Issues in Queries.php (main) - Issues in main - dbrax/bill-me - Measure and Improve Code Quality continuously with Scrutinizer

Issues (19)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Queries.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Author: Emmanuel Paul Mnzava
 * Twitter: @epmnzava
 * Github: https://github.com/dbrax/bill-me
 * Email: [email protected]
 *
 */

namespace Epmnzava\BillMe;

use Carbon\Carbon;
use Epmnzava\BillMe\Models\BillingPayment;
use Epmnzava\BillMe\Models\Order;
use Epmnzava\BillMe\Models\Invoice;
use Epmnzava\BillMe\Models\OrderItem;
use Epmnzava\BillMe\Mail\Client\Invoices\InvoiceCreated;
use Epmnzava\BillMe\Mail\Client\OrderReceived;
use Epmnzava\BillMe\Mail\Merchant\NewOrder;
use Epmnzava\BillMe\Models\PaymentMethod;


use Mail;

class Queries extends Stats
{

    public function orders()
    {

        return Order::all();
    }


    public function orders_orderby($orderby)

    {
    }



    public function orders_today()
    {
        return Order::whereDate('date', date('Y-m-d'))->get();
    }



    public function orders_todayByStatus($status)
    {
        return Order::whereDate('date', date('Y-m-d'))->where('status',$status)->get();
    }



    public function orders_thisMonth()
    {
        return Order::whereYear('date', date('Y'))->whereMonth('date', date('m'))->get();
    }

     public function orders_thisMonthByStatus($status)
    {
        return Order::whereYear('date', date('Y'))->whereMonth('date', date('m'))->where('status',$status)->get();
    }



    public function orders_thisYear()
    {
        return Order::whereYear('date', date('Y'))->get();

    }


     public function orders_thisYearByStatus($status)
    {
        return Order::whereYear('date', date('Y'))->where('status',$status)->get();

    }


    public function get_orders_with_status($status)
    {
        return Order::where('status', $status)->get();
    }

    public function pending_orders()
    {
        return Order::where('status', "pending")->get();
    }

    public function cancelled_orders()
    {
        return Order::where('status', "cancelled")->get();
    }

    public function completed_orders()
    {
        return Order::where('status', "completed")->get();
    }

    public function getOrderById($orderid)
    {
        return Order::find($orderid);
    }

    public function getOrdersOnDate($date)
    {
        return Order::where('date', $date)->get();
    }


    public function getOrdersOnDateRange($startdate, $enddate)

    {
    }


    /** Function to get an invoice */
    public function getInvoiceById($invoiceid)
    {
        return Invoice::find($invoiceid);
    }


    /** Function to get an invoice */
    public function getInvoiceByOrderId($orderid)
    {
        return Invoice::find(Order::where('id', $orderid)->first()->invoiceid);
    }



    /**
     *
     * User Queries
     */


    /** Function to get given user orders */
    public function getUserOrders($userid)
    {
        return Order::where('userid', $userid)->get();
    }


    /** Function to get given user orders by status */
    public function getUserOrdersByStatus($userid, $status)
    {
        return Order::where('userid', $userid)->where('status', $status)->get();
    }




    /** Function to get  orders by status */
    public function getOrdersByStatus( $status)
    {
        return Order::where('status', $status)->get();
    }



    /** Function to get given user invoices */
    public function getUserInvoices($userid)
    {
        return Invoice::where('userid', $userid)->get();
    }


    /** Function that returns total number of user invoices */
    public function totalUserInvoices($userid): int
    {
        return Invoice::where('userid', $userid)->count();
    }




    /** Function to get given user invoices by status */
    public function getUserInvoiceByStatus($userid, $status)
    {
        return Invoice::where('userid', $userid)->where('status', $status)->get();
    }




    /** Function to get given all  invoices by status */
    public function getInvoiceByStatus( $status)
    {
        return Invoice::where('status', $status)->get();
    }


    /**
     * @param $userid
     * @param $status
     * @return mixed
     * Function to get given user invoices by status
     */
    public function sumUserInvoiceByStatus($userid, $status) : int
    {
        return Invoice::where('userid', $userid)->where('status', $status)->sum('amount');
    }





    /**
     * @param $status
     * @return mixed
     *  Function to get given user invoices by status
     */
    public function totalInvoiceByStatus($status)
    {
        return Invoice::where('status', $status)->count();
    }





    /**
     * @param $status
     * @return mixed
     *  Function to get given user invoices by status
     */
    public function sumInvoiceByStatus($status)
    {
        return Invoice::where('status', $status)->sum('amount');
    }




    /**
     * @param $userid
     * @param $status
     * @return mixed
     *  Function to get given user invoices by status
     */
    public function totalUserInvoiceByStatus($userid, $status)
    {
        return Invoice::where('userid', $userid)->where('status', $status)->count();
    }

    /** Function that gets full  billing history */

    public function getAllBillingHistory()
    {

        return BillingPayment::all();
    }


    /** Function that gets full user billing history*/

    public function getUserBillingHistory($userid)
    {

        return BillingPayment::where('userid', $userid)->get();
    }




    public function getUserBillingHistoryByStartDate($userid, $start_date)
    {

        return BillingPayment::where('userid', $userid)->where('date', $start_date)->get();
    }


    /** Function to get payment history of a given user for a given period */

    public function getUserBillingHistoryBetweenDates($userid, $start_date, $enddate)
    {

        return BillingPayment::where('userid', $userid)->whereBetween('date', [$start_date, $enddate])->get();
    }


    /**
     * Returns the model instance to be updated
     */
    public function updateBillingHistory($invoiceid): BillingPayment
    {
        return BillingPayment::find(BillingPayment::where('invoiceid', $invoiceid)->first()->id);
    }


    /**
     * Returns the model instance to be updated
     */
    public function updateInvoiceByInstance($invoiceid): Invoice
    {
        return Invoice::find($invoiceid);
    }

    /**
     *
     * Returns updated invoice with new due_date
     */
    public function updateDueDate($date, $invoiceid): Invoice
    {
        $invoice = $this->updateInvoiceByInstance($invoiceid);
        $invoice->due_date = $date;
        $invoice->save();
        return $invoice;
    }



 public function getBillingHistoryByStatus($status)
    {

        return BillingPayment::where('status', $status)->get();
    }


    public function getUserBillingHistoryByStatus($userid, $status)
    {

        return BillingPayment::where('userid', $userid)->where('status', $status)->get();
    }

    /** Return OrderItems for particular order
     *@param $orderid
     **/
    public function getOrderItems($orderid)
    {

        return OrderItem::where('order_id', $orderid)->get();
    }


    /** Return OrderItems for particular order gets invoiceid
     *@param $invoiceid
     **/
    public function getOrderItemsByInvoiceId($invoiceid)
    {

        return OrderItem::where('order_id', Invoice::where('id', $invoiceid)->first()->orderid)->get();
    }

    public function getPaymentMethods(){

        return PaymentMethod::all();
    }

      public function getPaymentMethodById($pid){


        return PaymentMethod::find($id);

    }

        public function editPaymentMethod($pmethod_id, $pmethod)
    {
        $pmethodObj = PaymentMethod::find($pmethod_id);
        $pmethodObj->pmethod = $pmethod;
        $pmethodObj->save();
        return $pmethodObj;
    }

    
    public function addPaymentMethod(string $pmethod)
    {


        $pmethodObj = new PaymentMethod;
        $pmethodObj->pmethod=$pmethod;
        $pmethodObj->save();

      
        return $pmethodObj;
    }

    
}


1			<?php
2
3			/**
4			* Author: Emmanuel Paul Mnzava
5			* Twitter: @epmnzava
6			* Github: https://github.com/dbrax/bill-me
7			* Email: [email protected]
8			*
9			*/
10
11			namespace Epmnzava\BillMe;
12
13			use Carbon\Carbon;
14			use Epmnzava\BillMe\Models\BillingPayment;
15			use Epmnzava\BillMe\Models\Order;
16			use Epmnzava\BillMe\Models\Invoice;
17			use Epmnzava\BillMe\Models\OrderItem;
18			use Epmnzava\BillMe\Mail\Client\Invoices\InvoiceCreated;
19			use Epmnzava\BillMe\Mail\Client\OrderReceived;
20			use Epmnzava\BillMe\Mail\Merchant\NewOrder;
21			use Epmnzava\BillMe\Models\PaymentMethod;
22
23
24			use Mail;
25
26			class Queries extends Stats
27			{
28
29			public function orders()
30			{
31
32			return Order::all();
33			}
34
35
36			public function orders_orderby($orderby)
			0 ignored issues – show Unused Code introduced 2021-02-07 15:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$orderby` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
37			{
38			}
39
40
41
42			public function orders_today()
43			{
44			return Order::whereDate('date', date('Y-m-d'))->get();
45			}
46
47
48
49			public function orders_todayByStatus($status)
50			{
51			return Order::whereDate('date', date('Y-m-d'))->where('status',$status)->get();
52			}
53
54
55
56			public function orders_thisMonth()
57			{
58			return Order::whereYear('date', date('Y'))->whereMonth('date', date('m'))->get();
59			}
60
61			public function orders_thisMonthByStatus($status)
62			{
63			return Order::whereYear('date', date('Y'))->whereMonth('date', date('m'))->where('status',$status)->get();
64			}
65
66
67
68			public function orders_thisYear()
69			{
70			return Order::whereYear('date', date('Y'))->get();
71
72			}
73
74
75			public function orders_thisYearByStatus($status)
76			{
77			return Order::whereYear('date', date('Y'))->where('status',$status)->get();
78
79			}
80
81
82			public function get_orders_with_status($status)
83			{
84			return Order::where('status', $status)->get();
85			}
86
87			public function pending_orders()
88			{
89			return Order::where('status', "pending")->get();
90			}
91
92			public function cancelled_orders()
93			{
94			return Order::where('status', "cancelled")->get();
95			}
96
97			public function completed_orders()
98			{
99			return Order::where('status', "completed")->get();
100			}
101
102			public function getOrderById($orderid)
103			{
104			return Order::find($orderid);
105			}
106
107			public function getOrdersOnDate($date)
108			{
109			return Order::where('date', $date)->get();
110			}
111
112
113			public function getOrdersOnDateRange($startdate, $enddate)
			0 ignored issues – show Unused Code introduced 2021-02-07 15:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$startdate` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2021-02-07 15:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$enddate` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
114			{
115			}
116
117
118			/** Function to get an invoice */
119			public function getInvoiceById($invoiceid)
120			{
121			return Invoice::find($invoiceid);
122			}
123
124
125			/** Function to get an invoice */
126			public function getInvoiceByOrderId($orderid)
127			{
128			return Invoice::find(Order::where('id', $orderid)->first()->invoiceid);
129			}
130
131
132
133			/**
134			*
135			* User Queries
136			*/
137
138
139			/** Function to get given user orders */
140			public function getUserOrders($userid)
141			{
142			return Order::where('userid', $userid)->get();
143			}
144
145
146			/** Function to get given user orders by status */
147			public function getUserOrdersByStatus($userid, $status)
148			{
149			return Order::where('userid', $userid)->where('status', $status)->get();
150			}
151
152
153
154
155			/** Function to get orders by status */
156			public function getOrdersByStatus( $status)
157			{
158			return Order::where('status', $status)->get();
159			}
160
161
162
163			/** Function to get given user invoices */
164			public function getUserInvoices($userid)
165			{
166			return Invoice::where('userid', $userid)->get();
167			}
168
169
170			/** Function that returns total number of user invoices */
171			public function totalUserInvoices($userid): int
172			{
173			return Invoice::where('userid', $userid)->count();
174			}
175
176
177
178
179			/** Function to get given user invoices by status */
180			public function getUserInvoiceByStatus($userid, $status)
181			{
182			return Invoice::where('userid', $userid)->where('status', $status)->get();
183			}
184
185
186
187
188			/** Function to get given all invoices by status */
189			public function getInvoiceByStatus( $status)
190			{
191			return Invoice::where('status', $status)->get();
192			}
193
194
195			/**
196			* @param $userid
197			* @param $status
198			* @return mixed
199			* Function to get given user invoices by status
200			*/
201			public function sumUserInvoiceByStatus($userid, $status) : int
202			{
203			return Invoice::where('userid', $userid)->where('status', $status)->sum('amount');
204			}
205
206
207
208
209
210			/**
211			* @param $status
212			* @return mixed
213			* Function to get given user invoices by status
214			*/
215			public function totalInvoiceByStatus($status)
216			{
217			return Invoice::where('status', $status)->count();
218			}
219
220
221
222
223
224			/**
225			* @param $status
226			* @return mixed
227			* Function to get given user invoices by status
228			*/
229			public function sumInvoiceByStatus($status)
230			{
231			return Invoice::where('status', $status)->sum('amount');
232			}
233
234
235
236
237			/**
238			* @param $userid
239			* @param $status
240			* @return mixed
241			* Function to get given user invoices by status
242			*/
243			public function totalUserInvoiceByStatus($userid, $status)
244			{
245			return Invoice::where('userid', $userid)->where('status', $status)->count();
246			}
247
248			/** Function that gets full billing history */
249
250			public function getAllBillingHistory()
251			{
252
253			return BillingPayment::all();
254			}
255
256
257			/** Function that gets full user billing history*/
258
259			public function getUserBillingHistory($userid)
260			{
261
262			return BillingPayment::where('userid', $userid)->get();
263			}
264
265
266
267
268			public function getUserBillingHistoryByStartDate($userid, $start_date)
269			{
270
271			return BillingPayment::where('userid', $userid)->where('date', $start_date)->get();
272			}
273
274
275			/** Function to get payment history of a given user for a given period */
276
277			public function getUserBillingHistoryBetweenDates($userid, $start_date, $enddate)
278			{
279
280			return BillingPayment::where('userid', $userid)->whereBetween('date', [$start_date, $enddate])->get();
281			}
282
283
284			/**
285			* Returns the model instance to be updated
286			*/
287			public function updateBillingHistory($invoiceid): BillingPayment
288			{
289			return BillingPayment::find(BillingPayment::where('invoiceid', $invoiceid)->first()->id);
290			}
291
292
293			/**
294			* Returns the model instance to be updated
295			*/
296			public function updateInvoiceByInstance($invoiceid): Invoice
297			{
298			return Invoice::find($invoiceid);
299			}
300
301			/**
302			*
303			* Returns updated invoice with new due_date
304			*/
305			public function updateDueDate($date, $invoiceid): Invoice
306			{
307			$invoice = $this->updateInvoiceByInstance($invoiceid);
308			$invoice->due_date = $date;
309			$invoice->save();
310			return $invoice;
311			}
312
313
314
315			public function getBillingHistoryByStatus($status)
316			{
317
318			return BillingPayment::where('status', $status)->get();
319			}
320
321
322			public function getUserBillingHistoryByStatus($userid, $status)
323			{
324
325			return BillingPayment::where('userid', $userid)->where('status', $status)->get();
326			}
327
328			/** Return OrderItems for particular order
329			*@param $orderid
330			**/
331			public function getOrderItems($orderid)
332			{
333
334			return OrderItem::where('order_id', $orderid)->get();
335			}
336
337
338			/** Return OrderItems for particular order gets invoiceid
339			*@param $invoiceid
340			**/
341			public function getOrderItemsByInvoiceId($invoiceid)
342			{
343
344			return OrderItem::where('order_id', Invoice::where('id', $invoiceid)->first()->orderid)->get();
345			}
346
347			public function getPaymentMethods(){
348
349			return PaymentMethod::all();
350			}
351
352			public function getPaymentMethodById($pid){
			0 ignored issues – show Unused Code introduced 2021-03-23 13:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$pid` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
353
354			return PaymentMethod::find($id);
			0 ignored issues – show Bug introduced 2021-03-23 13:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$id` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
355			}
356
357			public function editPaymentMethod($pmethod_id, $pmethod)
358			{
359			$pmethodObj = PaymentMethod::find($pmethod_id);
360			$pmethodObj->pmethod = $pmethod;
361			$pmethodObj->save();
362			return $pmethodObj;
363			}
364
365
366			public function addPaymentMethod(string $pmethod)
367			{
368
369
370			$pmethodObj = new PaymentMethod;
371			$pmethodObj->pmethod=$pmethod;
372			$pmethodObj->save();
373
374
375			return $pmethodObj;
376			}
377
378
379			}
380

dbrax / bill-me

Issues (19)

Security Analysis no request data

src/Queries.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like