Issues in CommentSubmitModule.class.inc.php - New Issues - Inspection of "Merge pull request #3 from jacobemerick/feature/ad..." - jacobemerick/web - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 5c8fbd...2c9aff )

by Jacob

created 2016-01-16 13:21 UTC

module/form/CommentSubmitModule.class.inc.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?

Loader::load('collector', 'comment/CommentCollector');

Loader::load('utility', array(
	'Content',
	'Cookie',
	'Request',
	'Validate'));

final class CommentSubmitModule
{

	private $site;
	private $path;
	private $full_path;
	private $page_title;

	public function __construct($site, $path, $full_path, $page_title)
	{
		$this->site = $site;
		$this->path = $path;
		$this->full_path = $full_path;
		$this->page_title = $page_title;
	}

	public function activate()
	{
		if(!Request::hasPost())
			return false;
		if(!Request::getPost('submit') == 'Submit Comment')
			return false;
		
		$errors = $this->fetch_errors();
		if(count($errors) > 0)
			return $errors;
		if(Request::getPost('catch') !== '')
			return false;
		
		$page_id = $this->save_comment_page();
		$commenter_id = $this->save_commenter();
		$comment_id = $this->save_comment();
		
		$comment_meta_id = $this->save_comment_meta($commenter_id, $comment_id, $page_id);
		
		$this->send_notifications($page_id);
		$this->redirect_to_comment($comment_meta_id);
	}

	private function fetch_errors()
	{
		$errors = array();
		if(!Validate::checkRequest('post', 'name', 'name'))
			$errors['name'] = 'You must include a valid name';
		if(!Validate::checkRequest('post', 'email', 'email'))
			$errors['email'] = 'You must include a valid email';
		if(Request::getPost('website') && !Validate::checkRequest('post', 'website', 'url'))
			$errors['website'] = 'Please enter a valid website';
		if(!Validate::checkRequest('post', 'comment', 'string'))
			$errors['comment'] = 'You must enter a comment';
		if(Request::getPost('notify') && Request::getPost('notify') != 'check')
			$errors['notify'] = 'You entered an invalid notify request';
		if(Request::getPost('reply') && !Validate::checkRequest('post', 'reply', 'integer'))
			$errors['reply'] = 'You entered an invalid reply request';
		
		return $errors;
	}

	private function save_comment_page()
	{
		$page_result = CommentCollector::getCommentPageByURL($this->path, $this->site);
		if($page_result !== null)
			return $page_result->id;
		
		$query = "INSERT INTO `jpemeric_comment`.`comment_page` (`site`, `path`) VALUES ('%d', '%s')";
		$query = sprintf($query, $this->site, $this->path);
		Database::execute($query);
		
		return Database::lastInsertID();
	}

	private function save_commenter()
	{
		$cookie_value = array(
			'name' => Request::getPost('name'),
			'email' => Request::getPost('email'));
		
		if(Request::getPost('website') != '')
			$cookie_value['website'] = Request::getPost('website');
		
		$cookie_value = json_encode($cookie_value);
		
		Cookie::instance('Commenter')
			->setValue($cookie_value)
			->save();
		
		$commenter_result = CommentCollector::getCommenterByFields(Request::getPost('name'), Request::getPost('email'), Request::getPost('website'));
		if($commenter_result !== null)
			return $commenter_result->id;
		
		$query = "INSERT INTO `jpemeric_comment`.`commenter` (`name`,`email`,`url`) VALUES ('%s','%s','%s')";
		
		$name = Database::escape(Request::getPost('name'));
		$email = Database::escape(Request::getPost('email'));
		$website = Database::escape(Request::getPost('website'));
		
		$query = sprintf($query, $name, $email, $website);
		Database::execute($query);
		return Database::lastInsertID();
	}

	private function save_comment()
	{
		$comment_result = CommentCollector::getCommentByBody(Request::getPost('comment'));
		if($comment_result !== null)
			return $comment_result->id;
		
		$query = "INSERT INTO `jpemeric_comment`.`comment` (`body`, `body_format`) VALUES ('%s', '%s')";
		
		$body = Database::escape(Request::getPost('comment'));
		
		$body_format = Request::getPost('comment');
		$body_format = Content::instance('CleanComment', $body_format)->activate();
		$body_format = Database::escape($body_format);
		
		$query = sprintf($query, $body, $body_format);
		Database::execute($query);
		return Database::lastInsertID();
	}

	private function save_comment_meta($commenter, $comment, $page)
	{
		$query = "INSERT INTO `jpemeric_comment`.`comment_meta` (`commenter`,`comment`,`reply`,`notify`,`comment_page`,`date`,`display`) VALUES ('%d','%d','%d','%d','%d','%s','%d')";
		
		$reply = Database::escape(Request::getPost('type'));
		if($reply == 'new')
			$reply = 0;
		// else check to make sure value is legit
		
		$notify = (Request::getPost('notify') == 'check') ? 1 : 0;
		$date = date('Y-m-d H:i:s');
		$display = 1;
		
		$query = sprintf($query, $commenter, $comment, $reply, $notify, $page, $date, $display);
		Database::execute($query);
		return Database::lastInsertID();
	}

	private function send_notifications($page)
	{
		Loader::load('utility', 'Mail');
		
		$email_recipient_array = array();
		
		$commenter_result = CommentCollector::getCommenterByFields(Request::getPost('name'), Request::getPost('email'), Request::getPost('website'));
		
		if($commenter_result->trusted == 1)
		{
			$notification_result = CommentCollector::getNotificationForPage($page);
			
			foreach($notification_result as $notification_row)
			{
				if($notification_row->email == Request::getPost('email'))
					continue;
				
				$email_recipient_array[$notification_row->email] = array(
					'email' => $notification_row->email,
					'name' => $notification_row->name);
			}
		}
        
        $site = URLDecode::getSite();
        
        if ($site == 'blog') {
            $subject = "New Comment on Jacob Emerick's Blog";
            $message = "Hello!\nThere has been a new comment on the post '{$this->page_title}' at Jacob Emerick's Blog. You have chosen to be notified of it - please reply to [email protected] if you would like to be removed from these notifications.\n\nOn " . date('F j, Y g:i a') . ", " . Request::getPost('name') . " commented...\n" . Request::getPost('comment') . "\n\nVisit {$this->full_path}#comments to see and reply to all the comments on this post.\nThank you!";
        } else if ($site == 'waterfalls') {
            $subject = "New Comment on Waterfalls of the Keweenaw";
            $message = "Hello!\nThere has been a new comment on the page '{$this->page_title}' at Waterfalls of the Keweenaw. You have chosen to be notified of it - please reply to [email protected] if you would like to be removed from these notifications.\n\nOn " . date('F j, Y g:i a') . ", " . Request::getPost('name') . " commented...\n" . Request::getPost('comment') . "\n\nVisit {$this->full_path}#comments to see and reply to all the comments on this post.\nThank you!";
        }

    global $container;

		foreach($email_recipient_array as $email_recipient)
		{
      $sent = $container['mail']
        ->addTo($email_recipient['email'], $email_recipient['name'])
        ->addBCC($container['config']->admin_email)
        ->setSubject($subject)
        ->setMessage($message);
        ->send();		

		}
	}

	private function redirect_to_comment($comment_id)
	{
		$url = '';
		$url .= $this->full_path;
		$url .= "#comment-{$comment_id}";
		
		Loader::loadNew('controller', 'Error303Controller', array($url))->activate();
		exit;
	}

}


1			<?
2
3			Loader::load('collector', 'comment/CommentCollector');
4
5			Loader::load('utility', array(
6			'Content',
7			'Cookie',
8			'Request',
9			'Validate'));
10
11			final class CommentSubmitModule
12			{
13
14			private $site;
15			private $path;
16			private $full_path;
17			private $page_title;
18
19			public function __construct($site, $path, $full_path, $page_title)
20			{
21			$this->site = $site;
22			$this->path = $path;
23			$this->full_path = $full_path;
24			$this->page_title = $page_title;
25			}
26
27			public function activate()
28			{
29			if(!Request::hasPost())
30			return false;
31			if(!Request::getPost('submit') == 'Submit Comment')
32			return false;
33
34			$errors = $this->fetch_errors();
35			if(count($errors) > 0)
36			return $errors;
37			if(Request::getPost('catch') !== '')
38			return false;
39
40			$page_id = $this->save_comment_page();
41			$commenter_id = $this->save_commenter();
42			$comment_id = $this->save_comment();
43
44			$comment_meta_id = $this->save_comment_meta($commenter_id, $comment_id, $page_id);
45
46			$this->send_notifications($page_id);
47			$this->redirect_to_comment($comment_meta_id);
48			}
49
50			private function fetch_errors()
51			{
52			$errors = array();
53			if(!Validate::checkRequest('post', 'name', 'name'))
54			$errors['name'] = 'You must include a valid name';
55			if(!Validate::checkRequest('post', 'email', 'email'))
56			$errors['email'] = 'You must include a valid email';
57			if(Request::getPost('website') && !Validate::checkRequest('post', 'website', 'url'))
58			$errors['website'] = 'Please enter a valid website';
59			if(!Validate::checkRequest('post', 'comment', 'string'))
60			$errors['comment'] = 'You must enter a comment';
61			if(Request::getPost('notify') && Request::getPost('notify') != 'check')
62			$errors['notify'] = 'You entered an invalid notify request';
63			if(Request::getPost('reply') && !Validate::checkRequest('post', 'reply', 'integer'))
64			$errors['reply'] = 'You entered an invalid reply request';
65
66			return $errors;
67			}
68
69			private function save_comment_page()
70			{
71			$page_result = CommentCollector::getCommentPageByURL($this->path, $this->site);
72			if($page_result !== null)
73			return $page_result->id;
74
75			$query = "INSERT INTO `jpemeric_comment`.`comment_page` (`site`, `path`) VALUES ('%d', '%s')";
76			$query = sprintf($query, $this->site, $this->path);
77			Database::execute($query);
78
79			return Database::lastInsertID();
80			}
81
82			private function save_commenter()
83			{
84			$cookie_value = array(
85			'name' => Request::getPost('name'),
86			'email' => Request::getPost('email'));
87
88			if(Request::getPost('website') != '')
89			$cookie_value['website'] = Request::getPost('website');
90
91			$cookie_value = json_encode($cookie_value);
92
93			Cookie::instance('Commenter')
94			->setValue($cookie_value)
95			->save();
96
97			$commenter_result = CommentCollector::getCommenterByFields(Request::getPost('name'), Request::getPost('email'), Request::getPost('website'));
98			if($commenter_result !== null)
99			return $commenter_result->id;
100
101			$query = "INSERT INTO `jpemeric_comment`.`commenter` (`name`,`email`,`url`) VALUES ('%s','%s','%s')";
102
103			$name = Database::escape(Request::getPost('name'));
104			$email = Database::escape(Request::getPost('email'));
105			$website = Database::escape(Request::getPost('website'));
106
107			$query = sprintf($query, $name, $email, $website);
108			Database::execute($query);
109			return Database::lastInsertID();
110			}
111
112			private function save_comment()
113			{
114			$comment_result = CommentCollector::getCommentByBody(Request::getPost('comment'));
115			if($comment_result !== null)
116			return $comment_result->id;
117
118			$query = "INSERT INTO `jpemeric_comment`.`comment` (`body`, `body_format`) VALUES ('%s', '%s')";
119
120			$body = Database::escape(Request::getPost('comment'));
121
122			$body_format = Request::getPost('comment');
123			$body_format = Content::instance('CleanComment', $body_format)->activate();
124			$body_format = Database::escape($body_format);
125
126			$query = sprintf($query, $body, $body_format);
127			Database::execute($query);
128			return Database::lastInsertID();
129			}
130
131			private function save_comment_meta($commenter, $comment, $page)
132			{
133			$query = "INSERT INTO `jpemeric_comment`.`comment_meta` (`commenter`,`comment`,`reply`,`notify`,`comment_page`,`date`,`display`) VALUES ('%d','%d','%d','%d','%d','%s','%d')";
134
135			$reply = Database::escape(Request::getPost('type'));
136			if($reply == 'new')
137			$reply = 0;
138			// else check to make sure value is legit
139
140			$notify = (Request::getPost('notify') == 'check') ? 1 : 0;
141			$date = date('Y-m-d H:i:s');
142			$display = 1;
143
144			$query = sprintf($query, $commenter, $comment, $reply, $notify, $page, $date, $display);
145			Database::execute($query);
146			return Database::lastInsertID();
147			}
148
149			private function send_notifications($page)
150			{
151			Loader::load('utility', 'Mail');
152
153			$email_recipient_array = array();
154
155			$commenter_result = CommentCollector::getCommenterByFields(Request::getPost('name'), Request::getPost('email'), Request::getPost('website'));
156
157			if($commenter_result->trusted == 1)
158			{
159			$notification_result = CommentCollector::getNotificationForPage($page);
160
161			foreach($notification_result as $notification_row)
162			{
163			if($notification_row->email == Request::getPost('email'))
164			continue;
165
166			$email_recipient_array[$notification_row->email] = array(
167			'email' => $notification_row->email,
168			'name' => $notification_row->name);
169			}
170			}
171
172			$site = URLDecode::getSite();
173
174			if ($site == 'blog') {
175			$subject = "New Comment on Jacob Emerick's Blog";
176			$message = "Hello!\nThere has been a new comment on the post '{$this->page_title}' at Jacob Emerick's Blog. You have chosen to be notified of it - please reply to [email protected] if you would like to be removed from these notifications.\n\nOn " . date('F j, Y g:i a') . ", " . Request::getPost('name') . " commented...\n" . Request::getPost('comment') . "\n\nVisit {$this->full_path}#comments to see and reply to all the comments on this post.\nThank you!";
177			} else if ($site == 'waterfalls') {
178			$subject = "New Comment on Waterfalls of the Keweenaw";
179			$message = "Hello!\nThere has been a new comment on the page '{$this->page_title}' at Waterfalls of the Keweenaw. You have chosen to be notified of it - please reply to [email protected] if you would like to be removed from these notifications.\n\nOn " . date('F j, Y g:i a') . ", " . Request::getPost('name') . " commented...\n" . Request::getPost('comment') . "\n\nVisit {$this->full_path}#comments to see and reply to all the comments on this post.\nThank you!";
180			}
181
182			global $container;
183
184			foreach($email_recipient_array as $email_recipient)
185			{
186			$sent = $container['mail']
187			->addTo($email_recipient['email'], $email_recipient['name'])
188			->addBCC($container['config']->admin_email)
189			->setSubject($subject)
190			->setMessage($message);
191			->send();
			0 ignored issues – show Bug introduced 2016-01-16 13:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_OBJECT_OPERATOR Loading history...
192			}
193			}
194
195			private function redirect_to_comment($comment_id)
196			{
197			$url = '';
198			$url .= $this->full_path;
199			$url .= "#comment-{$comment_id}";
200
201			Loader::loadNew('controller', 'Error303Controller', array($url))->activate();
202			exit;
203			}
204
205			}
206

jacobemerick / web

Push — master ( 5c8fbd...2c9aff )

module/form/CommentSubmitModule.class.inc.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like