Issues in whoisonline.php - All Issues - Inspection of "Merge pull request #1661 from jloguercio/1.11.x" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 1.11.x ( 64c594...7659e1 )

by José

created 2017-02-09 22:15 UTC

whoisonline.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* For licensing terms, see /license.txt */

/**
* Who is online list
*/
if (!isset($_GET['cidReq'])) {
    $cidReset = true;
}

// including necessary files
require_once './main/inc/global.inc.php';

if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
    api_protect_course_script(true);
}

$this_section = SECTION_SOCIAL;
$social_right_content = '';
$whoisonline_list = '';
$social_search = '';

// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
    ((api_get_setting('showonline', 'users') == 'true' || api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
) {
    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
        $user_list = who_is_online_in_this_course(
            0,
            MAX_ONLINE_USERS,
            api_get_user_id(),
            api_get_setting('time_limit_whosonline'),
            $_GET['cidReq']
        );
    } else {
        $user_list = who_is_online(0, MAX_ONLINE_USERS);
    }

    if ($user_list) {
        if (!isset($_GET['id'])) {
            if (api_get_setting('allow_social_tool') == 'true') {
                if (!api_is_anonymous()) {
                    $query = isset($_GET['q']) ? $_GET['q']: null;
                    $social_search = UserManager::get_search_form($query);
                }
            }
            $social_right_content .= SocialManager::display_user_list($user_list);
        }
    }

    $whoisonline_list .= SocialManager::display_user_list($user_list);


    if (isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
            exit;
        } else {
            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
        }
    }
} else {
    api_not_allowed();
    exit;
}

$tpl = new Template(get_lang('UsersOnLineList'));

if (api_get_setting('allow_social_tool') === 'true' && !api_is_anonymous()) {
    $tpl->assign('whoisonline', $whoisonline_list);
    $tpl->assign('social_search', $social_search);
} else {
    $tpl->assign('whoisonline', $social_right_content);
}

$social_layout = $tpl->get_template('social/whoisonline.tpl');
$tpl->display($social_layout);


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* Who is online list
6			*/
7			if (!isset($_GET['cidReq'])) {
8			$cidReset = true;
9			}
10
11			// including necessary files
12			require_once './main/inc/global.inc.php';
13
14			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
15			api_protect_course_script(true);
16			}
17
18			$this_section = SECTION_SOCIAL;
19			$social_right_content = '';
20			$whoisonline_list = '';
21			$social_search = '';
22
23			// This if statement prevents users accessing the who's online feature when it has been disabled.
24			if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) \|\|
25			((api_get_setting('showonline', 'users') == 'true' \|\| api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])
26			) {
27			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
28			$user_list = who_is_online_in_this_course(
29			0,
30			MAX_ONLINE_USERS,
31			api_get_user_id(),
32			api_get_setting('time_limit_whosonline'),
33			$_GET['cidReq']
34			);
35			} else {
36			$user_list = who_is_online(0, MAX_ONLINE_USERS);
37			}
38
39			if ($user_list) {
40			if (!isset($_GET['id'])) {
41			if (api_get_setting('allow_social_tool') == 'true') {
42			if (!api_is_anonymous()) {
43			$query = isset($_GET['q']) ? $_GET['q']: null;
44			$social_search = UserManager::get_search_form($query);
45			}
46			}
47			$social_right_content .= SocialManager::display_user_list($user_list);
48			}
49			}
50
51			$whoisonline_list .= SocialManager::display_user_list($user_list);
			0 ignored issues – show Security Bug introduced 2016-02-26 17:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user_list` can also be of type `false`; however, `SocialManager::display_user_list()` does only seem to accept `array`, did you maybe forget to handle an error condition? Loading history...
52
53			if (isset($_GET['id'])) {
54			if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
55			header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
56			exit;
57			} else {
58			$social_right_content .= SocialManager::display_individual_user($_GET['id']);
59			}
60			}
61			} else {
62			api_not_allowed();
63			exit;
64			}
65
66			$tpl = new Template(get_lang('UsersOnLineList'));
67
68			if (api_get_setting('allow_social_tool') === 'true' && !api_is_anonymous()) {
69			$tpl->assign('whoisonline', $whoisonline_list);
70			$tpl->assign('social_search', $social_search);
71			} else {
72			$tpl->assign('whoisonline', $social_right_content);
73			}
74
75			$social_layout = $tpl->get_template('social/whoisonline.tpl');
76			$tpl->display($social_layout);
77

chamilo / chamilo-lms

Push — 1.11.x ( 64c594...7659e1 )

whoisonline.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like