Issues in rate-user.php - All Issues - Inspection of "replace submitter with usid" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( cdf389...4c85d7 )

by Michael

created 2023-04-16 06:32 UTC

rate-user.php (1 issue)

Severity

Unknown 1

<?php declare(strict_types=1);

/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    XOOPS Project (https://xoops.org)
 * @license      GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @author       XOOPS Development Team
 * @author       Pascal Le Boustouller: original author ([email protected])
 * @author       Luc Bizet (www.frxoops.org)
 * @author       jlm69 (www.jlmzone.com)
 * @author       mamba (www.xoops.org)
 */

use Xmf\Request;
use XoopsModules\Adslight\{
    Utility
};

/** @var Helper $helper */
require_once __DIR__ . '/header.php';

global $xoopsModule, $xoopsDB, $xoopsConfig, $xoTheme;

//require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
$moduleDirName = \basename(__DIR__);
$myts          = \MyTextSanitizer::getInstance(); // MyTextSanitizer object

if (!empty($_POST['submit'])) {
    //    $erh         = new ErrorHandler; //ErrorHandler object
    $ratinguser = $GLOBALS['xoopsUser'] instanceof \XoopsUser ? $GLOBALS['xoopsUser']->getVar('uid') : 0;
    //Make sure only 1 anonymous from an IP in a single day.
    $anonwaitdays = 1;
    $ip           = getenv('REMOTE_ADDR');
    $usid         = Request::getInt('usid', 0, 'POST');
    $rating       = Request::getInt('rating', 0, 'POST');

    // Check if Rating is Null
    if ('--' === $rating) {

        $helper->redirect('rate-user.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_NORATING'));
    }

    // Check if Link POSTER is voting (UNLESS Anonymous users allowed to post)
    if (0 !== (int)$ratinguser) {
        $sql    = 'SELECT submitter FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE usid=' . $xoopsDB->escape($usid);
        $result = $xoopsDB->query($sql);
        while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
            if ($ratinguserDB === $ratinguser) {
                $helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_CANTVOTEOWN'));
            }
        }

        // Check if REG user is trying to vote twice.
        $sql    = 'SELECT ratinguser FROM ' . $xoopsDB->prefix('adslight_user_votedata') . ' WHERE usid=' . $xoopsDB->escape($usid);
        $result = $xoopsDB->query($sql);
        if (!$xoopsDB->isResultSet($result)) {
            \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
        }
        while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
            if ($ratinguserDB === $ratinguser) {
                $helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_VOTEONCE2'));
            }
        }
    } else {
        // Check if ANONYMOUS user is trying to vote more than once per day.
        $yesterday = time() - (86400 * $anonwaitdays);
        $sql       = 'SELECT count(*) FROM ' . $xoopsDB->prefix('adslight_user_votedata') . ' WHERE usid=' . $xoopsDB->escape($usid) . " AND ratinguser=0 AND ratinghostname = '{$ip}' AND date_created > {$yesterday}";
        $result = $xoopsDB->query($sql);
        if (!$xoopsDB->isResultSet($result)) {
            \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
        }
        [$anonvotecount] = $xoopsDB->fetchRow($result);
        if ($anonvotecount > 0) {
            $helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_VOTEONCE2'));
        }
    }
    $rating = $rating > 10 ? 10 : $rating;
    //All is well.  Add to Line Item Rate to DB.
    $newid    = $xoopsDB->genId($xoopsDB->prefix('adslight_user_votedata') . '_ratingid_seq');
    $datetime = time();
    $sql      = sprintf("INSERT INTO `%s` (ratingid, usid, ratinguser, rating, ratinghostname, date_created) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('adslight_user_votedata'), $newid, $usid, $ratinguser, $rating, $ip, $datetime);
    // $xoopsDB->query($sql) || $eh->show('0013'); //            '0013' => 'Could not query the database.', // <br>Error: ' . $GLOBALS['xoopsDB']->error() . '',
    $success = $xoopsDB->query($sql);
    if (!$success) {
        /** @var \XoopsModuleHandler $moduleHandler */
        $moduleHandler = xoops_getHandler('module');
        /** @var \XoopsModule $myModule */
        $myModule = $moduleHandler->getByDirname('adslight');
        $myModule->setErrors('Could not query the database.');
    }

    //All is well.  Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
    //    updateUrating($usid);
    Utility::updateUserRating($usid);
    $ratemessage = constant('_ADSLIGHT_VOTEAPPRE') . '<br>' . sprintf(constant('_ADSLIGHT_THANKURATEUSER'), $xoopsConfig['sitename']);
    $helper->redirect('members.php?usid=' . addslashes($usid), 3, $ratemessage);
} else {
    $GLOBALS['xoopsOption']['template_main'] = 'adslight_rate_user.tpl';
    require_once XOOPS_ROOT_PATH . '/header.php';
    $usid   = Request::getInt('usid', 0, 'GET');
    $sql    = 'SELECT title, usid, submitter FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE usid=' . $xoopsDB->escape($usid);
    $result = $xoopsDB->query($sql);
    if (!$xoopsDB->isResultSet($result)) {
        \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
    }
    [$title, $usid, $submitter] = $xoopsDB->fetchRow($result);
    $GLOBALS['xoopsTpl']->assign('link', [
        'usid'      => $usid,
        'title'     => \htmlspecialchars($title, ENT_QUOTES | ENT_HTML5),
        'submitter' => $submitter,
    ]);
    $GLOBALS['xoopsTpl']->assign('lang_voteonce', constant('_ADSLIGHT_VOTEONCE'));
    $GLOBALS['xoopsTpl']->assign('lang_ratingscale', constant('_ADSLIGHT_RATINGSCALE'));
    $GLOBALS['xoopsTpl']->assign('lang_beobjective', constant('_ADSLIGHT_BEOBJECTIVE'));
    $GLOBALS['xoopsTpl']->assign('lang_donotvote', constant('_ADSLIGHT_DONOTVOTE'));
    $GLOBALS['xoopsTpl']->assign('lang_rateit', constant('_ADSLIGHT_RATEIT'));
    $GLOBALS['xoopsTpl']->assign('lang_cancel', _CANCEL);
    $GLOBALS['xoopsTpl']->assign('mydirname', $moduleDirName);
    require_once XOOPS_ROOT_PATH . '/footer.php';
}


1			<?php declare(strict_types=1);
2
3			/*
4			* You may not change or alter any portion of this comment or credits
5			* of supporting developers from this source code or any supporting source code
6			* which is considered copyrighted (c) material of the original comment or credit authors.
7			*
8			* This program is distributed in the hope that it will be useful,
9			* but WITHOUT ANY WARRANTY; without even the implied warranty of
10			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11			*/
12
13			/**
14			* @copyright XOOPS Project (https://xoops.org)
15			* @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
16			* @author XOOPS Development Team
17			* @author Pascal Le Boustouller: original author ([email protected])
18			* @author Luc Bizet (www.frxoops.org)
19			* @author jlm69 (www.jlmzone.com)
20			* @author mamba (www.xoops.org)
21			*/
22
23			use Xmf\Request;
24			use XoopsModules\Adslight\{
25			Utility
26			};
27
28			/** @var Helper $helper */
29			require_once __DIR__ . '/header.php';
30
31			global $xoopsModule, $xoopsDB, $xoopsConfig, $xoTheme;
32
33			//require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
34			$moduleDirName = \basename(__DIR__);
35			$myts = \MyTextSanitizer::getInstance(); // MyTextSanitizer object
36
37			if (!empty($_POST['submit'])) {
38			// $erh = new ErrorHandler; //ErrorHandler object
39			$ratinguser = $GLOBALS['xoopsUser'] instanceof \XoopsUser ? $GLOBALS['xoopsUser']->getVar('uid') : 0;
40			//Make sure only 1 anonymous from an IP in a single day.
41			$anonwaitdays = 1;
42			$ip = getenv('REMOTE_ADDR');
43			$usid = Request::getInt('usid', 0, 'POST');
44			$rating = Request::getInt('rating', 0, 'POST');
45
46			// Check if Rating is Null
47			if ('--' === $rating) {
			0 ignored issues – show introduced 2021-08-14 04:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `'--' === $rating` is always `false`. Loading history...
48			$helper->redirect('rate-user.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_NORATING'));
49			}
50
51			// Check if Link POSTER is voting (UNLESS Anonymous users allowed to post)
52			if (0 !== (int)$ratinguser) {
53			$sql = 'SELECT submitter FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE usid=' . $xoopsDB->escape($usid);
54			$result = $xoopsDB->query($sql);
55			while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
56			if ($ratinguserDB === $ratinguser) {
57			$helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_CANTVOTEOWN'));
58			}
59			}
60
61			// Check if REG user is trying to vote twice.
62			$sql = 'SELECT ratinguser FROM ' . $xoopsDB->prefix('adslight_user_votedata') . ' WHERE usid=' . $xoopsDB->escape($usid);
63			$result = $xoopsDB->query($sql);
64			if (!$xoopsDB->isResultSet($result)) {
65			\trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
66			}
67			while ([$ratinguserDB] = $xoopsDB->fetchRow($result)) {
68			if ($ratinguserDB === $ratinguser) {
69			$helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_VOTEONCE2'));
70			}
71			}
72			} else {
73			// Check if ANONYMOUS user is trying to vote more than once per day.
74			$yesterday = time() - (86400 * $anonwaitdays);
75			$sql = 'SELECT count(*) FROM ' . $xoopsDB->prefix('adslight_user_votedata') . ' WHERE usid=' . $xoopsDB->escape($usid) . " AND ratinguser=0 AND ratinghostname = '{$ip}' AND date_created > {$yesterday}";
76			$result = $xoopsDB->query($sql);
77			if (!$xoopsDB->isResultSet($result)) {
78			\trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
79			}
80			[$anonvotecount] = $xoopsDB->fetchRow($result);
81			if ($anonvotecount > 0) {
82			$helper->redirect('members.php?usid=' . addslashes($usid), 4, constant('_ADSLIGHT_VOTEONCE2'));
83			}
84			}
85			$rating = $rating > 10 ? 10 : $rating;
86			//All is well. Add to Line Item Rate to DB.
87			$newid = $xoopsDB->genId($xoopsDB->prefix('adslight_user_votedata') . '_ratingid_seq');
88			$datetime = time();
89			$sql = sprintf("INSERT INTO `%s` (ratingid, usid, ratinguser, rating, ratinghostname, date_created) VALUES (%u, %u, %u, %u, '%s', %u)", $xoopsDB->prefix('adslight_user_votedata'), $newid, $usid, $ratinguser, $rating, $ip, $datetime);
90			// $xoopsDB->query($sql) \|\| $eh->show('0013'); // '0013' => 'Could not query the database.', // <br>Error: ' . $GLOBALS['xoopsDB']->error() . '',
91			$success = $xoopsDB->query($sql);
92			if (!$success) {
93			/** @var \XoopsModuleHandler $moduleHandler */
94			$moduleHandler = xoops_getHandler('module');
95			/** @var \XoopsModule $myModule */
96			$myModule = $moduleHandler->getByDirname('adslight');
97			$myModule->setErrors('Could not query the database.');
98			}
99
100			//All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
101			// updateUrating($usid);
102			Utility::updateUserRating($usid);
103			$ratemessage = constant('_ADSLIGHT_VOTEAPPRE') . '<br>' . sprintf(constant('_ADSLIGHT_THANKURATEUSER'), $xoopsConfig['sitename']);
104			$helper->redirect('members.php?usid=' . addslashes($usid), 3, $ratemessage);
105			} else {
106			$GLOBALS['xoopsOption']['template_main'] = 'adslight_rate_user.tpl';
107			require_once XOOPS_ROOT_PATH . '/header.php';
108			$usid = Request::getInt('usid', 0, 'GET');
109			$sql = 'SELECT title, usid, submitter FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE usid=' . $xoopsDB->escape($usid);
110			$result = $xoopsDB->query($sql);
111			if (!$xoopsDB->isResultSet($result)) {
112			\trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
113			}
114			[$title, $usid, $submitter] = $xoopsDB->fetchRow($result);
115			$GLOBALS['xoopsTpl']->assign('link', [
116			'usid' => $usid,
117			'title' => \htmlspecialchars($title, ENT_QUOTES \| ENT_HTML5),
118			'submitter' => $submitter,
119			]);
120			$GLOBALS['xoopsTpl']->assign('lang_voteonce', constant('_ADSLIGHT_VOTEONCE'));
121			$GLOBALS['xoopsTpl']->assign('lang_ratingscale', constant('_ADSLIGHT_RATINGSCALE'));
122			$GLOBALS['xoopsTpl']->assign('lang_beobjective', constant('_ADSLIGHT_BEOBJECTIVE'));
123			$GLOBALS['xoopsTpl']->assign('lang_donotvote', constant('_ADSLIGHT_DONOTVOTE'));
124			$GLOBALS['xoopsTpl']->assign('lang_rateit', constant('_ADSLIGHT_RATEIT'));
125			$GLOBALS['xoopsTpl']->assign('lang_cancel', _CANCEL);
126			$GLOBALS['xoopsTpl']->assign('mydirname', $moduleDirName);
127			require_once XOOPS_ROOT_PATH . '/footer.php';
128			}
129

mambax7 / adslight

Push — master ( cdf389...4c85d7 )

rate-user.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like