mambax7 /
XoopsCore25
| Total Complexity | 60 |
| Total Lines | 400 |
| Duplicated Lines | 0 % |
| Changes | 0 | ||
Complex classes like XoopsGTicket often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use XoopsGTicket, and based on these observations, apply Extract Interface, too.
| 1 | <?php namespace XoopsModules\Protector; |
||
| 10 | class XoopsGTicket |
||
| 11 | { |
||
| 12 | /** |
||
| 13 | * @var array |
||
| 14 | */ |
||
| 15 | public $_errors = array(); |
||
| 16 | /** |
||
| 17 | * @var string |
||
| 18 | */ |
||
| 19 | public $_latest_token = ''; |
||
| 20 | /** |
||
| 21 | * @var array |
||
| 22 | */ |
||
| 23 | public $messages = array(); |
||
| 24 | |||
| 25 | /** |
||
| 26 | * XoopsGTicket constructor. |
||
| 27 | */ |
||
| 28 | public function __construct() |
||
| 29 | { |
||
| 30 | global $xoopsConfig; |
||
| 31 | |||
| 32 | // language file |
||
| 33 | if (defined('XOOPS_ROOT_PATH') && !empty($xoopsConfig['language']) && false === strpos($xoopsConfig['language'], '/')) { |
||
| 34 | if (file_exists(dirname(__DIR__) . '/language/' . $xoopsConfig['language'] . '/gticket_messages.phtml')) { |
||
| 35 | include dirname(__DIR__) . '/language/' . $xoopsConfig['language'] . '/gticket_messages.phtml'; |
||
| 36 | } |
||
| 37 | } |
||
| 38 | |||
| 39 | // default messages |
||
| 40 | if (empty($this->messages)) { |
||
| 41 | $this->messages = array( |
||
| 42 | 'err_general' => 'GTicket Error', |
||
| 43 | 'err_nostubs' => 'No stubs found', |
||
| 44 | 'err_noticket' => 'No ticket found', |
||
| 45 | 'err_nopair' => 'No valid ticket-stub pair found', |
||
| 46 | 'err_timeout' => 'Time out', |
||
| 47 | 'err_areaorref' => 'Invalid area or referer', |
||
| 48 | 'fmt_prompt4repost' => 'error(s) found:<br><span style="background-color:red;font-weight:bold;color:white;">%s</span><br>Confirm it.<br>And do you want to post again?', |
||
| 49 | 'btn_repost' => 'repost', |
||
| 50 | ); |
||
| 51 | } |
||
| 52 | } |
||
| 53 | |||
| 54 | // render form as plain html |
||
| 55 | |||
| 56 | /** |
||
| 57 | * @param string $salt |
||
| 58 | * @param int $timeout |
||
| 59 | * @param string $area |
||
| 60 | * |
||
| 61 | * @return string |
||
| 62 | */ |
||
| 63 | public function getTicketHtml($salt = '', $timeout = 1800, $area = '') |
||
| 64 | { |
||
| 65 | return '<input type="hidden" name="XOOPS_G_TICKET" value="' . $this->issue($salt, $timeout, $area) . '" />'; |
||
| 66 | } |
||
| 67 | |||
| 68 | // returns an object of XoopsFormHidden including theh ticket |
||
| 69 | |||
| 70 | /** |
||
| 71 | * @param string $salt |
||
| 72 | * @param int $timeout |
||
| 73 | * @param string $area |
||
| 74 | * |
||
| 75 | * @return XoopsFormHidden |
||
| 76 | */ |
||
| 77 | public function getTicketXoopsForm($salt = '', $timeout = 1800, $area = '') |
||
| 78 | { |
||
| 79 | return new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area)); |
||
|
Bug
introduced
by
|
|||
| 80 | } |
||
| 81 | |||
| 82 | // add a ticket as Hidden Element into XoopsForm |
||
| 83 | |||
| 84 | /** |
||
| 85 | * @param \XoopsForm $form |
||
| 86 | * @param string $salt |
||
| 87 | * @param int $timeout |
||
| 88 | * @param string $area |
||
| 89 | */ |
||
| 90 | public function addTicketXoopsFormElement($form, $salt = '', $timeout = 1800, $area = '') |
||
| 91 | { |
||
| 92 | $form->addElement(new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area))); |
||
| 93 | } |
||
| 94 | |||
| 95 | // returns an array for xoops_confirm() ; |
||
| 96 | |||
| 97 | /** |
||
| 98 | * @param string $salt |
||
| 99 | * @param int $timeout |
||
| 100 | * @param string $area |
||
| 101 | * |
||
| 102 | * @return array |
||
| 103 | */ |
||
| 104 | public function getTicketArray($salt = '', $timeout = 1800, $area = '') |
||
| 105 | { |
||
| 106 | return array('XOOPS_G_TICKET' => $this->issue($salt, $timeout, $area)); |
||
| 107 | } |
||
| 108 | |||
| 109 | // return GET parameter string. |
||
| 110 | |||
| 111 | /** |
||
| 112 | * @param string $salt |
||
| 113 | * @param bool $noamp |
||
| 114 | * @param int $timeout |
||
| 115 | * @param string $area |
||
| 116 | * |
||
| 117 | * @return string |
||
| 118 | */ |
||
| 119 | public function getTicketParamString($salt = '', $noamp = false, $timeout = 1800, $area = '') |
||
| 120 | { |
||
| 121 | return ($noamp ? '' : '&') . 'XOOPS_G_TICKET=' . $this->issue($salt, $timeout, $area); |
||
| 122 | } |
||
| 123 | |||
| 124 | // issue a ticket |
||
| 125 | |||
| 126 | /** |
||
| 127 | * @param string $salt |
||
| 128 | * @param int $timeout |
||
| 129 | * @param string $area |
||
| 130 | * |
||
| 131 | * @return string |
||
| 132 | */ |
||
| 133 | public function issue($salt = '', $timeout = 1800, $area = '') |
||
| 174 | } |
||
| 175 | |||
| 176 | // check a ticket |
||
| 177 | |||
| 178 | /** |
||
| 179 | * @param bool $post |
||
| 180 | * @param string $area |
||
| 181 | * @param bool $allow_repost |
||
| 182 | * |
||
| 183 | * @return bool |
||
| 184 | */ |
||
| 185 | public function check($post = true, $area = '', $allow_repost = true) |
||
| 186 | { |
||
| 187 | global $xoopsModule; |
||
| 188 | |||
| 189 | $this->_errors = array(); |
||
| 190 | |||
| 191 | // CHECK: stubs are not stored in session |
||
| 192 | if (!is_array(@$_SESSION['XOOPS_G_STUBS'])) { |
||
| 193 | $this->_errors[] = $this->messages['err_nostubs']; |
||
| 194 | $_SESSION['XOOPS_G_STUBS'] = array(); |
||
| 195 | } |
||
| 196 | |||
| 197 | // get key&val of the ticket from a user's query |
||
| 198 | $ticket = $post ? @$_POST['XOOPS_G_TICKET'] : @$_GET['XOOPS_G_TICKET']; |
||
| 199 | |||
| 200 | // CHECK: no tickets found |
||
| 201 | if (empty($ticket)) { |
||
| 202 | $this->_errors[] = $this->messages['err_noticket']; |
||
| 203 | } |
||
| 204 | |||
| 205 | // gargage collection & find a right stub |
||
| 206 | $stubs_tmp = $_SESSION['XOOPS_G_STUBS']; |
||
| 207 | $_SESSION['XOOPS_G_STUBS'] = array(); |
||
| 208 | foreach ($stubs_tmp as $stub) { |
||
| 209 | // default lifetime 30min |
||
| 210 | if ($stub['expire'] >= time()) { |
||
| 211 | if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) { |
||
| 212 | $found_stub = $stub; |
||
| 213 | } else { |
||
| 214 | // store the other valid stubs into session |
||
| 215 | $_SESSION['XOOPS_G_STUBS'][] = $stub; |
||
| 216 | } |
||
| 217 | } else { |
||
| 218 | if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) { |
||
| 219 | // not CSRF but Time-Out |
||
| 220 | $timeout_flag = true; |
||
| 221 | } |
||
| 222 | } |
||
| 223 | } |
||
| 224 | |||
| 225 | // CHECK: the right stub found or not |
||
| 226 | if (empty($found_stub)) { |
||
| 227 | if (empty($timeout_flag)) { |
||
| 228 | $this->_errors[] = $this->messages['err_nopair']; |
||
| 229 | } else { |
||
| 230 | $this->_errors[] = $this->messages['err_timeout']; |
||
| 231 | } |
||
| 232 | } else { |
||
| 233 | // set area if necessary |
||
| 234 | // area as module's dirname |
||
| 235 | if (!$area && is_object(@$xoopsModule)) { |
||
| 236 | $area = $xoopsModule->getVar('dirname'); |
||
| 237 | } |
||
| 238 | |||
| 239 | // check area or referer |
||
| 240 | if (@$found_stub['area'] == $area) { |
||
| 241 | $area_check = true; |
||
| 242 | } |
||
| 243 | if (!empty($found_stub['referer']) && false !== strpos(@$_SERVER['HTTP_REFERER'], $found_stub['referer'])) { |
||
| 244 | $referer_check = true; |
||
| 245 | } |
||
| 246 | |||
| 247 | if (empty($area_check) && empty($referer_check)) { // loose |
||
| 248 | $this->_errors[] = $this->messages['err_areaorref']; |
||
| 249 | } |
||
| 250 | } |
||
| 251 | |||
| 252 | if (!empty($this->_errors)) { |
||
| 253 | if ($allow_repost) { |
||
| 254 | // repost form |
||
| 255 | $this->draw_repost_form($area); |
||
| 256 | exit; |
||
| 257 | } else { |
||
| 258 | // failed |
||
| 259 | $this->clear(); |
||
| 260 | |||
| 261 | return false; |
||
| 262 | } |
||
| 263 | } else { |
||
| 264 | // all green |
||
| 265 | return true; |
||
| 266 | } |
||
| 267 | } |
||
| 268 | |||
| 269 | // draw form for repost |
||
| 270 | |||
| 271 | /** |
||
| 272 | * @param string $area |
||
| 273 | */ |
||
| 274 | public function draw_repost_form($area = '') |
||
| 275 | { |
||
| 276 | // Notify which file is broken |
||
| 277 | if (headers_sent()) { |
||
| 278 | restore_error_handler(); |
||
| 279 | set_error_handler(array( |
||
| 280 | &$this, |
||
| 281 | 'errorHandler4FindOutput', |
||
| 282 | )); |
||
| 283 | header('Dummy: for warning'); |
||
| 284 | restore_error_handler(); |
||
| 285 | exit; |
||
| 286 | } |
||
| 287 | |||
| 288 | error_reporting(0); |
||
| 289 | while (ob_get_level()) { |
||
| 290 | ob_end_clean(); |
||
| 291 | } |
||
| 292 | |||
| 293 | $table = '<table>'; |
||
| 294 | $form = '<form action="?' . htmlspecialchars(@$_SERVER['QUERY_STRING'], ENT_QUOTES) . '" method="post" >'; |
||
| 295 | foreach ($_POST as $key => $val) { |
||
| 296 | if ($key === 'XOOPS_G_TICKET') { |
||
| 297 | continue; |
||
| 298 | } |
||
| 299 | if (@get_magic_quotes_gpc()) { |
||
| 300 | $key = stripslashes($key); |
||
| 301 | } |
||
| 302 | if (is_array($val)) { |
||
| 303 | list($tmp_table, $tmp_form) = $this->extract_post_recursive(htmlspecialchars($key, ENT_QUOTES), $val); |
||
| 304 | $table .= $tmp_table; |
||
| 305 | $form .= $tmp_form; |
||
| 306 | } else { |
||
| 307 | if (@get_magic_quotes_gpc()) { |
||
| 308 | $val = stripslashes($val); |
||
| 309 | } |
||
| 310 | $table .= '<tr><th>' . htmlspecialchars($key, ENT_QUOTES) . '</th><td>' . htmlspecialchars($val, ENT_QUOTES) . '</td></tr>' . "\n"; |
||
| 311 | $form .= '<input type="hidden" name="' . htmlspecialchars($key, ENT_QUOTES) . '" value="' . htmlspecialchars($val, ENT_QUOTES) . '" />' . "\n"; |
||
| 312 | } |
||
| 313 | } |
||
| 314 | $table .= '</table>'; |
||
| 315 | $form .= $this->getTicketHtml(__LINE__, 300, $area) . '<input type="submit" value="' . $this->messages['btn_repost'] . '" /></form>'; |
||
| 316 | |||
| 317 | echo '<html><head><title>' . $this->messages['err_general'] . '</title><style>table,td,th {border:solid black 1px; border-collapse:collapse;}</style></head><body>' . sprintf($this->messages['fmt_prompt4repost'], $this->getErrors()) . $table . $form . '</body></html>'; |
||
| 318 | } |
||
| 319 | |||
| 320 | /** |
||
| 321 | * @param $key_name |
||
| 322 | * @param $tmp_array |
||
| 323 | * |
||
| 324 | * @return array |
||
| 325 | */ |
||
| 326 | public function extract_post_recursive($key_name, $tmp_array) |
||
| 327 | { |
||
| 328 | $table = ''; |
||
| 329 | $form = ''; |
||
| 330 | foreach ($tmp_array as $key => $val) { |
||
| 331 | if (@get_magic_quotes_gpc()) { |
||
| 332 | $key = stripslashes($key); |
||
| 333 | } |
||
| 334 | if (is_array($val)) { |
||
| 335 | list($tmp_table, $tmp_form) = $this->extract_post_recursive($key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']', $val); |
||
| 336 | $table .= $tmp_table; |
||
| 337 | $form .= $tmp_form; |
||
| 338 | } else { |
||
| 339 | if (@get_magic_quotes_gpc()) { |
||
| 340 | $val = stripslashes($val); |
||
| 341 | } |
||
| 342 | $table .= '<tr><th>' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']</th><td>' . htmlspecialchars($val, ENT_QUOTES) . '</td></tr>' . "\n"; |
||
| 343 | $form .= '<input type="hidden" name="' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']" value="' . htmlspecialchars($val, ENT_QUOTES) . '" />' . "\n"; |
||
| 344 | } |
||
| 345 | } |
||
| 346 | |||
| 347 | return array( |
||
| 348 | $table, |
||
| 349 | $form, |
||
| 350 | ); |
||
| 351 | } |
||
| 352 | |||
| 353 | // clear all stubs |
||
| 354 | public function clear() |
||
| 355 | { |
||
| 356 | $_SESSION['XOOPS_G_STUBS'] = array(); |
||
| 357 | } |
||
| 358 | |||
| 359 | // Ticket Using |
||
| 360 | |||
| 361 | /** |
||
| 362 | * @return bool |
||
| 363 | */ |
||
| 364 | public function using() |
||
| 370 | } |
||
| 371 | } |
||
| 372 | |||
| 373 | // return errors |
||
| 374 | |||
| 375 | /** |
||
| 376 | * @param bool $ashtml |
||
| 377 | * |
||
| 378 | * @return array|string |
||
| 379 | */ |
||
| 380 | public function getErrors($ashtml = true) |
||
| 392 | } |
||
| 393 | |||
| 394 | /** |
||
| 395 | * @param $errNo |
||
| 396 | * @param $errStr |
||
| 397 | * @param $errFile |
||
| 398 | * @param $errLine |
||
| 399 | * @return null |
||
| 400 | */ |
||
| 401 | public function errorHandler4FindOutput($errNo, $errStr, $errFile, $errLine) |
||
| 410 | } |
||
| 411 | // end of class |
||
| 412 | } |
||
| 413 | |||
| 414 | // create a instance in global scope |
||
| 415 | $GLOBALS['xoopsGTicket'] = new XoopsGTicket(); |
||
| 416 | } |
||
| 439 |
Loading history...