Issues in function.php - All Issues - Inspection of "Set theme jekyll-theme-tactile" - falon/RBL - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( e39801...b79b58 )

by Marco

created 2017-10-11 11:55 UTC

function.php (4 issues)

Labels

Bug 4

Severity

Major 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

$version='1.9d';

function username() {
	if (isset ($_SERVER['REMOTE_USER'])) $user = $_SERVER['REMOTE_USER'];
        	else if (isset ($_SERVER['USER'])) $user = $_SERVER['USER'];
                	else $user='unknown';
	return $user;
}


function addtolist ($myconn,$user,$value,$type,$table,$expUnit,$expQ,$myreason) {
// See MySQL manual for $expQ and $expUnit at
// https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_timestampadd

	$result=FALSE;
	$sub=array();

	switch ($type) {
	  case 'ip':
		$query= sprintf("INSERT INTO `$table` (
			`$type` ,
			`date` ,
			`exp` ,
			`active` ,
			`user` ,
			`reason`
		)
		VALUES (
			INET_ATON( '%s' ) ,
			CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
		)" ,$value,$expUnit,$expQ,$user,$myreason);
		break;

	  case 'network':
		list($sub['net'],$sub['mask'])=explode('/',$value);
                $query= sprintf("INSERT INTO `$table` (
                        `$type` ,
			`netmask`,
                        `date` ,
                        `exp` ,
                        `active` ,
                        `user` ,
                        `reason`
                )
                VALUES (
                        INET_ATON( '%s' ) , INET_ATON( '%s' ) ,
                        CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
                )" ,$sub['net'],$sub['mask'],$expUnit,$expQ,$user,$myreason);
                break;

	  default:
                $query= sprintf("INSERT INTO `$table` (
                        `$type` ,
                        `date` ,
                        `exp` ,
                        `active` ,
                        `user` ,
                        `reason`
                )
                VALUES (
                        '%s' ,
                        CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
                )" ,$value,$expUnit,$expQ,$user,$myreason);
	}

	if ($myconn->query($query) === TRUE) {
	    syslog(LOG_INFO, "$user: $type <$value> successfully listed on <$table> for $expQ $expUnit.");
	    $result=TRUE;
	}
	else syslog(LOG_ERR, "$user: Error: ".$myconn->error);
	return $result;
}

function relist ($myconn,$user,$value,$type,$table,$expUnit,$expQ,$myreason) {

	$result=FALSE;

        switch ($type) {
	  case 'ip':
                $query= sprintf("UPDATE `$table` SET
			`active` = '1',
			`user` = '%s',
			`exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
			`nlist` = `nlist` + 1,
			`reason` = '%s'
			WHERE `$table`.`$type` = INET_ATON('%s') LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$value);
		break;
          case 'network':
		list($sub['net'],$sub['mask'])=explode('/',$value);
                $query= sprintf("UPDATE `$table` SET
                        `active` = '1',
                        `user` = '%s',
                        `exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
                        `nlist` = `nlist` + 1,
                        `reason` = '%s'
                        WHERE (`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s')) LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$sub['net'],$sub['mask']);

		break;
	  default:
                $query= sprintf("UPDATE `$table` SET
                        `active` = '1',
                        `user` = '%s',
                        `exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
                        `nlist` = `nlist` + 1,
                        `reason` = '%s'
			WHERE `$table`.`$type` = '%s' LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$value);
	}

        if ($myconn->query($query) === TRUE) {
            syslog(LOG_INFO, "$user: relist $type <$value> on <$table> for $expQ $expUnit.");
		$result=TRUE;
        }
        else syslog (LOG_ERR, "$user: Error: ". $myconn->error);
	return $result;
}

function remove ($myconn,$user,$value,$type,$table) {

        switch ($type) {
          case 'ip':
		$query = sprintf("DELETE FROM `$table` WHERE
                        `$table`.`$type` = INET_ATON('%s') LIMIT 1", $value);
		break;
	  case 'network':
		list($sub['net'],$sub['mask'])=explode('/',$value);
		$query = sprintf("DELETE FROM `$table` WHERE
			`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s') LIMIT 1",
			$sub['net'],$sub['mask']);

		break;
	  default:
		$query = sprintf("DELETE FROM `$table` WHERE
                        `$table`.`$type` = %s LIMIT 1", $value);
	}


        if ($return=$myconn->query($query) === TRUE) 
            syslog(LOG_INFO, "$user: permanently DELETED $type <$value> from <$table>.");
        else syslog(LOG_ERR, "$user: Error: ". $myconn->error);

        return $return;
}


function changestatus ($myconn,$user,$value,$status,$type,$table) {

	switch ($type) {
          case 'ip':
		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE `$table`.`$type` = INET_ATON('%s') LIMIT 1" ,$user, $value);
		break;
	  case 'network':
		list($sub['net'],$sub['mask'])=explode('/',$value);
		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE (`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s')) LIMIT 1" ,$user, $sub['net'],$sub['mask']);

		break;
	  default:
		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE `$table`.`$type` = '%s' LIMIT 1" ,$user, $value);
	}

        if ($return=$myconn->query($query) === TRUE) {
            syslog(LOG_INFO, "$user: change status of $type <$value>. The status is now <$status>");
        }
        else syslog(LOG_ERR, "$user: Error: ". $myconn->error);
	return $return;	
}


function expire ($myconn,$user,$tables,$expireTime) {
        $return=TRUE;
	$log=array();
	$desc = array_keys($tables);
	foreach ($desc as $tdesc) { 
		/* QUERY */
		$query  = 'DELETE FROM `'.$tables["$tdesc"]['name']."` WHERE `exp` < DATE_SUB( NOW(), INTERVAL $expireTime YEAR);";
		$query .= 'DELETE FROM `'.$tables["$tdesc"]['name']."` WHERE `datemod` < DATE_SUB( NOW(), INTERVAL $expireTime YEAR) AND `active` = 0";
		/* END OF QUERY */
		$log[0] = 'expired for';
		$log[1] = 'disabled for';
        	if ($myconn->multi_query($query)) {
			$j = 0;
			do {
		    		$numdel = $myconn->affected_rows;
	            		syslog(LOG_INFO, "Expire job - <$user> Permanently DELETED $numdel records ".$log[$j]." $expireTime YEARS from <".$tables["$tdesc"]['name'].'>.');
				$j++;

			} while ($myconn->next_result());
		}
		else {
			syslog(LOG_ERR, "Expire job - Error: ". $myconn->error);
			$return = FALSE;
		}
	}
	if ( !($return) ) syslog(LOG_EMERG, 'End of Expire job with error. See above logs. SQL Connection terminated');
	else  syslog(LOG_INFO, 'Successfully End of Expire job. SQL Connection successfully terminated.');
        return $return;
}


function isListed($row) {

	$exp=new DateTime($row['exp']);
	$now=new DateTime('NOW');
	if (($exp > $now) and ($row['active'])) return true;
	else return false;

}


function ask($myconn,$id,$what,$alltables,$typedesc,$value,$lock,$user,$adm) {

	$whynot=NULL;
	switch ($what) {
		case 'Ok':
			if ($lock) return NULL;
			if (in_array($user,array_keys($adm)))
				if ( consistentListing($myconn,$alltables,$typedesc,$value,$whynot) ) return require('relistButton.php');
			return htmlspecialchars($whynot);
		case 'Listed':
		case 'WhiteListed':
			return require('delistButton.php');
	}
}


function consistentListing($myconn,$alltables,$typed,$value,&$warn) {
/* Check if there are no pending mislisting */
	$warn = NULL;
	foreach ($alltables["$typed"]['depend'] as $listdep) {
		if ($alltables["$typed"]['field'] != $alltables["$listdep"]['field'] ) {
			$warn = "Config ERROR: <$typed> and <$listdep> are of different types! I can't check consistency!";
			return FALSE;
		}
		$entry = searchentry($myconn,$value,$alltables["$listdep"]);
		if ( $entry->num_rows ) {
			if ( $entry->num_rows == 1 ) {
				$riga = $entry->fetch_array(MYSQLI_ASSOC);
                        	if (isListed($riga)) {
					$warn = "<$value> is already present in <$listdep> list!";
					$entry->free();
					return FALSE;
				}
			}
			if ( $entry->num_rows > 1 ) {$warn = "<$value> seems to be present more than once in <$listdep>. Contact a sysadmin NOW!";}
		}
		$entry->free();
	}

	return TRUE;
}

function searchentry ($myconn,$value,$tablelist) {
/* Make a MYSQL query and return result */

        $type = $tablelist['field'];
        $table = $tablelist['name'];

        if ($value == 'ALL') $query = 'select * from '.$table;
        else {
                switch ($type) {
                  case 'ip':
                        $query= "select * from $table where $type =  INET_ATON('$value')";
                        break;
                  case 'network':
                        list($sub['net'],$sub['mask'])=explode('/',$value);
                        $query= 'select * from '.$table.' where (((inet_aton(\''.$sub['net'].'\') | (~ inet_aton(\''.$sub['mask'].'\'))) & netmask) = network)';

                        break;
                  default:
                        $query= "select * from $table where $type = '$value'";
                }
        }

	$result = $myconn->query($query);
	if($result === false)
		syslog(LOG_EMERG, "ALERT: Query <$query> failed: ".$myconn->error);
        return $result;
}

function countListed ($myconn,$table) {
/* Return number of current listed items into a rbl table */
	$query = "SELECT COUNT(*) as `count` FROM `$table` WHERE (`active`=1 AND TIMESTAMPDIFF(MICROSECOND,NOW(),`exp`)>0) GROUP BY `active` ORDER BY `count` DESC LIMIT 1";
	$row = $myconn->query($query);
	$number = $row->fetch_array(MYSQLI_ASSOC);
	$number = $number['count'];
	$row->free();
	return $number;
}


function isFull($myconn,$typedesc,$alltables) {
        if (isset($alltables["$typedesc"]['limit'])) {
                if ( countListed($myconn,$alltables["$typedesc"]['name']) >= $alltables["$typedesc"]['limit'] ) 
                        return TRUE;
        }
	return FALSE;
}

function rlookup ($myconn,$user,$adm,$value,$typedesc,$tables) {

	$type = $tables["$typedesc"]['field'];
	$whynot=NULL;

	$result = searchentry ($myconn,$value,$tables["$typedesc"]);
	if ($result) {
		printf("<pre>Your request for $type &lt;$value&gt; returned %d items.\n</pre>", $result->num_rows);

        /* Check for limit in number of listed items */
	$full = isFull($myconn,$typedesc,$tables);
	if ($full) print '<p>'.htmlspecialchars("$typedesc has reached maximum value of ".$tables["$typedesc"]['limit'].' listed items.').'</p>';

		if ($result->num_rows) {
			print '<table><thead><tr><th>'.$type.'</th><th title="The date this object has been listed for the first time">DateAdd</th><th>DateMod</th><th>Exp</th><th>Status</th><th title="Number of times this object has been listed">#List</th><th>Authored by</th><th width="250">Reason</th><th>Action</th></tr></thead><tfoot><tr></tr></tfoot><tbody>'."\n";
			$i=0;
        		while ($riga = $result->fetch_array(MYSQLI_ASSOC)) {
				if (isListed($riga)) {
					if ($tables["$typedesc"]['bl']) $listed='Listed';
					else $listed='WhiteListed';
				}	
				else
					$listed='Ok';

				switch ($type) {
				  case 'ip':
					$element = long2ip($riga['ip']);
					break;
				  case 'network':
					$element = long2ip($riga['network']).'/'.long2ip($riga['netmask']);
					break;
				  default:
					$element = $riga["$type"];
				}

                		printf ("<tr id=id$i><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td>%s</td></tr>\n", $element, $riga['date'], $riga['datemod'], $riga['exp'], $riga['active'], $riga['nlist'], $riga['user'],htmlspecialchars($riga['reason']),ask($myconn,$i,$listed,$tables,$typedesc,$element,$full,$user,$adm));
				$i++;
        		}
			print '</tbody></table>';
		}
		else {
			print "<pre>$type &lt;$value&gt; is not listed!\n</pre>";
			if ( in_array($user,array_keys($adm)) AND ($value != 'ALL') )
				if ( (!$full) AND (consistentListing($myconn,$tables,$typedesc,$value,$whynot)) ) require_once('listForm.php');
									else print '<p>'.htmlspecialchars($whynot).'</p>';
				
		}
		$result->free();
	}
	else print '<pre>Query error or something wrong in DB schema'."\n</pre>";
}


function sendEmailWarn($tplf,$from,$to,$sbj,$emailListed,$intervalToExpire,$detail) {
	$now = time();
        setlocale (LC_TIME, 'it_IT');
        $date = date("r",$now);
	$messageID = md5(uniqid($now,1)) . '@' . $_SERVER["HOSTNAME"];
	$mua = 'PHP/' . phpversion();

	/* Parsing headers */
	if (!file_exists($tplf['header'])) {
    		syslog(LOG_ERR, 'Sending email... template file <'.$tplf['header'].'> not found!');
    		exit;
	}

	$head_tmpl = file_get_contents($tplf['header']);
	$arr_tpl_vars = array('{from}','{to}','{date}','{messageID}','{mua}');
	$arr_tpl_data = array($from,$to,$date,$messageID,$mua);
	$headers = str_replace($arr_tpl_vars, $arr_tpl_data, $head_tmpl);
	$headers = preg_replace( '/\r|\n/', "\r\n", $headers );

        /* Parsing body */

        if (!file_exists($tplf['body'])) {
                syslog(LOG_ERR, 'Sending email... template file <'.$tplf['body'].'> not found!');
                exit;
        }

        $body_tmpl = file_get_contents($tplf['body']);
        $arr_tpl_vars = array('{emailListed}','{expInterval}','{reason}');
        $arr_tpl_data = array($emailListed,$intervalToExpire,$detail);
        $body = str_replace($arr_tpl_vars, $arr_tpl_data, $body_tmpl);
        $body = preg_replace( "/\r|\n/", "\r\n", $body );
	$body = wordwrap ( $body, 75 , "\r\n" );	

	/* Send the mail! */
        if ( strlen(ini_get("safe_mode"))< 1) {
                $old_mailfrom = ini_get("sendmail_from");
                ini_set("sendmail_from", $from);
                $params = sprintf("-oi -f %s", '<>');
                if (!(mail($to,$sbj, $body,$headers,$params))) $flag=FALSE;
                else $flag=TRUE;
                if (isset($old_mailfrom))
                        ini_set("sendmail_from", $old_mailfrom);
        }
        else {
                if (!(mail($to,$sbj, $body,$headers))) $flag=FALSE;
                else $flag=TRUE;
        }
        return $flag;
}

function emailToNotify($notify_file,$dom) {
	$ini_array = parse_ini_file($notify_file);
	if (in_array($dom,array_keys($ini_array)))
		return $ini_array["$dom"];
	else return FALSE;
}


function searchAndList ($myconn,$loguser,$tables,$typedesc,$value,$unit,&$quantity,$reason) {

/* Search and list value */
        $type = $tables["$typedesc"]['field'];
        $table = $tables["$typedesc"]['name'];
        $result = searchentry ($myconn,$value,$tables["$typedesc"]);

        /* Manage abnormal conditions */
        /* Value already present in db more than once. This is absurd. Panic! */
        if ($result->num_rows > 1) {
                syslog(LOG_EMERG,"$loguser: PANIC! Select for $type '$value' returned ". $result->num_rows ." items instead of one. Abnormal. Contact a sysadmin or a developer.");
                $result->free();
                return FALSE;
        }

        /* Value already present in db or not present: to list anyway */
        if ($result->num_rows >= 0) {
                /* First, check for limit in number of listed items */
                if (isFull($myconn,$typedesc,$tables)) {
                        syslog(LOG_EMERG,"$loguser: $typedesc has reached maximum value of ".$tables["$typedesc"]['limit'].' listed items. Abnormal exit.');
                        $result->free();
                        return FALSE;
                }
                /* Second, check if the (re)list would be consistent now */
                if (! consistentListing($myconn,$tables,$typedesc,$value,$whynot) ) {
                        syslog(LOG_ERR, $loguser.': '.$whynot);
                        $result->free();
                        return FALSE;
                }
        }
        /* End of abnormal conditions */


        /* Finally, here I can list the value! */
	$thisentry = $result->fetch_array(MYSQLI_ASSOC);
        switch ($result->num_rows) {
                /* Relist value if already present */
                case 1:
                        /* Entry already listed */
                        if ( isListed($thisentry) ) {
                                syslog(LOG_INFO, $loguser.': '.$value.' already listed. Nothing to do.');
                                $result->free();
                                return FALSE;
                        }

                        /* Entry delisted */
                        $result->free();
			$quantity *= $thisentry['nlist'];
                        return relist ($myconn,$loguser,$value,$type,$table,$unit,$quantity,$reason);


                /* First time list value */
                case 0:
                        $result->free();
                        return addtolist ($myconn,$loguser,$value,$type,$table,$unit,$quantity,$reason);
        }
}


	
/*
function checkEmailAddress($email) {
	if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $email))
		return true;
	return false;
}

function checkIP($ip)
{
	$cIP = ip2long($ip);
	$fIP = long2ip($cIP);
	if ($fIP == '0.0.0.0') return FALSE;
	return TRUE;
}
*/

?>



GitHub Access Token became invalid

Push — master ( e39801...b79b58 )

function.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		$version='1.9d';
4
5		function username() {
6		if (isset ($_SERVER['REMOTE_USER'])) $user = $_SERVER['REMOTE_USER'];
7		else if (isset ($_SERVER['USER'])) $user = $_SERVER['USER'];
8		else $user='unknown';
9		return $user;
10		}
11
12
13		function addtolist ($myconn,$user,$value,$type,$table,$expUnit,$expQ,$myreason) {
14		// See MySQL manual for $expQ and $expUnit at
15		// https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_timestampadd
16
17		$result=FALSE;
18		$sub=array();
19
20	View Code Duplication	switch ($type) {
21		case 'ip':
22		$query= sprintf("INSERT INTO `$table` (
23		`$type` ,
24		`date` ,
25		`exp` ,
26		`active` ,
27		`user` ,
28		`reason`
29		)
30		VALUES (
31		INET_ATON( '%s' ) ,
32		CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
33		)" ,$value,$expUnit,$expQ,$user,$myreason);
34		break;
35
36		case 'network':
37		list($sub['net'],$sub['mask'])=explode('/',$value);
38		$query= sprintf("INSERT INTO `$table` (
39		`$type` ,
40		`netmask`,
41		`date` ,
42		`exp` ,
43		`active` ,
44		`user` ,
45		`reason`
46		)
47		VALUES (
48		INET_ATON( '%s' ) , INET_ATON( '%s' ) ,
49		CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
50		)" ,$sub['net'],$sub['mask'],$expUnit,$expQ,$user,$myreason);
51		break;
52
53		default:
54		$query= sprintf("INSERT INTO `$table` (
55		`$type` ,
56		`date` ,
57		`exp` ,
58		`active` ,
59		`user` ,
60		`reason`
61		)
62		VALUES (
63		'%s' ,
64		CURRENT_TIMESTAMP , TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP), '1', '%s', '%s'
65		)" ,$value,$expUnit,$expQ,$user,$myreason);
66		}
67
68	View Code Duplication	if ($myconn->query($query) === TRUE) {
69		syslog(LOG_INFO, "$user: $type <$value> successfully listed on <$table> for $expQ $expUnit.");
70		$result=TRUE;
71		}
72		else syslog(LOG_ERR, "$user: Error: ".$myconn->error);
73		return $result;
74		}
75
76		function relist ($myconn,$user,$value,$type,$table,$expUnit,$expQ,$myreason) {
77
78		$result=FALSE;
79
80		switch ($type) {
81		case 'ip':
82		$query= sprintf("UPDATE `$table` SET
83		`active` = '1',
84		`user` = '%s',
85		`exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
86		`nlist` = `nlist` + 1,
87		`reason` = '%s'
88		WHERE `$table`.`$type` = INET_ATON('%s') LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$value);
89		break;
90		case 'network':
91		list($sub['net'],$sub['mask'])=explode('/',$value);
92		$query= sprintf("UPDATE `$table` SET
93		`active` = '1',
94		`user` = '%s',
95		`exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
96		`nlist` = `nlist` + 1,
97		`reason` = '%s'
98		WHERE (`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s')) LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$sub['net'],$sub['mask']);
		0 ignored issues – show Bug introduced 2017-04-28 12:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$sub` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
99		break;
100		default:
101		$query= sprintf("UPDATE `$table` SET
102		`active` = '1',
103		`user` = '%s',
104		`exp` = TIMESTAMPADD(%s,%d,CURRENT_TIMESTAMP),
105		`nlist` = `nlist` + 1,
106		`reason` = '%s'
107		WHERE `$table`.`$type` = '%s' LIMIT 1" ,$user,$expUnit,$expQ,$myreason,$value);
108		}
109
110	View Code Duplication	if ($myconn->query($query) === TRUE) {
111		syslog(LOG_INFO, "$user: relist $type <$value> on <$table> for $expQ $expUnit.");
112		$result=TRUE;
113		}
114		else syslog (LOG_ERR, "$user: Error: ". $myconn->error);
115		return $result;
116		}
117
118		function remove ($myconn,$user,$value,$type,$table) {
119
120		switch ($type) {
121		case 'ip':
122		$query = sprintf("DELETE FROM `$table` WHERE
123		`$table`.`$type` = INET_ATON('%s') LIMIT 1", $value);
124		break;
125		case 'network':
126		list($sub['net'],$sub['mask'])=explode('/',$value);
127		$query = sprintf("DELETE FROM `$table` WHERE
128		`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s') LIMIT 1",
129		$sub['net'],$sub['mask']);
		0 ignored issues – show Bug introduced 2017-04-28 12:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$sub` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
130		break;
131		default:
132		$query = sprintf("DELETE FROM `$table` WHERE
133		`$table`.`$type` = %s LIMIT 1", $value);
134		}
135
136
137		if ($return=$myconn->query($query) === TRUE)
138		syslog(LOG_INFO, "$user: permanently DELETED $type <$value> from <$table>.");
139		else syslog(LOG_ERR, "$user: Error: ". $myconn->error);
140
141		return $return;
142		}
143
144
145		function changestatus ($myconn,$user,$value,$status,$type,$table) {
146
147	View Code Duplication	switch ($type) {
148		case 'ip':
149		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE `$table`.`$type` = INET_ATON('%s') LIMIT 1" ,$user, $value);
150		break;
151		case 'network':
152		list($sub['net'],$sub['mask'])=explode('/',$value);
153		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE (`$table`.`$type` = INET_ATON('%s') AND `$table`.`netmask` = INET_ATON('%s')) LIMIT 1" ,$user, $sub['net'],$sub['mask']);
		0 ignored issues – show Bug introduced 2017-04-28 12:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$sub` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
154		break;
155		default:
156		$query= sprintf("UPDATE `$table` SET `active` = '$status', `user` = '%s' WHERE `$table`.`$type` = '%s' LIMIT 1" ,$user, $value);
157		}
158
159		if ($return=$myconn->query($query) === TRUE) {
160		syslog(LOG_INFO, "$user: change status of $type <$value>. The status is now <$status>");
161		}
162		else syslog(LOG_ERR, "$user: Error: ". $myconn->error);
163		return $return;
164		}
165
166
167		function expire ($myconn,$user,$tables,$expireTime) {
168		$return=TRUE;
169		$log=array();
170		$desc = array_keys($tables);
171		foreach ($desc as $tdesc) {
172		/* QUERY */
173		$query = 'DELETE FROM `'.$tables["$tdesc"]['name']."` WHERE `exp` < DATE_SUB( NOW(), INTERVAL $expireTime YEAR);";
174		$query .= 'DELETE FROM `'.$tables["$tdesc"]['name']."` WHERE `datemod` < DATE_SUB( NOW(), INTERVAL $expireTime YEAR) AND `active` = 0";
175		/* END OF QUERY */
176		$log[0] = 'expired for';
177		$log[1] = 'disabled for';
178		if ($myconn->multi_query($query)) {
179		$j = 0;
180		do {
181		$numdel = $myconn->affected_rows;
182		syslog(LOG_INFO, "Expire job - <$user> Permanently DELETED $numdel records ".$log[$j]." $expireTime YEARS from <".$tables["$tdesc"]['name'].'>.');
183		$j++;
184
185		} while ($myconn->next_result());
186		}
187		else {
188		syslog(LOG_ERR, "Expire job - Error: ". $myconn->error);
189		$return = FALSE;
190		}
191		}
192		if ( !($return) ) syslog(LOG_EMERG, 'End of Expire job with error. See above logs. SQL Connection terminated');
193		else syslog(LOG_INFO, 'Successfully End of Expire job. SQL Connection successfully terminated.');
194		return $return;
195		}
196
197
198		function isListed($row) {
199
200		$exp=new DateTime($row['exp']);
201		$now=new DateTime('NOW');
202		if (($exp > $now) and ($row['active'])) return true;
203		else return false;
204
205		}
206
207
208		function ask($myconn,$id,$what,$alltables,$typedesc,$value,$lock,$user,$adm) {
209
210		$whynot=NULL;
211		switch ($what) {
212		case 'Ok':
213		if ($lock) return NULL;
214		if (in_array($user,array_keys($adm)))
215		if ( consistentListing($myconn,$alltables,$typedesc,$value,$whynot) ) return require('relistButton.php');
216		return htmlspecialchars($whynot);
217		case 'Listed':
218		case 'WhiteListed':
219		return require('delistButton.php');
220		}
221		}
222
223
224		function consistentListing($myconn,$alltables,$typed,$value,&$warn) {
225		/* Check if there are no pending mislisting */
226		$warn = NULL;
227		foreach ($alltables["$typed"]['depend'] as $listdep) {
228		if ($alltables["$typed"]['field'] != $alltables["$listdep"]['field'] ) {
229		$warn = "Config ERROR: <$typed> and <$listdep> are of different types! I can't check consistency!";
230		return FALSE;
231		}
232		$entry = searchentry($myconn,$value,$alltables["$listdep"]);
233		if ( $entry->num_rows ) {
234		if ( $entry->num_rows == 1 ) {
235		$riga = $entry->fetch_array(MYSQLI_ASSOC);
236		if (isListed($riga)) {
237		$warn = "<$value> is already present in <$listdep> list!";
238		$entry->free();
239		return FALSE;
240		}
241		}
242		if ( $entry->num_rows > 1 ) {$warn = "<$value> seems to be present more than once in <$listdep>. Contact a sysadmin NOW!";}
243		}
244		$entry->free();
245		}
246
247		return TRUE;
248		}
249
250		function searchentry ($myconn,$value,$tablelist) {
251		/* Make a MYSQL query and return result */
252
253		$type = $tablelist['field'];
254		$table = $tablelist['name'];
255
256		if ($value == 'ALL') $query = 'select * from '.$table;
257		else {
258		switch ($type) {
259		case 'ip':
260		$query= "select * from $table where $type = INET_ATON('$value')";
261		break;
262		case 'network':
263		list($sub['net'],$sub['mask'])=explode('/',$value);
264		$query= 'select * from '.$table.' where (((inet_aton(\''.$sub['net'].'\') \| (~ inet_aton(\''.$sub['mask'].'\'))) & netmask) = network)';
		0 ignored issues – show Bug introduced 2017-04-28 12:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$sub` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
265		break;
266		default:
267		$query= "select * from $table where $type = '$value'";
268		}
269		}
270
271		$result = $myconn->query($query);
272		if($result === false)
273		syslog(LOG_EMERG, "ALERT: Query <$query> failed: ".$myconn->error);
274		return $result;
275		}
276
277		function countListed ($myconn,$table) {
278		/* Return number of current listed items into a rbl table */
279		$query = "SELECT COUNT(*) as `count` FROM `$table` WHERE (`active`=1 AND TIMESTAMPDIFF(MICROSECOND,NOW(),`exp`)>0) GROUP BY `active` ORDER BY `count` DESC LIMIT 1";
280		$row = $myconn->query($query);
281		$number = $row->fetch_array(MYSQLI_ASSOC);
282		$number = $number['count'];
283		$row->free();
284		return $number;
285		}
286
287
288		function isFull($myconn,$typedesc,$alltables) {
289		if (isset($alltables["$typedesc"]['limit'])) {
290		if ( countListed($myconn,$alltables["$typedesc"]['name']) >= $alltables["$typedesc"]['limit'] )
291		return TRUE;
292		}
293		return FALSE;
294		}
295
296		function rlookup ($myconn,$user,$adm,$value,$typedesc,$tables) {
297
298		$type = $tables["$typedesc"]['field'];
299		$whynot=NULL;
300
301		$result = searchentry ($myconn,$value,$tables["$typedesc"]);
302		if ($result) {
303		printf("<pre>Your request for $type <$value> returned %d items.\n</pre>", $result->num_rows);
304
305		/* Check for limit in number of listed items */
306		$full = isFull($myconn,$typedesc,$tables);
307		if ($full) print '<p>'.htmlspecialchars("$typedesc has reached maximum value of ".$tables["$typedesc"]['limit'].' listed items.').'</p>';
308
309		if ($result->num_rows) {
310		print '<table><thead><tr><th>'.$type.'</th><th title="The date this object has been listed for the first time">DateAdd</th><th>DateMod</th><th>Exp</th><th>Status</th><th title="Number of times this object has been listed">#List</th><th>Authored by</th><th width="250">Reason</th><th>Action</th></tr></thead><tfoot><tr></tr></tfoot><tbody>'."\n";
311		$i=0;
312		while ($riga = $result->fetch_array(MYSQLI_ASSOC)) {
313		if (isListed($riga)) {
314		if ($tables["$typedesc"]['bl']) $listed='Listed';
315		else $listed='WhiteListed';
316		}
317		else
318		$listed='Ok';
319
320		switch ($type) {
321		case 'ip':
322		$element = long2ip($riga['ip']);
323		break;
324	View Code Duplication	case 'network':
325		$element = long2ip($riga['network']).'/'.long2ip($riga['netmask']);
326		break;
327		default:
328		$element = $riga["$type"];
329		}
330
331		printf ("<tr id=id$i><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td id='status$listed'>%s</td><td>%s</td></tr>\n", $element, $riga['date'], $riga['datemod'], $riga['exp'], $riga['active'], $riga['nlist'], $riga['user'],htmlspecialchars($riga['reason']),ask($myconn,$i,$listed,$tables,$typedesc,$element,$full,$user,$adm));
332		$i++;
333		}
334		print '</tbody></table>';
335		}
336		else {
337		print "<pre>$type <$value> is not listed!\n</pre>";
338		if ( in_array($user,array_keys($adm)) AND ($value != 'ALL') )
339		if ( (!$full) AND (consistentListing($myconn,$tables,$typedesc,$value,$whynot)) ) require_once('listForm.php');
340		else print '<p>'.htmlspecialchars($whynot).'</p>';
341
342		}
343		$result->free();
344		}
345		else print '<pre>Query error or something wrong in DB schema'."\n</pre>";
346		}
347
348
349		function sendEmailWarn($tplf,$from,$to,$sbj,$emailListed,$intervalToExpire,$detail) {
350		$now = time();
351		setlocale (LC_TIME, 'it_IT');
352		$date = date("r",$now);
353		$messageID = md5(uniqid($now,1)) . '@' . $_SERVER["HOSTNAME"];
354		$mua = 'PHP/' . phpversion();
355
356		/* Parsing headers */
357	View Code Duplication	if (!file_exists($tplf['header'])) {
358		syslog(LOG_ERR, 'Sending email... template file <'.$tplf['header'].'> not found!');
359		exit;
360		}
361
362		$head_tmpl = file_get_contents($tplf['header']);
363		$arr_tpl_vars = array('{from}','{to}','{date}','{messageID}','{mua}');
364		$arr_tpl_data = array($from,$to,$date,$messageID,$mua);
365		$headers = str_replace($arr_tpl_vars, $arr_tpl_data, $head_tmpl);
366		$headers = preg_replace( '/\r\|\n/', "\r\n", $headers );
367
368		/* Parsing body */
369
370	View Code Duplication	if (!file_exists($tplf['body'])) {
371		syslog(LOG_ERR, 'Sending email... template file <'.$tplf['body'].'> not found!');
372		exit;
373		}
374
375		$body_tmpl = file_get_contents($tplf['body']);
376		$arr_tpl_vars = array('{emailListed}','{expInterval}','{reason}');
377		$arr_tpl_data = array($emailListed,$intervalToExpire,$detail);
378		$body = str_replace($arr_tpl_vars, $arr_tpl_data, $body_tmpl);
379		$body = preg_replace( "/\r\|\n/", "\r\n", $body );
380		$body = wordwrap ( $body, 75 , "\r\n" );
381
382		/* Send the mail! */
383		if ( strlen(ini_get("safe_mode"))< 1) {
384		$old_mailfrom = ini_get("sendmail_from");
385		ini_set("sendmail_from", $from);
386		$params = sprintf("-oi -f %s", '<>');
387	View Code Duplication	if (!(mail($to,$sbj, $body,$headers,$params))) $flag=FALSE;
388		else $flag=TRUE;
389		if (isset($old_mailfrom))
390		ini_set("sendmail_from", $old_mailfrom);
391		}
392	View Code Duplication	else {
393		if (!(mail($to,$sbj, $body,$headers))) $flag=FALSE;
394		else $flag=TRUE;
395		}
396		return $flag;
397		}
398
399		function emailToNotify($notify_file,$dom) {
400		$ini_array = parse_ini_file($notify_file);
401		if (in_array($dom,array_keys($ini_array)))
402		return $ini_array["$dom"];
403		else return FALSE;
404		}
405
406
407		function searchAndList ($myconn,$loguser,$tables,$typedesc,$value,$unit,&$quantity,$reason) {
408
409		/* Search and list value */
410		$type = $tables["$typedesc"]['field'];
411		$table = $tables["$typedesc"]['name'];
412		$result = searchentry ($myconn,$value,$tables["$typedesc"]);
413
414		/* Manage abnormal conditions */
415		/* Value already present in db more than once. This is absurd. Panic! */
416		if ($result->num_rows > 1) {
417		syslog(LOG_EMERG,"$loguser: PANIC! Select for $type '$value' returned ". $result->num_rows ." items instead of one. Abnormal. Contact a sysadmin or a developer.");
418		$result->free();
419		return FALSE;
420		}
421
422		/* Value already present in db or not present: to list anyway */
423		if ($result->num_rows >= 0) {
424		/* First, check for limit in number of listed items */
425		if (isFull($myconn,$typedesc,$tables)) {
426		syslog(LOG_EMERG,"$loguser: $typedesc has reached maximum value of ".$tables["$typedesc"]['limit'].' listed items. Abnormal exit.');
427		$result->free();
428		return FALSE;
429		}
430		/* Second, check if the (re)list would be consistent now */
431		if (! consistentListing($myconn,$tables,$typedesc,$value,$whynot) ) {
432		syslog(LOG_ERR, $loguser.': '.$whynot);
433		$result->free();
434		return FALSE;
435		}
436		}
437		/* End of abnormal conditions */
438
439
440		/* Finally, here I can list the value! */
441		$thisentry = $result->fetch_array(MYSQLI_ASSOC);
442		switch ($result->num_rows) {
443		/* Relist value if already present */
444		case 1:
445		/* Entry already listed */
446		if ( isListed($thisentry) ) {
447		syslog(LOG_INFO, $loguser.': '.$value.' already listed. Nothing to do.');
448		$result->free();
449		return FALSE;
450		}
451
452		/* Entry delisted */
453		$result->free();
454		$quantity *= $thisentry['nlist'];
455		return relist ($myconn,$loguser,$value,$type,$table,$unit,$quantity,$reason);
456
457
458		/* First time list value */
459		case 0:
460		$result->free();
461		return addtolist ($myconn,$loguser,$value,$type,$table,$unit,$quantity,$reason);
462		}
463		}
464
465
466
467		/*
468		function checkEmailAddress($email) {
469		if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)@[a-z0-9-]+(\.[a-z0-9-]+)(\.[a-z]{2,3})$/", $email))
470		return true;
471		return false;
472		}
473
474		function checkIP($ip)
475		{
476		$cIP = ip2long($ip);
477		$fIP = long2ip($cIP);
478		if ($fIP == '0.0.0.0') return FALSE;
479		return TRUE;
480		}
481		*/
482
483		?>
484
485

falon / RBL

GitHub Access Token became invalid

Push — master ( e39801...b79b58 )

function.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like