
    }

    /**
     * Membership fees paid by the member
     *
     * @return \Illuminate\Database\Eloquent\Relations\HasMany
     */
    public function fees()
    {
        return $this->hasMany(Fee::class);
    }

    /**
     * @return Fee[]
     */
    public function getFees()
    {
        return $this->fees;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
    }

    /**
     * @return Carbon
     */
    public function getExpirationDate()
    {
        $fee = $this->getLatestFee();

        return (!$fee) ? null : $fee->getToDate();
    }

    /**
     * @return Carbon
     */
    public function getJoiningDate()
    {
        $fee = $this->getFirstFee();

        return ($fee) ? $fee->getFromDate() : $this->getCreatedAt();
    }

    /**
     * @param string $order ASC or DESC
     * @return Fee
     */
    private function getFeeByOrder($order)
    {
        $fee = $this->fees()->orderBy('to_date', $order)->first();

        return $fee;
    }

    /**
     * @return Fee
     */
    public function getLatestFee()
    {
        return $this->getFeeByOrder("DESC");
    }

    /**
     * @return Fee
     */
    public function getFirstFee()
    {
        return $this->getFeeByOrder("ASC");
    }

    /**
     * @return bool
     */
    public function isActive()
    {
        $expirationDate = $this->getExpirationDate();

        if (!$expirationDate) {
            return false;
        }

        $today = new DateTime();

        return $today < $expirationDate;
    }

    /**
     * @return string
     */
    public function getMembershipStatus()
    {
        return ($this->isActive()) ? "Active" : "Inactive";
    }

    /**
     * @return \Illuminate\Database\Eloquent\Relations\BelongsToMany
     */
    public function attendedMeetings()
    {
        return $this->belongsToMany(Meeting::class);
    }

    /**
     * @return \Illuminate\Database\Eloquent\Relations\HasMany
     */
    public function createdMeetings()
    {
        return $this->hasMany(Meeting::class);
    }
}


1			<?php
2
3			/**
4			* Storgman - Student Organizations Management
5			* Copyright (C) 2014-2016, Dejan Angelov <[email protected]>
6			*
7			* This file is part of Storgman.
8			*
9			* Storgman is free software: you can redistribute it and/or modify
10			* it under the terms of the GNU General Public License as published by
11			* the Free Software Foundation, either version 3 of the License, or
12			* (at your option) any later version.
13			*
14			* Storgman is distributed in the hope that it will be useful,
15			* but WITHOUT ANY WARRANTY; without even the implied warranty of
16			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17			* GNU General Public License for more details.
18			*
19			* You should have received a copy of the GNU General Public License
20			* along with Storgman. If not, see <http://www.gnu.org/licenses/>.
21			*
22			* @package Storgman
23			* @copyright Copyright (C) 2014-2016, Dejan Angelov <[email protected]>
24			* @license https://github.com/angelov/storgman/blob/master/LICENSE
25			* @author Dejan Angelov <[email protected]>
26			*/
27
28			namespace Angelov\Storgman\Members;
29
30			use Angelov\Storgman\Faculties\Faculty;
31			use Angelov\Storgman\Meetings\Meeting;
32			use Angelov\Storgman\Membership\Fee;
33			use Carbon\Carbon;
34			use DateTime;
35			use Illuminate\Auth\Authenticatable;
36			use Illuminate\Auth\Passwords\CanResetPassword;
37			use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableInterface;
38			use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordInterface;
39			use Illuminate\Database\Eloquent\Model;
40
41			class Member extends Model implements AuthenticatableInterface, CanResetPasswordInterface
42			{
43			use Authenticatable, CanResetPassword;
44
45			protected $table = 'members';
46
47			protected $hidden = ['password', 'remember_token'];
48
49			protected $appends = ['full_name', 'membership_status', 'membership_expiration_date'];
50
51			protected $dates = ['birthday'];
52
53			public function getId()
54			{
55			return $this->getAttribute('id');
56			}
57
58			public function getEmail()
59			{
60			return $this->getAttribute('email');
61			}
62
63			/**
64			* @param string $email
65			*/
66			public function setEmail($email)
67			{
68			$this->setAttribute('email', $email);
69			}
70
71			public function getPassword()
72			{
73			return $this->getAttribute('password');
74			}
75
76			/**
77			* @param string $password
78			*/
79			public function setPassword($password)
80			{
81			$this->setAttribute('password', $password);
82			}
83
84			public function getFirstName()
85			{
86			return $this->getAttribute('first_name');
87			}
88
89			/**
90			* @param string $firstName
91			*/
92			public function setFirstName($firstName)
93			{
94			$this->setAttribute('first_name', $firstName);
95			}
96
97			public function getLastName()
98			{
99			return $this->getAttribute('last_name');
100			}
101
102			/**
103			* @param string $lastName
104			*/
105			public function setLastName($lastName)
106			{
107			$this->setAttribute('last_name', $lastName);
108			}
109
110			public function getFullName()
111			{
112			return $this->getFirstName() . " " . $this->getLastName();
113			}
114
115			public function faculty()
116			{
117			return $this->belongsTo(Faculty::class, 'faculty_id');
118			}
119
120			/**
121			* @return Faculty
122			*/
123			public function getFaculty()
124			{
125			return $this->faculty;
			0 ignored issues – show Documentation introduced 2017-02-01 19:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `faculty` does not exist on `object<Angelov\Storgman\Members\Member>`. Since you implemented `__get`, maybe consider adding a @property annotation. Since your code implements the magic getter `_get`, this function will be called for any read access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
126			}
127
128			public function setFaculty(Faculty $faculty)
129			{
130			$this->faculty()->associate($faculty);
131			}
132
133			public function getFieldOfStudy()
134			{
135			return $this->getAttribute('field_of_study');
136			}
137
138			/**
139			* @param string $field
140			*/
141			public function setFieldOfStudy($field)
142			{
143			$this->setAttribute('field_of_study', $field);
144			}
145
146			public function getYearOfGraduation()
147			{
148			return $this->getAttribute('year_of_graduation');
149			}
150
151			/**
152			* @param int $year
153			*/
154			public function setYearOfGraduation($year)
155			{
156			$this->setAttribute('year_of_graduation', $year);
157			}
158
159			public function getPhoto()
160			{
161			$photo = $this->getAttribute('photo');
162
163			return ($photo) ? $photo : "default-member-photo.png";
164			}
165
166			/**
167			* @param string $photoFileName
168			*/
169			public function setPhoto($photoFileName)
170			{
171			$this->setAttribute('photo', $photoFileName);
172			}
173
174			/**
175			* @return Carbon
176			*/
177			public function getBirthday()
178			{
179			return $this->getAttribute('birthday');
180			}
181
182			public function setBirthday(DateTime $birthday)
183			{
184			$this->setAttribute('birthday', $birthday);
185			}
186
187			/**
188			* @return int
189			*/
190			public function getAge()
191			{
192			return $this->getBirthday()->age;
193			}
194
195			public function isBoardMember()
196			{
197			return $this->getAttribute('board_member');
198			}
199
200			/**
201			* @param boolean $isBoardMember
202			*/
203			public function setBoardMember($isBoardMember)
204			{
205			$this->setAttribute('board_member', $isBoardMember);
206			}
207
208			public function getPositionTitle()
209			{
210			return $this->getAttribute('position_title');
211			}
212
213			/**
214			* @param string $title
215			*/
216			public function setPositionTitle($title)
217			{
218			$this->setAttribute('position_title', $title);
219			}
220
221			/**
222			* @return Carbon
223			*/
224			public function getCreatedAt()
225			{
226			return $this->getAttribute('created_at');
227			}
228
229			/**
230			* @return Carbon
231			*/
232			public function getUpdatedAt()
233			{
234			return $this->getAttribute('updated_at');
235			}
236
237			public function getFacebook()
238			{
239			return $this->getAttribute('facebook');
240			}
241
242			/**
243			* @param string $profile
244			*/
245			public function setFacebook($profile)
246			{
247			$this->setAttribute('facebook', $profile);
248			}
249
250			public function getTwitter()
251			{
252			return $this->getAttribute('twitter');
253			}
254
255			/**
256			* @param string $profile
257			*/
258			public function setTwitter($profile)
259			{
260			$this->setAttribute('twitter', $profile);
261			}
262
263			public function getGooglePlus()
264			{
265			return $this->getAttribute('google_plus');
266			}
267
268			/**
269			* @param string $profile
270			*/
271			public function setGooglePlus($profile)
272			{
273			$this->setAttribute('google_plus', $profile);
274			}
275
276			public function getPhoneNumber()
277			{
278			return $this->getAttribute('phone');
279			}
280
281			/**
282			* @param string $number
283			*/
284			public function setPhoneNumber($number)
285			{
286			$this->setAttribute('phone', $number);
287			}
288
289			public function getWebsite()
290			{
291			return $this->getAttribute('website');
292			}
293
294			/**
295			* @param string $url
296			*/
297			public function setWebsite($url)
298			{
299			$this->setAttribute('website', $url);
300			}
301
302			public function isAlumniMember()
303			{
304			return $this->getAttribute('alumni');
305			}
306
307			/**
308			* @param boolean $isAlumni
309			*/
310			public function setAlumniMember($isAlumni)
311			{
312			$this->setAttribute('alumni', $isAlumni);
313			}
314
315			public function isApproved()
316			{
317			return $this->getAttribute('approved');
318			}
319
320			/**
321			* @param boolean $isApproved
322			*/
323			public function setApproved($isApproved)
324			{
325			$this->setAttribute('approved', $isApproved);
326			}
327
328			/**
329			* Membership fees paid by the member
330			*
331			* @return \Illuminate\Database\Eloquent\Relations\HasMany
332			*/
333			public function fees()
334			{
335			return $this->hasMany(Fee::class);
336			}
337
338			/**
339			* @return Fee[]
340			*/
341			public function getFees()
342			{
343			return $this->fees;
			0 ignored issues – show Documentation introduced 2017-02-01 19:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `fees` does not exist on `object<Angelov\Storgman\Members\Member>`. Since you implemented `__get`, maybe consider adding a @property annotation. Since your code implements the magic getter `_get`, this function will be called for any read access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
344			}
345
346			/**
347			* @return Carbon
348			*/
349			public function getExpirationDate()
350			{
351			$fee = $this->getLatestFee();
352
353			return (!$fee) ? null : $fee->getToDate();
354			}
355
356			/**
357			* @return Carbon
358			*/
359			public function getJoiningDate()
360			{
361			$fee = $this->getFirstFee();
362
363			return ($fee) ? $fee->getFromDate() : $this->getCreatedAt();
364			}
365
366			/**
367			* @param string $order ASC or DESC
368			* @return Fee
369			*/
370			private function getFeeByOrder($order)
371			{
372			$fee = $this->fees()->orderBy('to_date', $order)->first();
373
374			return $fee;
375			}
376
377			/**
378			* @return Fee
379			*/
380			public function getLatestFee()
381			{
382			return $this->getFeeByOrder("DESC");
383			}
384
385			/**
386			* @return Fee
387			*/
388			public function getFirstFee()
389			{
390			return $this->getFeeByOrder("ASC");
391			}
392
393			/**
394			* @return bool
395			*/
396			public function isActive()
397			{
398			$expirationDate = $this->getExpirationDate();
399
400			if (!$expirationDate) {
401			return false;
402			}
403
404			$today = new DateTime();
405
406			return $today < $expirationDate;
407			}
408
409			/**
410			* @return string
411			*/
412			public function getMembershipStatus()
413			{
414			return ($this->isActive()) ? "Active" : "Inactive";
415			}
416
417			/**
418			* @return \Illuminate\Database\Eloquent\Relations\BelongsToMany
419			*/
420			public function attendedMeetings()
421			{
422			return $this->belongsToMany(Meeting::class);
423			}
424
425			/**
426			* @return \Illuminate\Database\Eloquent\Relations\HasMany
427			*/
428			public function createdMeetings()
429			{
430			return $this->hasMany(Meeting::class);
431			}
432			}
433

angelov / storgman

Issues (159)

Security Analysis not enabled

app/Members/Member.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like