Issues in whoisonline.php - All Issues - Inspection of "Merge pull request #1345 from jloguercio/1.10.x" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 1.10.x ( 6a250a...d91755 )

by José

created 2016-08-08 23:02 UTC

whoisonline.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* For licensing terms, see /license.txt */

/**
* Who is online list
*/
if (!isset($_GET['cidReq'])) {
    $cidReset = true;
}

// including necessary files
require_once './main/inc/global.inc.php';

if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
    api_protect_course_script(true);
}

$_SESSION['who_is_online_counter'] = 2;
$this_section = SECTION_SOCIAL;
// table definitions
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);

$social_right_content = null;
$whoisonline_list = null;
$social_search = '';

/* if (isset($_GET['chatid'])) {
    //send out call request
    $time = time();
    $time = date("Y-m-d H:i:s", $time);
    $chatid = intval($_GET['chatid']);
    if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
        $sql = "update $track_user_table set chatcall_user_id = ".intval($_user['user_id']).", chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
        $result = Database::query($sql);
        //redirect caller to chat
        header("Location: ".api_get_path(WEB_CODE_PATH)."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));
        exit;
    }
}
*/
// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
    ((api_get_setting('showonline', 'users') == 'true' || api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
) {

    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
        $user_list = who_is_online_in_this_course(0, 9, api_get_user_id(), api_get_setting('time_limit_whosonline'), $_GET['cidReq']);
    } else {
        $user_list = who_is_online(0, 9);
    }
    /* if (!isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true') {
            if (!api_is_anonymous()) {
                //this include the social menu div
                $social_left_content = SocialManager::show_social_menu('whoisonline');
            }
        }
    }
*/
    if ($user_list) {
        if (!isset($_GET['id'])) {
            if (api_get_setting('allow_social_tool') == 'true') {
                if (!api_is_anonymous()) {
                    $query = isset($_GET['q']) ? $_GET['q']: null;
                    $social_search = UserManager::get_search_form($query);
                }
            }
            $social_right_content .= SocialManager::display_user_list($user_list);
        }
    }

    $whoisonline_list .= SocialManager::display_user_list($user_list);



    if (isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
            exit;
        } else {
            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
        }
    }
} else {
    api_not_allowed();
    exit;
}

$tpl = new Template(get_lang('UsersOnLineList'));

if (api_get_setting('allow_social_tool') == 'true' && !api_is_anonymous()) {
    $tpl->assign('whoisonline', $whoisonline_list);
    $tpl->assign('social_search', $social_search);
    $social_layout = $tpl->get_template('social/whoisonline.tpl');
    $tpl->display($social_layout);
} else {
    $content = $social_right_content;
    $tpl->assign('header', get_lang('UsersOnLineList'));
    $tpl->assign('content', $content);
    $tpl->display_one_col_template();
}


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* Who is online list
6			*/
7			if (!isset($_GET['cidReq'])) {
8			$cidReset = true;
9			}
10
11			// including necessary files
12			require_once './main/inc/global.inc.php';
13
14			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
15			api_protect_course_script(true);
16			}
17
18			$_SESSION['who_is_online_counter'] = 2;
19			$this_section = SECTION_SOCIAL;
20			// table definitions
21			$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
22
23			$social_right_content = null;
24			$whoisonline_list = null;
25			$social_search = '';
26
27			/* if (isset($_GET['chatid'])) {
28			//send out call request
29			$time = time();
30			$time = date("Y-m-d H:i:s", $time);
31			$chatid = intval($_GET['chatid']);
32			if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
33			$sql = "update $track_user_table set chatcall_user_id = ".intval($_user['user_id']).", chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
34			$result = Database::query($sql);
35			//redirect caller to chat
36			header("Location: ".api_get_path(WEB_CODE_PATH)."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));
37			exit;
38			}
39			}
40			*/
41			// This if statement prevents users accessing the who's online feature when it has been disabled.
42			if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) \|\|
43			((api_get_setting('showonline', 'users') == 'true' \|\| api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
44			) {
45
46			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
47			$user_list = who_is_online_in_this_course(0, 9, api_get_user_id(), api_get_setting('time_limit_whosonline'), $_GET['cidReq']);
48			} else {
49			$user_list = who_is_online(0, 9);
50			}
51			/* if (!isset($_GET['id'])) {
52			if (api_get_setting('allow_social_tool') == 'true') {
53			if (!api_is_anonymous()) {
54			//this include the social menu div
55			$social_left_content = SocialManager::show_social_menu('whoisonline');
56			}
57			}
58			}
59			*/
60			if ($user_list) {
61			if (!isset($_GET['id'])) {
62			if (api_get_setting('allow_social_tool') == 'true') {
63			if (!api_is_anonymous()) {
64			$query = isset($_GET['q']) ? $_GET['q']: null;
65			$social_search = UserManager::get_search_form($query);
66			}
67			}
68			$social_right_content .= SocialManager::display_user_list($user_list);
69			}
70			}
71
72			$whoisonline_list .= SocialManager::display_user_list($user_list);
			0 ignored issues – show Security Bug introduced 2016-02-26 17:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user_list` can also be of type `false`; however, `SocialManager::display_user_list()` does only seem to accept `array`, did you maybe forget to handle an error condition? Loading history...
73
74
75			if (isset($_GET['id'])) {
76			if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
77			header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
78			exit;
79			} else {
80			$social_right_content .= SocialManager::display_individual_user($_GET['id']);
81			}
82			}
83			} else {
84			api_not_allowed();
85			exit;
86			}
87
88			$tpl = new Template(get_lang('UsersOnLineList'));
89
90			if (api_get_setting('allow_social_tool') == 'true' && !api_is_anonymous()) {
91			$tpl->assign('whoisonline', $whoisonline_list);
92			$tpl->assign('social_search', $social_search);
93			$social_layout = $tpl->get_template('social/whoisonline.tpl');
94			$tpl->display($social_layout);
95			} else {
96			$content = $social_right_content;
97			$tpl->assign('header', get_lang('UsersOnLineList'));
98			$tpl->assign('content', $content);
99			$tpl->display_one_col_template();
100			}
101

chamilo / chamilo-lms

Push — 1.10.x ( 6a250a...d91755 )

whoisonline.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like