Issues in whoisonline.php - All Issues - Inspection of "Minor - Fix icon" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 1.10.x ( ef999d...bae640 )

by Julito

created 2016-11-09 08:34 UTC

whoisonline.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* For licensing terms, see /license.txt */

/**
* Who is online list
*/
if (!isset($_GET['cidReq'])) {
    $cidReset = true;
}

// including necessary files
require_once './main/inc/global.inc.php';

if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
    api_protect_course_script(true);
}

$_SESSION['who_is_online_counter'] = 2;
$this_section = SECTION_SOCIAL;
// table definitions
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);

$social_right_content = null;
$whoisonline_list = null;
$social_search = '';

/* if (isset($_GET['chatid'])) {
    //send out call request
    $time = time();
    $time = date("Y-m-d H:i:s", $time);
    $chatid = intval($_GET['chatid']);
    if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
        $sql = "update $track_user_table set chatcall_user_id = ".intval($_user['user_id']).", chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
        $result = Database::query($sql);
        //redirect caller to chat
        header("Location: ".api_get_path(WEB_CODE_PATH)."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));
        exit;
    }
}
*/
// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
    ((api_get_setting('showonline', 'users') == 'true' || api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
) {

    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
        $user_list = who_is_online_in_this_course(
            0,
            12,
            api_get_user_id(),
            api_get_setting('time_limit_whosonline'),
            $_GET['cidReq']
        );
    } else {
        $user_list = who_is_online(0, 12);
    }
    /* if (!isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true') {
            if (!api_is_anonymous()) {
                //this include the social menu div
                $social_left_content = SocialManager::show_social_menu('whoisonline');
            }
        }
    }
*/
    if ($user_list) {
        if (!isset($_GET['id'])) {
            if (api_get_setting('allow_social_tool') == 'true') {
                if (!api_is_anonymous()) {
                    $query = isset($_GET['q']) ? $_GET['q']: null;
                    $social_search = UserManager::get_search_form($query);
                }
            }
            $social_right_content .= SocialManager::display_user_list($user_list);
        }
    }

    $whoisonline_list .= SocialManager::display_user_list($user_list);


    if (isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
            exit;
        } else {
            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
        }
    }
} else {
    api_not_allowed();
    exit;
}

$tpl = new Template(get_lang('UsersOnLineList'));

if (api_get_setting('allow_social_tool') == 'true' && !api_is_anonymous()) {
    $tpl->assign('whoisonline', $whoisonline_list);
    $tpl->assign('social_search', $social_search);
} else {
    $tpl->assign('whoisonline', $social_right_content);
}

$social_layout = $tpl->get_template('social/whoisonline.tpl');
$tpl->display($social_layout);


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* Who is online list
6			*/
7			if (!isset($_GET['cidReq'])) {
8			$cidReset = true;
9			}
10
11			// including necessary files
12			require_once './main/inc/global.inc.php';
13
14			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
15			api_protect_course_script(true);
16			}
17
18			$_SESSION['who_is_online_counter'] = 2;
19			$this_section = SECTION_SOCIAL;
20			// table definitions
21			$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
22
23			$social_right_content = null;
24			$whoisonline_list = null;
25			$social_search = '';
26
27			/* if (isset($_GET['chatid'])) {
28			//send out call request
29			$time = time();
30			$time = date("Y-m-d H:i:s", $time);
31			$chatid = intval($_GET['chatid']);
32			if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
33			$sql = "update $track_user_table set chatcall_user_id = ".intval($_user['user_id']).", chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
34			$result = Database::query($sql);
35			//redirect caller to chat
36			header("Location: ".api_get_path(WEB_CODE_PATH)."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));
37			exit;
38			}
39			}
40			*/
41			// This if statement prevents users accessing the who's online feature when it has been disabled.
42			if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) \|\|
43			((api_get_setting('showonline', 'users') == 'true' \|\| api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
44			) {
45
46			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
47			$user_list = who_is_online_in_this_course(
48			0,
49			12,
50			api_get_user_id(),
51			api_get_setting('time_limit_whosonline'),
52			$_GET['cidReq']
53			);
54			} else {
55			$user_list = who_is_online(0, 12);
56			}
57			/* if (!isset($_GET['id'])) {
58			if (api_get_setting('allow_social_tool') == 'true') {
59			if (!api_is_anonymous()) {
60			//this include the social menu div
61			$social_left_content = SocialManager::show_social_menu('whoisonline');
62			}
63			}
64			}
65			*/
66			if ($user_list) {
67			if (!isset($_GET['id'])) {
68			if (api_get_setting('allow_social_tool') == 'true') {
69			if (!api_is_anonymous()) {
70			$query = isset($_GET['q']) ? $_GET['q']: null;
71			$social_search = UserManager::get_search_form($query);
72			}
73			}
74			$social_right_content .= SocialManager::display_user_list($user_list);
75			}
76			}
77
78			$whoisonline_list .= SocialManager::display_user_list($user_list);
			0 ignored issues – show Security Bug introduced 2016-02-26 17:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user_list` can also be of type `false`; however, `SocialManager::display_user_list()` does only seem to accept `array`, did you maybe forget to handle an error condition? Loading history...
79
80			if (isset($_GET['id'])) {
81			if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
82			header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
83			exit;
84			} else {
85			$social_right_content .= SocialManager::display_individual_user($_GET['id']);
86			}
87			}
88			} else {
89			api_not_allowed();
90			exit;
91			}
92
93			$tpl = new Template(get_lang('UsersOnLineList'));
94
95			if (api_get_setting('allow_social_tool') == 'true' && !api_is_anonymous()) {
96			$tpl->assign('whoisonline', $whoisonline_list);
97			$tpl->assign('social_search', $social_search);
98			} else {
99			$tpl->assign('whoisonline', $social_right_content);
100			}
101
102			$social_layout = $tpl->get_template('social/whoisonline.tpl');
103			$tpl->display($social_layout);
104

chamilo / chamilo-lms

Push — 1.10.x ( ef999d...bae640 )

whoisonline.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like