Issues in ProgramModel.php (master) - Issues in master - literat/srazvs - Measure and Improve Code Quality continuously with Scrutinizer

Issues (789)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/models/ProgramModel.php (7 issues)

Labels

Severity

Minor 7

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace App\Models;

use Nette\Database\Context;

/**
 * Program model
 *
 * class for handling programs
 *
 * @created 2012-10-01
 * @author Tomas Litera <[email protected]>
 */
class ProgramModel extends BaseModel
{

	/**
	 * @var array
	 */
	public $columns = [
		'guid',
		'name',
		'block',
		'display_in_reg',
		'description',
		'tutor',
		'email',
		'category',
		'material',
		'capacity',
	];

	/**
	 * Array of form names
	 *
	 * @var array	form_names[]
	 */
	public $formNames = array();

	protected $table = 'kk_programs';

	private static $connection;

	/** Constructor */
	public function __construct(Context $database)
	{
		$this->formNames = array('guid', "name", "description", "material", "tutor", "email", "capacity", "display_in_reg", "block", "category");
		$this->setDatabase($database);
		self::$connection = $this->getDatabase();
	}

	/**
	 * Get programs
	 *
	 * @param	int		$block_id	ID of block
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @param	int		$visitor_id	ID of visitor
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @return	string				html
	 */
	public function getPrograms($blockId, $vid)
	{
		$blocks = $this->database
			->table($this->getTable())
			->where('block ? AND deleted ?', $blockId, '0')
			->limit(10)
			->fetchAll();

		if(!$blocks){

			$html = "";
		} else {
			/*
			$progSql = "SELECT progs.name AS prog_name
						FROM kk_programs AS progs
						LEFT JOIN `kk_visitor-program` AS visprog ON progs.id = visprog.program
						LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
						WHERE vis.id = '".$id."'";
			*/

			$html = "<div>\n";

			$checked_flag = false;
			$html_input = "";
			foreach($blocks as $data){
				// full program capacity with visitors
				$fullProgramData = $this->database
					->query('SELECT COUNT(visitor) AS visitors FROM `kk_visitor-program` AS visprog
							LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
							WHERE program = ? AND vis.deleted = ?',
							$data['id'], '0')->fetch();

				// if the program is checked
				$program = $this->database
					->table('kk_visitor-program')
					->where('program ? AND visitor ?', $data['id'], $vid)
					->fetch();

				if($program){
					$checked = "checked='checked'";
					$checked_flag = true;
				} else {
					$checked = "";
				}
				// if the capacity is full
				if($fullProgramData['visitors'] >= $data['capacity']){
					$html_input .= "<input id='".$data['id'].$blockId."' ".$checked." disabled type='radio' name='blck_".$blockId."' value='".$data['id']."' />\n";
					$fullProgramInfo = " (NELZE ZAPSAT - kapacita programu je již naplněna!)";
				} else {
					$html_input .= "<input id='".$data['id'].$blockId."' ".$checked." type='radio' name='blck_".$blockId."' value='".$data['id']."' /> \n";
					$fullProgramInfo = "";
				}
				$html_input .= '<label for="'.$data['id'].$blockId.'">'.$data['name'].'</label>';
				$html_input .= $fullProgramInfo;
				$html_input .= "<br />\n";
			}

			// pokud uz jednou bylo zaskrtnuto, nezaskrtavam znovu
			if(!$checked_flag) $checked = "checked='checked'";
			else $checked = "";

			$html .= "<input ".$checked." type='radio' name='blck_".$blockId."' value='0' /> Nebudu přítomen <br />\n";
			$html .= $html_input;

			$html .= "</div>\n";
		}

		return $html;
	}

	public function getExportPrograms($blockId)
	{
		$exportPrograms = $this->database
			->table($this->getTable())
			->where('block ? AND deleted ?', $blockId, '0')
			->limit(10)
			->fetchAll();

		if(!$exportPrograms) {

			$html = "";
		} else {
			$html = "<table>\n";
			foreach($exportPrograms as $data){
				$html .= "<tr>";
				//// resim kapacitu programu a jeho naplneni navstevniky
				$fullProgramData = $this->database
					->query('SELECT COUNT(visitor) AS visitors
							FROM `kk_visitor-program` AS visprog
							LEFT JOIN `kk_visitors` AS vis ON vis.id = visprog.visitor
							WHERE program = ?
							AND vis.deleted = ?',
							$data['id'], '0')->fetch();

				if($fullProgramData['visitors'] >= $data['capacity']){
					//$html .= "<input disabled type='radio' name='".$id."' value='".$data['id']."' />\n";
					$fullProgramInfo = "<span style='font-size:12px; font-weight:bold;'>".$fullProgramData['visitors']."/".$data['capacity']."</span> (kapacita programu je naplněna!)";
				}
				else {
					//$html .= "<input type='radio' name='".$id."' value='".$data['id']."' /> \n";
					$fullProgramInfo = "<span style='font-size:12px; font-weight:bold;'>".$fullProgramData['visitors']."/".$data['capacity']."</span>";
				}
				$html .= "<td style='min-width:270px;'>";
				$html .= "<a rel='programDetail' href='".PRJ_DIR."program/?id=".$data['id']."&cms=edit&page=export' title='".$data['name']."'>".$data['name']."</a>\n";
				$html .= "</td>";
				$html .= "<td>";
				$html .= $fullProgramInfo;
				$html .= "</td>";
				$html .= "</tr>\n";
			}
			$html .= "</table>\n";
		}
		return $html;
	}

	public function renderExportPrograms()
	{
		$programs = "";

		$progSql = $this->database
			->table('kk_blocks')
			->select('
				id,
				day,
				DATE_FORMAT(`from`, "%H:%i") AS `from`,
				DATE_FORMAT(`to`, "%H:%i") AS `to`,
				name,
				program'
			)
			->where('deleted = ? AND program = ? AND meeting = ?', '0', '1', $this->meetingId)
			->order('day ASC, from ASC')
			->fetchAll();

		if(!$progSql){

			$programs .= "<div class='emptyTable' style='width:400px;'>Nejsou žádná aktuální data.</div>\n";
		} else {
			//// prasarnicka kvuli programu raftu - resim obsazenost dohromady u dvou polozek
			//$raftCountSql = "SELECT COUNT(visitor) AS raft FROM `kk_visitor-program` WHERE program='56|57'";

			foreach($progSql as $progData){
				//nemoznost volit predsnemovni dikusi
				if($progData['id'] == 63) $notDisplayed = "style='display:none;'";
				//obsazenost raftu
				/*
				elseif($raftCountData['raft'] >= 18){
					if($progData['id'] == 86) $notDisplayed = "style='display:none;'";
					else $notDisplayed = "";
				}
				*/
				else $notDisplayed = "";
				$programs .= "<div ".$notDisplayed.">".$progData['day'].", ".$progData['from']." - ".$progData['to']." : ".$progData['name']."</div>\n";
				if($progData['program'] == 1) $programs .= "<div ".$notDisplayed.">".$this->getExportPrograms($progData['id'])."</div>";
				$programs .= "<br />";
			}
		}

		return $programs;
	}

	/**
	 * Render data in a table
	 *
	 * @return	string	html of a table
	 */
	public function getData($program_id = NULL)
	{
		if(isset($program_id)) {
			$data = $this->database
				->table($this->getTable())
				->where('id ? AND deleted ?', $program_id, '0')
				->limit(1)
				->fetch();
		} else {
			$data = $this->database
				->query('SELECT programs.id AS id,
						programs.name AS name,
						programs.description AS description,
						programs.tutor AS tutor,
						programs.email AS email,
						blocks.name AS block,
						programs.capacity AS capacity,
						style,
						cat.name AS cat_name
				FROM kk_programs AS programs
				LEFT JOIN kk_blocks AS blocks ON blocks.id = programs.block
				LEFT JOIN kk_categories AS cat ON cat.id = programs.category
				WHERE blocks.meeting = ? AND programs.deleted = ? AND blocks.deleted = ?
				ORDER BY programs.id ASC',
				$this->meetingId, '0', '0')->fetchAll();
		}

		return $data;
	}

	/**
	 * @return Nette\Database\Table\ActiveRow
	 */
	public function all()
	{
		return $this->getDatabase()
				->query('SELECT programs.id AS id,
						programs.name AS name,
						programs.description AS description,
						programs.tutor AS tutor,
						programs.email AS email,
						programs.guid AS guid,
						blocks.name AS block,
						programs.capacity AS capacity,
						style,
						cat.name AS cat_name
				FROM kk_programs AS programs
				LEFT JOIN kk_blocks AS blocks ON blocks.id = programs.block
				LEFT JOIN kk_categories AS cat ON cat.id = programs.category
				WHERE blocks.meeting = ? AND programs.deleted = ? AND blocks.deleted = ?
				ORDER BY programs.id ASC',
				$this->getMeetingId(), '0', '0')->fetchAll();
	}

	/**
	 * @param  string $guid
	 * @return Nette\Database\Table\ActiveRow
	 */
	public function annotation($guid)
	{
		return $this->getDatabase()
				->table($this->getTable())
				->where('guid ? AND deleted ?', $guid, '0')
				->limit(1)
				->fetch();
	}

	/**
	 * @param  int    $visitorId
	 * @return array
	 */
	public function findByVisitorId(int $visitorId): array
	{
		return $this->getDatabase()
			->query('SELECT progs.name AS prog_name,
							day,
							DATE_FORMAT(`from`, "%H:%i") AS `from`,
							DATE_FORMAT(`to`, "%H:%i") AS `to`
					FROM kk_programs AS progs
					LEFT JOIN `kk_visitor-program` AS visprog ON progs.id = visprog.program
					LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
					LEFT JOIN kk_blocks AS blocks ON progs.block = blocks.id
					WHERE vis.id = ?
					ORDER BY `day`, `from` ASC',
					$visitorId)
			->fetchAll();
	}

	public static function getPdfPrograms($id, $vid, $database){
		$result = $database
			->table('kk_programs')
			->where('block ? AND deleted ?', $id, '0')
			->limit(10)
			->fetchAll();

		if(!$result){
			$html = "";
		} else {

			$html = "<div class='program'>\n";

			foreach($result as $data){
				$rows = $database
					->table('kk_visitor-program')
					->where('program ? AND visitor ?', $data->id, $vid)
					->fetchAll();
				if($rows) $html .= $data['name'];
			}
			$html .= "</div>\n";
		}

		return $html;
	}

	public function getProgramsLarge($id){
		$result = $this->database
			->query('SELECT progs.name AS name,
						cat.style AS style
				FROM kk_programs AS progs
				LEFT JOIN kk_categories AS cat ON cat.id = progs.category
				WHERE block = ? AND progs.deleted = ?
				LIMIT 10',
				$id, '0')->fetchAll();

		if(!$result) $html = "";

		else {
			$html = "<table>";
			$html .= " <tr>";
			foreach($result as $data){
				$html .= "<td class='category cat-".$data['style']."' >".$data['name']."</td>\n";
			}
			$html .= " </tr>\n";
			$html .= "</table>\n";
		}
		return $html;
	}

	public static function getProgramNames($block_id)
	{
		$result = self::$connection
			->table('kk_programs')
			->select('name')
			->where('block ? AND deleted ?', $block_id, '0')
			->limit(10)
			->fetchAll();

		$html = '';

		if(!$result) $html = "";

		else {
			foreach($result as $data){
				$html .= $data['name'].",\n";
			}
		}
		return $html;
	}

	/**
	 * Get tutor e-mail address
	 *
	 * @param int $id id of block item
	 * @return Nette\Database\Table\ActiveRow object with e-mail address
	 */
	public function getTutor($id)
	{
		return $this->getDatabase()
			->table($this->getTable())
			->select('guid, email, tutor')
			->where('id ? AND deleted ?', $id, '0')
			->limit(1)
			->fetch();
	}

	/**
	 * @param  integer $blockId
	 * @return Row
	 */
	public function findByBlockId($blockId = null)
	{
		return $this->getDatabase()
			->query('SELECT	progs.id AS id,
						progs.name AS name,
						style
				FROM kk_programs AS progs
				LEFT JOIN kk_categories AS cat ON cat.id = progs.category
				WHERE block = ? AND progs.deleted = ?
				LIMIT 10',
				$blockId, '0')
			->fetchAll();
	}

	/**
	 * @param  int  $programId
	 * @return Row
	 */
	public function findProgramVisitors(int $programId)
	{
		return $this->getDatabase()
				->query('SELECT vis.name AS name,
								vis.surname AS surname,
								vis.nick AS nick
						FROM kk_visitors AS vis
						LEFT JOIN `kk_visitor-program` AS visprog ON vis.id = visprog.visitor
						WHERE visprog.program = ? AND vis.deleted = ?',
						$programId, '0')->fetchAll();
	}

	/**
	 * @param  int  $programId
	 * @return Row
	 */
	public function countProgramVisitors(int $programId)
	{
		return $this->getDatabase()
				->query('SELECT COUNT(*)
						FROM kk_visitors AS vis
						LEFT JOIN `kk_visitor-program` AS visprog ON vis.id = visprog.visitor
						WHERE visprog.program = ? AND vis.deleted = ?',
						$programId, '0')->fetch()[0];
	}

}


1			<?php
2
3			namespace App\Models;
4
5			use Nette\Database\Context;
6
7			/**
8			* Program model
9			*
10			* class for handling programs
11			*
12			* @created 2012-10-01
13			* @author Tomas Litera <[email protected]>
14			*/
15			class ProgramModel extends BaseModel
16			{
17
18			/**
19			* @var array
20			*/
21			public $columns = [
22			'guid',
23			'name',
24			'block',
25			'display_in_reg',
26			'description',
27			'tutor',
28			'email',
29			'category',
30			'material',
31			'capacity',
32			];
33
34			/**
35			* Array of form names
36			*
37			* @var array form_names[]
38			*/
39			public $formNames = array();
40
41			protected $table = 'kk_programs';
42
43			private static $connection;
44
45			/** Constructor */
46			public function __construct(Context $database)
47			{
48			$this->formNames = array('guid', "name", "description", "material", "tutor", "email", "capacity", "display_in_reg", "block", "category");
49			$this->setDatabase($database);
50			self::$connection = $this->getDatabase();
51			}
52
53			/**
54			* Get programs
55			*
56			* @param int $block_id ID of block
			0 ignored issues – show Bug introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$block_id`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
57			* @param int $visitor_id ID of visitor
			0 ignored issues – show Bug introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$visitor_id`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
58			* @return string html
59			*/
60			public function getPrograms($blockId, $vid)
61			{
62			$blocks = $this->database
63			->table($this->getTable())
64			->where('block ? AND deleted ?', $blockId, '0')
65			->limit(10)
66			->fetchAll();
67
68			if(!$blocks){
			0 ignored issues – show Bug Best Practice introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$blocks` of type `Nette\Database\IRow[]` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
69			$html = "";
70			} else {
71			/*
72			$progSql = "SELECT progs.name AS prog_name
73			FROM kk_programs AS progs
74			LEFT JOIN `kk_visitor-program` AS visprog ON progs.id = visprog.program
75			LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
76			WHERE vis.id = '".$id."'";
77			*/
78
79			$html = "<div>\n";
80
81			$checked_flag = false;
82			$html_input = "";
83			foreach($blocks as $data){
84			// full program capacity with visitors
85			$fullProgramData = $this->database
86			->query('SELECT COUNT(visitor) AS visitors FROM `kk_visitor-program` AS visprog
87			LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
88			WHERE program = ? AND vis.deleted = ?',
89			$data['id'], '0')->fetch();
90
91			// if the program is checked
92			$program = $this->database
93			->table('kk_visitor-program')
94			->where('program ? AND visitor ?', $data['id'], $vid)
95			->fetch();
96
97			if($program){
98			$checked = "checked='checked'";
99			$checked_flag = true;
100			} else {
101			$checked = "";
102			}
103			// if the capacity is full
104			if($fullProgramData['visitors'] >= $data['capacity']){
105			$html_input .= "<input id='".$data['id'].$blockId."' ".$checked." disabled type='radio' name='blck_".$blockId."' value='".$data['id']."' />\n";
106			$fullProgramInfo = " (NELZE ZAPSAT - kapacita programu je již naplněna!)";
107			} else {
108			$html_input .= "<input id='".$data['id'].$blockId."' ".$checked." type='radio' name='blck_".$blockId."' value='".$data['id']."' /> \n";
109			$fullProgramInfo = "";
110			}
111			$html_input .= '<label for="'.$data['id'].$blockId.'">'.$data['name'].'</label>';
112			$html_input .= $fullProgramInfo;
113			$html_input .= "<br />\n";
114			}
115
116			// pokud uz jednou bylo zaskrtnuto, nezaskrtavam znovu
117			if(!$checked_flag) $checked = "checked='checked'";
118			else $checked = "";
119
120			$html .= "<input ".$checked." type='radio' name='blck_".$blockId."' value='0' /> Nebudu přítomen <br />\n";
121			$html .= $html_input;
122
123			$html .= "</div>\n";
124			}
125
126			return $html;
127			}
128
129			public function getExportPrograms($blockId)
130			{
131			$exportPrograms = $this->database
132			->table($this->getTable())
133			->where('block ? AND deleted ?', $blockId, '0')
134			->limit(10)
135			->fetchAll();
136
137			if(!$exportPrograms) {
			0 ignored issues – show Bug Best Practice introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$exportPrograms` of type `Nette\Database\IRow[]` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
138			$html = "";
139			} else {
140			$html = "<table>\n";
141			foreach($exportPrograms as $data){
142			$html .= "<tr>";
143			//// resim kapacitu programu a jeho naplneni navstevniky
144			$fullProgramData = $this->database
145			->query('SELECT COUNT(visitor) AS visitors
146			FROM `kk_visitor-program` AS visprog
147			LEFT JOIN `kk_visitors` AS vis ON vis.id = visprog.visitor
148			WHERE program = ?
149			AND vis.deleted = ?',
150			$data['id'], '0')->fetch();
151
152			if($fullProgramData['visitors'] >= $data['capacity']){
153			//$html .= "<input disabled type='radio' name='".$id."' value='".$data['id']."' />\n";
154			$fullProgramInfo = "<span style='font-size:12px; font-weight:bold;'>".$fullProgramData['visitors']."/".$data['capacity']."</span> (kapacita programu je naplněna!)";
155			}
156			else {
157			//$html .= "<input type='radio' name='".$id."' value='".$data['id']."' /> \n";
158			$fullProgramInfo = "<span style='font-size:12px; font-weight:bold;'>".$fullProgramData['visitors']."/".$data['capacity']."</span>";
159			}
160			$html .= "<td style='min-width:270px;'>";
161			$html .= "<a rel='programDetail' href='".PRJ_DIR."program/?id=".$data['id']."&cms=edit&page=export' title='".$data['name']."'>".$data['name']."</a>\n";
162			$html .= "</td>";
163			$html .= "<td>";
164			$html .= $fullProgramInfo;
165			$html .= "</td>";
166			$html .= "</tr>\n";
167			}
168			$html .= "</table>\n";
169			}
170			return $html;
171			}
172
173			public function renderExportPrograms()
174			{
175			$programs = "";
176
177			$progSql = $this->database
178			->table('kk_blocks')
179			->select('
180			id,
181			day,
182			DATE_FORMAT(`from`, "%H:%i") AS `from`,
183			DATE_FORMAT(`to`, "%H:%i") AS `to`,
184			name,
185			program'
186			)
187			->where('deleted = ? AND program = ? AND meeting = ?', '0', '1', $this->meetingId)
188			->order('day ASC, from ASC')
189			->fetchAll();
190
191			if(!$progSql){
			0 ignored issues – show Bug Best Practice introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$progSql` of type `Nette\Database\IRow[]` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
192			$programs .= "<div class='emptyTable' style='width:400px;'>Nejsou žádná aktuální data.</div>\n";
193			} else {
194			//// prasarnicka kvuli programu raftu - resim obsazenost dohromady u dvou polozek
195			//$raftCountSql = "SELECT COUNT(visitor) AS raft FROM `kk_visitor-program` WHERE program='56\|57'";
196
197			foreach($progSql as $progData){
198			//nemoznost volit predsnemovni dikusi
199			if($progData['id'] == 63) $notDisplayed = "style='display:none;'";
200			//obsazenost raftu
201			/*
202			elseif($raftCountData['raft'] >= 18){
203			if($progData['id'] == 86) $notDisplayed = "style='display:none;'";
204			else $notDisplayed = "";
205			}
206			*/
207			else $notDisplayed = "";
208			$programs .= "<div ".$notDisplayed.">".$progData['day'].", ".$progData['from']." - ".$progData['to']." : ".$progData['name']."</div>\n";
209			if($progData['program'] == 1) $programs .= "<div ".$notDisplayed.">".$this->getExportPrograms($progData['id'])."</div>";
210			$programs .= "<br />";
211			}
212			}
213
214			return $programs;
215			}
216
217			/**
218			* Render data in a table
219			*
220			* @return string html of a table
221			*/
222			public function getData($program_id = NULL)
223			{
224			if(isset($program_id)) {
225			$data = $this->database
226			->table($this->getTable())
227			->where('id ? AND deleted ?', $program_id, '0')
228			->limit(1)
229			->fetch();
230			} else {
231			$data = $this->database
232			->query('SELECT programs.id AS id,
233			programs.name AS name,
234			programs.description AS description,
235			programs.tutor AS tutor,
236			programs.email AS email,
237			blocks.name AS block,
238			programs.capacity AS capacity,
239			style,
240			cat.name AS cat_name
241			FROM kk_programs AS programs
242			LEFT JOIN kk_blocks AS blocks ON blocks.id = programs.block
243			LEFT JOIN kk_categories AS cat ON cat.id = programs.category
244			WHERE blocks.meeting = ? AND programs.deleted = ? AND blocks.deleted = ?
245			ORDER BY programs.id ASC',
246			$this->meetingId, '0', '0')->fetchAll();
247			}
248
249			return $data;
250			}
251
252			/**
253			* @return Nette\Database\Table\ActiveRow
254			*/
255			public function all()
256			{
257			return $this->getDatabase()
258			->query('SELECT programs.id AS id,
259			programs.name AS name,
260			programs.description AS description,
261			programs.tutor AS tutor,
262			programs.email AS email,
263			programs.guid AS guid,
264			blocks.name AS block,
265			programs.capacity AS capacity,
266			style,
267			cat.name AS cat_name
268			FROM kk_programs AS programs
269			LEFT JOIN kk_blocks AS blocks ON blocks.id = programs.block
270			LEFT JOIN kk_categories AS cat ON cat.id = programs.category
271			WHERE blocks.meeting = ? AND programs.deleted = ? AND blocks.deleted = ?
272			ORDER BY programs.id ASC',
273			$this->getMeetingId(), '0', '0')->fetchAll();
274			}
275
276			/**
277			* @param string $guid
278			* @return Nette\Database\Table\ActiveRow
279			*/
280			public function annotation($guid)
281			{
282			return $this->getDatabase()
283			->table($this->getTable())
284			->where('guid ? AND deleted ?', $guid, '0')
285			->limit(1)
286			->fetch();
287			}
288
289			/**
290			* @param int $visitorId
291			* @return array
292			*/
293			public function findByVisitorId(int $visitorId): array
294			{
295			return $this->getDatabase()
296			->query('SELECT progs.name AS prog_name,
297			day,
298			DATE_FORMAT(`from`, "%H:%i") AS `from`,
299			DATE_FORMAT(`to`, "%H:%i") AS `to`
300			FROM kk_programs AS progs
301			LEFT JOIN `kk_visitor-program` AS visprog ON progs.id = visprog.program
302			LEFT JOIN kk_visitors AS vis ON vis.id = visprog.visitor
303			LEFT JOIN kk_blocks AS blocks ON progs.block = blocks.id
304			WHERE vis.id = ?
305			ORDER BY `day`, `from` ASC',
306			$visitorId)
307			->fetchAll();
308			}
309
310			public static function getPdfPrograms($id, $vid, $database){
311			$result = $database
312			->table('kk_programs')
313			->where('block ? AND deleted ?', $id, '0')
314			->limit(10)
315			->fetchAll();
316
317			if(!$result){
318			$html = "";
319			} else {
320
321			$html = "<div class='program'>\n";
322
323			foreach($result as $data){
324			$rows = $database
325			->table('kk_visitor-program')
326			->where('program ? AND visitor ?', $data->id, $vid)
327			->fetchAll();
328			if($rows) $html .= $data['name'];
329			}
330			$html .= "</div>\n";
331			}
332
333			return $html;
334			}
335
336			public function getProgramsLarge($id){
337			$result = $this->database
338			->query('SELECT progs.name AS name,
339			cat.style AS style
340			FROM kk_programs AS progs
341			LEFT JOIN kk_categories AS cat ON cat.id = progs.category
342			WHERE block = ? AND progs.deleted = ?
343			LIMIT 10',
344			$id, '0')->fetchAll();
345
346			if(!$result) $html = "";
			0 ignored issues – show Bug Best Practice introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$result` of type `Nette\Database\IRow[]` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
347			else {
348			$html = "<table>";
349			$html .= " <tr>";
350			foreach($result as $data){
351			$html .= "<td class='category cat-".$data['style']."' >".$data['name']."</td>\n";
352			}
353			$html .= " </tr>\n";
354			$html .= "</table>\n";
355			}
356			return $html;
357			}
358
359			public static function getProgramNames($block_id)
360			{
361			$result = self::$connection
362			->table('kk_programs')
363			->select('name')
364			->where('block ? AND deleted ?', $block_id, '0')
365			->limit(10)
366			->fetchAll();
367
368			$html = '';
369
370			if(!$result) $html = "";
			0 ignored issues – show Bug Best Practice introduced 2017-03-07 23:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$result` of type `Nette\Database\IRow[]` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
371			else {
372			foreach($result as $data){
373			$html .= $data['name'].",\n";
374			}
375			}
376			return $html;
377			}
378
379			/**
380			* Get tutor e-mail address
381			*
382			* @param int $id id of block item
383			* @return Nette\Database\Table\ActiveRow object with e-mail address
384			*/
385			public function getTutor($id)
386			{
387			return $this->getDatabase()
388			->table($this->getTable())
389			->select('guid, email, tutor')
390			->where('id ? AND deleted ?', $id, '0')
391			->limit(1)
392			->fetch();
393			}
394
395			/**
396			* @param integer $blockId
397			* @return Row
398			*/
399			public function findByBlockId($blockId = null)
400			{
401			return $this->getDatabase()
402			->query('SELECT progs.id AS id,
403			progs.name AS name,
404			style
405			FROM kk_programs AS progs
406			LEFT JOIN kk_categories AS cat ON cat.id = progs.category
407			WHERE block = ? AND progs.deleted = ?
408			LIMIT 10',
409			$blockId, '0')
410			->fetchAll();
411			}
412
413			/**
414			* @param int $programId
415			* @return Row
416			*/
417			public function findProgramVisitors(int $programId)
418			{
419			return $this->getDatabase()
420			->query('SELECT vis.name AS name,
421			vis.surname AS surname,
422			vis.nick AS nick
423			FROM kk_visitors AS vis
424			LEFT JOIN `kk_visitor-program` AS visprog ON vis.id = visprog.visitor
425			WHERE visprog.program = ? AND vis.deleted = ?',
426			$programId, '0')->fetchAll();
427			}
428
429			/**
430			* @param int $programId
431			* @return Row
432			*/
433			public function countProgramVisitors(int $programId)
434			{
435			return $this->getDatabase()
436			->query('SELECT COUNT(*)
437			FROM kk_visitors AS vis
438			LEFT JOIN `kk_visitor-program` AS visprog ON vis.id = visprog.visitor
439			WHERE visprog.program = ? AND vis.deleted = ?',
440			$programId, '0')->fetch()[0];
441			}
442
443			}
444

literat / srazvs

Issues (789)

Security Analysis not enabled

app/models/ProgramModel.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like