Issues in auction.php (master) - Issues in master - mambax7/xoops-martin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (663)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/auction.php (3 issues)

Labels

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * $Id: auction.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
 * Module:martin
 * Licence: GNU
 */

if (!defined("XOOPS_ROOT_PATH")) {
    die("XOOPS root path not defined");
}

include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';

/**
 * Class MartinAuction
 */
class MartinAuction extends XoopsObject
{
    public function MartinAuction()
    {
        $this->initVar("auction_id", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("auction_info", XOBJ_DTYPE_TXTAREA, null, false);
        $this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_low_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_add_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_can_use_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_sented_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_status", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_add_time", XOBJ_DTYPE_INT, null, false);
    }

    /**
     * @return mixed
     */
    public function auction_id()
    {
        return $this->getVar("auction_id");
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function auction_name($format = 'S')
    {
        return $this->getVar("auction_name", $format);
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function auction_info($format = 'edit')
    {
        return $this->getVar("auction_info", $format);
    }

    /**
     * @return mixed
     */
    public function check_in_date()
    {
        return $this->getVar("check_in_date");
    }

    /**
     * @return mixed
     */
    public function check_out_date()
    {
        return $this->getVar("check_out_date");
    }

    /**
     * @return mixed
     */
    public function apply_start_date()
    {
        return $this->getVar("apply_start_date");
    }

    /**
     * @return mixed
     */
    public function apply_end_date()
    {
        return $this->getVar("apply_end_date");
    }

    /**
     * @return mixed
     */
    public function auction_price()
    {
        return $this->getVar("auction_price");
    }

    /**
     * @return mixed
     */
    public function auction_low_price()
    {
        return $this->getVar("auction_low_price");
    }

    /**
     * @return mixed
     */
    public function auction_add_price()
    {
        return $this->getVar("auction_add_price");
    }

    /**
     * @return mixed
     */
    public function auction_can_use_coupon()
    {
        return $this->getVar("auction_can_use_coupon");
    }

    /**
     * @return mixed
     */
    public function auction_sented_coupon()
    {
        return $this->getVar("auction_sented_coupon");
    }

    /**
     * @return mixed
     */
    public function auction_status()
    {
        return $this->getVar("auction_status");
    }

    /**
     * @return mixed
     */
    public function auction_add_time()
    {
        return $this->getVar("auction_add_time");
    }
}

/**
 * @method: auctionHandler
 * @license   http://www.blags.org/
 * @created   :2010年05月21日 20时40分
 * @copyright 1997-2010 The Martin auction
 * @author    Martin <[email protected]>
 * */
class MartinAuctionHandler extends XoopsObjectHandler
{
    /**
     * create a new hotel city
     * @param bool $isNew flag the new objects as "new"?
     * @return object auction
     */
    public function &create($isNew = true)
    {
        $auction = new MartinAuction();
        if ($isNew) {
            $auction->setNew();
        }

        return $auction;
    }

    /**
     * retrieve a hotel city
     *
     * @param int $id auctionid of the auction
     * @return mixed reference to the {@link auction} object, FALSE if failed
     */
    public function &get($id)
    {
        if ((int)($id) <= 0) {
            return false;
        }

        $criteria = new CriteriaCompo(new Criteria('auction_id', $id));
        $criteria->setLimit(1);
        $obj_array = $this->getObjects($criteria);
        if (count($obj_array) != 1) {
            $obj =& $this->create();

            return $obj;
        }

        return $obj_array[0];
    }

    /**
     * @get       rows
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param      $sql
     * @param null $key
     * @return array
     */
    public function GetRows($sql, $key = null)
    {
        global $xoopsDB;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            if (is_null($key)) {
                $rows[] = $row;
            } else {
                $rows[$row[$key]] = $row;
            }
        }

        return $rows;
    }

    /**
     * @得到列表
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年05月23日 14时59分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param int    $limit
     * @param int    $start
     * @param string $sort
     * @param string $order
     * @param bool   $id_as_key
     * @return array
     */
    public function &getAuctions($limit = 0, $start = 0, $sort = 'auction_add_time', $order = 'DESC', $id_as_key = true)
    {
        $criteria = new CriteriaCompo();

        $criteria->setSort($sort);
        $criteria->setOrder($order);

        $criteria->setStart($start);
        $criteria->setLimit($limit);

        return $this->getObjects($criteria, $id_as_key);
    }

    /**
     * insert a new auction in the database
     *
     * @param object $auction reference to the {@link auction} object
     * @param bool   $force
     * @return bool FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert(&$auction, $force = false)
    {
        if (strtolower(get_class($auction)) !== 'martinauction') {
            return false;
        }

        if (!$auction->cleanVars()) {
            return false;
        }

        foreach ($auction->cleanVars as $k => $v) {
            ${$k} = $v;
        }

        if ($auction->isNew()) {
            $sql = sprintf("INSERT INTO %s (
                                auction_id,
                                auction_name,
                                auction_info,
                                check_in_date,
                                check_out_date,
                                apply_start_date,
                                apply_end_date,
                                auction_price,
                                auction_low_price,
                                auction_add_price,
                                auction_can_use_coupon,
                                auction_sented_coupon,
                                auction_status,
                                auction_add_time
                            ) VALUES (
                                NULL,
                                %s,%s,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u
                            )", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_add_time);
        } else {
            $sql = sprintf("UPDATE %s SET
                                auction_name = %s,
                                auction_info = %s,
                                check_in_date = %u,
                                check_out_date = %u,
                                apply_start_date = %u,
                                apply_end_date = %u,
                                auction_price = %u,
                                auction_low_price = %u,
                                auction_add_price = %u,
                                auction_can_use_coupon = %u,
                                auction_sented_coupon = %u,
                                auction_status = %u
                            WHERE auction_id = %u", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_id);
        }
        //echo $sql;exit;
        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        return $auction_id > 0 ? $auction_id : $this->db->getInsertId();
    }

    /**
     * @删除一个城市
     * @method:delete(auction_id)
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param object $auction
     * @param bool   $force
     * @return bool|void
     */
    public function delete(&$auction, $force = false)
    {
        if (strtolower(get_class($auction)) !== 'martinauction') {
            return false;
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_auction") . " WHERE auction_id = " . $auction->auction_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_auction_room") . " WHERE auction_id = " . $auction->auction_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * delete hotel cities matching a set of conditions
     *
     * @param object $criteria {@link CriteriaElement}
     * @return bool FALSE if deletion failed
     */
    public function deleteAll($criteria = null)
    {
        $sql = 'DELETE FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$result = $this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * count hotel cities matching a condition
     *
     * @param object $criteria {@link CriteriaElement} to match
     * @return int count of categories
     */
    public function getCount($criteria = null)
    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        list($count) = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * @得到城市
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param null $criteria
     * @param bool $id_as_key
     * @return array
     */
    public function &getObjects($criteria = null, $id_as_key = false)
    {
        $ret   = array();
        $limit = $start = 0;
        $sql   = 'SELECT * FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
            if ($criteria->getSort() != '') {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        $sql .= " order by  apply_start_date DESC , auction_id DESC ";
        //echo "<br />" . $sql . "<br />";
        $result = $this->db->query($sql, $limit, $start);

        if (!$result) {
            return $ret;
        }

        $theObjects = array();

        while ($myrow = $this->db->fetchArray($result)) {
            $auction = new MartinAuction();
            $auction->assignVars($myrow);
            $theObjects[$myrow['auction_id']] =& $auction;
            //var_dump($auction);
            unset($auction);
        }
        //var_dump($theObjects);

        foreach ($theObjects as $theObject) {
            if (!$id_as_key) {
                $ret[] =& $theObject;
            } else {
                $ret[$theObject->auction_id()] =& $theObject;
            }
            unset($theObject);
        }

        return $ret;
    }

    /**
     * @get       room list
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array|bool
     */
    public function getRoomList($auction_id)
    {
        global $xoopsDB;
        if (empty($auction_id)) {
            return false;
        }
        $sql    = "SELECT gr.room_id,gr.room_count,r.room_name FROM " . $xoopsDB->prefix("martin_auction_room") . " gr
            left join " . $xoopsDB->prefix("martin_room") . " r ON r.room_id = gr.room_id
            WHERE auction_id = " . $auction_id;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[] = $row;
        }

        return $rows;
    }

    /**
     * @param $auction_id
     * @param $room_ids
     * @param $room_counts
     * @param $isNew
     * @return bool
     */
    public function InsertAuctionRoom($auction_id, $room_ids, $room_counts, $isNew)
    {
        global $xoopsDB;
        if (!$auction_id || !is_array($room_ids)) {
            // delete data
            $sql = "delete FROM " . $xoopsDB->prefix("martin_auction") . " WHERE auction_id = " . $auction_id;
            if ($auction_id > 0) {
                $xoopsDB->query($sql);
            }

            return false;
        }
        $dsql = 'delete FROM ' . $xoopsDB->prefix("martin_auction_room") . " WHERE auction_id = $auction_id";
        $xoopsDB->query($dsql);

        $sql = "insert INTO " . $xoopsDB->prefix("martin_auction_room") . " (auction_id,room_id,room_count) VALUES ";
        foreach ($room_ids as $key => $room_id) {
            $room_count = $room_counts[$key];
            $sql .= $prefix . "($auction_id,$room_id,$room_count)";
            $prefix = ",";
        }

        //echo $sql;
        return $xoopsDB->query($sql);
    }

    /**
     * @get       room by hotel
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @return array
     */
    public function GetRoomListByHotel($hotel_id)
    {
        global $xoopsDB;
        $sql = "SELECT room_id,room_name FROM " . $xoopsDB->prefix("martin_auction");
        $sql .= $hotel_id > 0 ? " WHERE hotel_id = " . $hotel_id : " ";
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[$row['room_id']] = $row['room_name'];
        }

        return $rows;
    }

    /**
     * @get       top aution list
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int $limit
     * @return array
     */
    public function GetAuctionList($limit = 6)
    {
        global $xoopsDB;
        $sql = 'SELECT * FROM ' . $xoopsDB->prefix('martin_auction') . ' WHERE auction_status = 1 AND apply_end_date > ' . time() . ' order by apply_end_date , auction_id DESC limit ' . $limit;

        return $this->GetRows($sql);
    }

    /**
     * @get       Auction rooms
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array
     */
    public function GetAuctionRooms($auction_id)
    {
        global $xoopsDB;
        if (!$auction_id) {
            return $auction_id;
        }
        $sql = 'SELECT a.*,r.*,rt.room_type_info,h.* FROM ' . $xoopsDB->prefix("martin_auction_room") . ' a ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room') . ' r ON ( r.room_id = a.room_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room_type') . ' rt ON ( r.room_type_id = rt.room_type_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_hotel') . ' h ON ( r.hotel_id = h.hotel_id ) ';
        $sql .= ' WHERE a.auction_id = ' . $auction_id;

        //echo $sql;
        return $this->GetRows($sql);
    }

    /**
     * @add       user auction bid
     * @license   http://www.blags.org/
     * @created   :2010年06月21日 21时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $Data
     * @return
     */
    public function AddUserAuction($Data)
    {
        global $xoopsDB;
        if (!is_array($Data) || empty($Data)) {
            return $Data;
        }
        $sql = 'INSERT INTO ' . $xoopsDB->prefix('martin_auction_bid') . ' (%s) VALUES (%s) ';
        foreach ($Data as $key => $value) {
            $keys .= $prefix . $key;
            $values .= $prefix . $value;
            $prefix = ',';
        }
        $sql = sprintf($sql, $keys, $values);
        //echo $sql;
        $xoopsDB->query($sql);

        return $xoopsDB->getInsertId();
    }

    /**
     * @get       auction bid list
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年06月21日 21时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array|bool
     */
    public function getAuctionBidList($auction_id)
    {
        if (!$auction_id) {
            return false;
        }
        global $xoopsDB;
        $sql = 'SELECT b.*,u.uname FROM ' . $xoopsDB->prefix('martin_auction_bid') . ' b ';
        $sql .= 'INNER JOIN ' . $xoopsDB->prefix('users') . ' u ON (u.uid = b.uid) ';
        $sql .= 'WHERE b.auction_id = ' . $auction_id . ' ';
        $sql .= 'ORDER BY b.bid_price DESC , b.bid_id DESC ';

        return $this->GetRows($sql);
    }
}


1		<?php
2		/**
3		* $Id: auction.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
4		* Module:martin
5		* Licence: GNU
6		*/
7
8		if (!defined("XOOPS_ROOT_PATH")) {
9		die("XOOPS root path not defined");
10		}
11
12		include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';
13
14		/**
15		* Class MartinAuction
16		*/
17		class MartinAuction extends XoopsObject
18		{
19		public function MartinAuction()
20		{
21		$this->initVar("auction_id", XOBJ_DTYPE_INT, null, false);
22		$this->initVar("auction_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
23		$this->initVar("auction_info", XOBJ_DTYPE_TXTAREA, null, false);
24		$this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
25		$this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
26		$this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
27		$this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
28		$this->initVar("auction_price", XOBJ_DTYPE_INT, null, false);
29		$this->initVar("auction_low_price", XOBJ_DTYPE_INT, null, false);
30		$this->initVar("auction_add_price", XOBJ_DTYPE_INT, null, false);
31		$this->initVar("auction_can_use_coupon", XOBJ_DTYPE_INT, null, false);
32		$this->initVar("auction_sented_coupon", XOBJ_DTYPE_INT, null, false);
33		$this->initVar("auction_status", XOBJ_DTYPE_INT, null, false);
34		$this->initVar("auction_add_time", XOBJ_DTYPE_INT, null, false);
35		}
36
37		/**
38		* @return mixed
39		*/
40		public function auction_id()
41		{
42		return $this->getVar("auction_id");
43		}
44
45		/**
46		* @param string $format
47		* @return mixed
48		*/
49		public function auction_name($format = 'S')
50		{
51		return $this->getVar("auction_name", $format);
52		}
53
54		/**
55		* @param string $format
56		* @return mixed
57		*/
58		public function auction_info($format = 'edit')
59		{
60		return $this->getVar("auction_info", $format);
61		}
62
63		/**
64		* @return mixed
65		*/
66		public function check_in_date()
67		{
68		return $this->getVar("check_in_date");
69		}
70
71		/**
72		* @return mixed
73		*/
74		public function check_out_date()
75		{
76		return $this->getVar("check_out_date");
77		}
78
79		/**
80		* @return mixed
81		*/
82		public function apply_start_date()
83		{
84		return $this->getVar("apply_start_date");
85		}
86
87		/**
88		* @return mixed
89		*/
90		public function apply_end_date()
91		{
92		return $this->getVar("apply_end_date");
93		}
94
95		/**
96		* @return mixed
97		*/
98		public function auction_price()
99		{
100		return $this->getVar("auction_price");
101		}
102
103		/**
104		* @return mixed
105		*/
106		public function auction_low_price()
107		{
108		return $this->getVar("auction_low_price");
109		}
110
111		/**
112		* @return mixed
113		*/
114		public function auction_add_price()
115		{
116		return $this->getVar("auction_add_price");
117		}
118
119		/**
120		* @return mixed
121		*/
122		public function auction_can_use_coupon()
123		{
124		return $this->getVar("auction_can_use_coupon");
125		}
126
127		/**
128		* @return mixed
129		*/
130		public function auction_sented_coupon()
131		{
132		return $this->getVar("auction_sented_coupon");
133		}
134
135		/**
136		* @return mixed
137		*/
138		public function auction_status()
139		{
140		return $this->getVar("auction_status");
141		}
142
143		/**
144		* @return mixed
145		*/
146		public function auction_add_time()
147		{
148		return $this->getVar("auction_add_time");
149		}
150		}
151
152		/**
153		* @method: auctionHandler
154		* @license http://www.blags.org/
155		* @created :2010年05月21日 20时40分
156		* @copyright 1997-2010 The Martin auction
157		* @author Martin <[email protected]>
158		* */
159		class MartinAuctionHandler extends XoopsObjectHandler
160		{
161		/**
162		* create a new hotel city
163		* @param bool $isNew flag the new objects as "new"?
164		* @return object auction
165		*/
166		public function &create($isNew = true)
167		{
168		$auction = new MartinAuction();
169		if ($isNew) {
170		$auction->setNew();
171		}
172
173		return $auction;
174		}
175
176		/**
177		* retrieve a hotel city
178		*
179		* @param int $id auctionid of the auction
180		* @return mixed reference to the {@link auction} object, FALSE if failed
181		*/
182	View Code Duplication	public function &get($id)
183		{
184		if ((int)($id) <= 0) {
185		return false;
186		}
187
188		$criteria = new CriteriaCompo(new Criteria('auction_id', $id));
189		$criteria->setLimit(1);
190		$obj_array = $this->getObjects($criteria);
191		if (count($obj_array) != 1) {
192		$obj =& $this->create();
193
194		return $obj;
195		}
196
197		return $obj_array[0];
198		}
199
200		/**
201		* @get rows
202		* @license http://www.blags.org/
203		* @created :2010年06月20日 13时09分
204		* @copyright 1997-2010 The Martin Group
205		* @author Martin <[email protected]>
206		* @param $sql
207		* @param null $key
208		* @return array
209		*/
210	View Code Duplication	public function GetRows($sql, $key = null)
211		{
212		global $xoopsDB;
213		$result = $xoopsDB->query($sql);
214		$rows = array();
215		while ($row = $xoopsDB->fetchArray($result)) {
216		if (is_null($key)) {
217		$rows[] = $row;
218		} else {
219		$rows[$row[$key]] = $row;
220		}
221		}
222
223		return $rows;
224		}
225
226		/**
227		* @得到列表
228		* @method:
229		* @license http://www.blags.org/
230		* @created :2010年05月23日 14时59分
231		* @copyright 1997-2010 The Martin auction
232		* @author Martin <[email protected]>
233		* @param int $limit
234		* @param int $start
235		* @param string $sort
236		* @param string $order
237		* @param bool $id_as_key
238		* @return array
239		*/
240	View Code Duplication	public function &getAuctions($limit = 0, $start = 0, $sort = 'auction_add_time', $order = 'DESC', $id_as_key = true)
241		{
242		$criteria = new CriteriaCompo();
243
244		$criteria->setSort($sort);
245		$criteria->setOrder($order);
246
247		$criteria->setStart($start);
248		$criteria->setLimit($limit);
249
250		return $this->getObjects($criteria, $id_as_key);
251		}
252
253		/**
254		* insert a new auction in the database
255		*
256		* @param object $auction reference to the {@link auction} object
257		* @param bool $force
258		* @return bool FALSE if failed, TRUE if already present and unchanged or successful
259		*/
260		public function insert(&$auction, $force = false)
261		{
262		if (strtolower(get_class($auction)) !== 'martinauction') {
263		return false;
264		}
265
266		if (!$auction->cleanVars()) {
267		return false;
268		}
269
270		foreach ($auction->cleanVars as $k => $v) {
271		${$k} = $v;
272		}
273
274		if ($auction->isNew()) {
275		$sql = sprintf("INSERT INTO %s (
276		auction_id,
277		auction_name,
278		auction_info,
279		check_in_date,
280		check_out_date,
281		apply_start_date,
282		apply_end_date,
283		auction_price,
284		auction_low_price,
285		auction_add_price,
286		auction_can_use_coupon,
287		auction_sented_coupon,
288		auction_status,
289		auction_add_time
290		) VALUES (
291		NULL,
292		%s,%s,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u
293		)", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_add_time);
294		} else {
295		$sql = sprintf("UPDATE %s SET
296		auction_name = %s,
297		auction_info = %s,
298		check_in_date = %u,
299		check_out_date = %u,
300		apply_start_date = %u,
301		apply_end_date = %u,
302		auction_price = %u,
303		auction_low_price = %u,
304		auction_add_price = %u,
305		auction_can_use_coupon = %u,
306		auction_sented_coupon = %u,
307		auction_status = %u
308		WHERE auction_id = %u", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_id);
309		}
310		//echo $sql;exit;
311		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
312		$result = $this->db->queryF($sql);
313		} else {
314		$result = $this->db->query($sql);
315		}
316
317		return $auction_id > 0 ? $auction_id : $this->db->getInsertId();
318		}
319
320		/**
321		* @删除一个城市
322		* @method:delete(auction_id)
323		* @license http://www.blags.org/
324		* @created :2010年05月21日 20时40分
325		* @copyright 1997-2010 The Martin auction
326		* @author Martin <[email protected]>
327		* @param object $auction
328		* @param bool $force
329		* @return bool\|void
330		*/
331	View Code Duplication	public function delete(&$auction, $force = false)
332		{
333		if (strtolower(get_class($auction)) !== 'martinauction') {
334		return false;
335		}
336
337		$sql = "DELETE FROM " . $this->db->prefix("martin_auction") . " WHERE auction_id = " . $auction->auction_id();
338
339		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
340		$result = $this->db->queryF($sql);
341		} else {
342		$result = $this->db->query($sql);
343		}
344
345		$sql = "DELETE FROM " . $this->db->prefix("martin_auction_room") . " WHERE auction_id = " . $auction->auction_id();
346
347		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
348		$result = $this->db->queryF($sql);
349		} else {
350		$result = $this->db->query($sql);
351		}
352
353		if (!$result) {
354		return false;
355		}
356
357		return true;
358		}
359
360		/**
361		* delete hotel cities matching a set of conditions
362		*
363		* @param object $criteria {@link CriteriaElement}
364		* @return bool FALSE if deletion failed
365		*/
366	View Code Duplication	public function deleteAll($criteria = null)
367		{
368		$sql = 'DELETE FROM ' . $this->db->prefix('martin_auction');
369		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
370		$sql .= ' ' . $criteria->renderWhere();
371		}
372		if (!$result = $this->db->query($sql)) {
373		return false;
374		}
375
376		return true;
377		}
378
379		/**
380		* count hotel cities matching a condition
381		*
382		* @param object $criteria {@link CriteriaElement} to match
383		* @return int count of categories
384		*/
385	View Code Duplication	public function getCount($criteria = null)
386		{
387		$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_auction');
388		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
389		$sql .= ' ' . $criteria->renderWhere();
390		}
391		$result = $this->db->query($sql);
392		if (!$result) {
393		return 0;
394		}
395		list($count) = $this->db->fetchRow($result);
396
397		return $count;
398		}
399
400		/**
401		* @得到城市
402		* @license http://www.blags.org/
403		* @created :2010年05月21日 20时40分
404		* @copyright 1997-2010 The Martin auction
405		* @author Martin <[email protected]>
406		* @param null $criteria
407		* @param bool $id_as_key
408		* @return array
409		*/
410	View Code Duplication	public function &getObjects($criteria = null, $id_as_key = false)
411		{
412		$ret = array();
413		$limit = $start = 0;
414		$sql = 'SELECT * FROM ' . $this->db->prefix('martin_auction');
415		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
416		$sql .= ' ' . $criteria->renderWhere();
417		if ($criteria->getSort() != '') {
418		$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
419		}
420		$limit = $criteria->getLimit();
421		$start = $criteria->getStart();
422		}
423		$sql .= " order by apply_start_date DESC , auction_id DESC ";
424		//echo "<br />" . $sql . "<br />";
425		$result = $this->db->query($sql, $limit, $start);
426
427		if (!$result) {
428		return $ret;
429		}
430
431		$theObjects = array();
432
433		while ($myrow = $this->db->fetchArray($result)) {
434		$auction = new MartinAuction();
435		$auction->assignVars($myrow);
436		$theObjects[$myrow['auction_id']] =& $auction;
437		//var_dump($auction);
438		unset($auction);
439		}
440		//var_dump($theObjects);
441
442		foreach ($theObjects as $theObject) {
443		if (!$id_as_key) {
444		$ret[] =& $theObject;
445		} else {
446		$ret[$theObject->auction_id()] =& $theObject;
447		}
448		unset($theObject);
449		}
450
451		return $ret;
452		}
453
454		/**
455		* @get room list
456		* @license http://www.blags.org/
457		* @created :2010年06月03日 20时05分
458		* @copyright 1997-2010 The Martin auction
459		* @author Martin <[email protected]>
460		* @param $auction_id
461		* @return array\|bool
462		*/
463	View Code Duplication	public function getRoomList($auction_id)
464		{
465		global $xoopsDB;
466		if (empty($auction_id)) {
467		return false;
468		}
469		$sql = "SELECT gr.room_id,gr.room_count,r.room_name FROM " . $xoopsDB->prefix("martin_auction_room") . " gr
470		left join " . $xoopsDB->prefix("martin_room") . " r ON r.room_id = gr.room_id
471		WHERE auction_id = " . $auction_id;
472		$result = $xoopsDB->query($sql);
473		$rows = array();
474		while ($row = $xoopsDB->fetchArray($result)) {
475		$rows[] = $row;
476		}
477
478		return $rows;
479		}
480
481		/**
482		* @param $auction_id
483		* @param $room_ids
484		* @param $room_counts
485		* @param $isNew
486		* @return bool
487		*/
488	View Code Duplication	public function InsertAuctionRoom($auction_id, $room_ids, $room_counts, $isNew)
489		{
490		global $xoopsDB;
491		if (!$auction_id \|\| !is_array($room_ids)) {
492		// delete data
493		$sql = "delete FROM " . $xoopsDB->prefix("martin_auction") . " WHERE auction_id = " . $auction_id;
494		if ($auction_id > 0) {
495		$xoopsDB->query($sql);
496		}
497
498		return false;
499		}
500		$dsql = 'delete FROM ' . $xoopsDB->prefix("martin_auction_room") . " WHERE auction_id = $auction_id";
501		$xoopsDB->query($dsql);
502
503		$sql = "insert INTO " . $xoopsDB->prefix("martin_auction_room") . " (auction_id,room_id,room_count) VALUES ";
504		foreach ($room_ids as $key => $room_id) {
505		$room_count = $room_counts[$key];
506		$sql .= $prefix . "($auction_id,$room_id,$room_count)";
507		$prefix = ",";
508		}
509
510		//echo $sql;
511		return $xoopsDB->query($sql);
512		}
513
514		/**
515		* @get room by hotel
516		* @license http://www.blags.org/
517		* @created :2010年06月03日 20时05分
518		* @copyright 1997-2010 The Martin auction
519		* @author Martin <[email protected]>
520		* @param $hotel_id
521		* @return array
522		*/
523	View Code Duplication	public function GetRoomListByHotel($hotel_id)
524		{
525		global $xoopsDB;
526		$sql = "SELECT room_id,room_name FROM " . $xoopsDB->prefix("martin_auction");
527		$sql .= $hotel_id > 0 ? " WHERE hotel_id = " . $hotel_id : " ";
528		$result = $xoopsDB->query($sql);
529		$rows = array();
530		while ($row = $xoopsDB->fetchArray($result)) {
531		$rows[$row['room_id']] = $row['room_name'];
532		}
533
534		return $rows;
535		}
536
537		/**
538		* @get top aution list
539		* @license http://www.blags.org/
540		* @created :2010年06月20日 13时09分
541		* @copyright 1997-2010 The Martin Group
542		* @author Martin <[email protected]>
543		* @param int $limit
544		* @return array
545		*/
546	View Code Duplication	public function GetAuctionList($limit = 6)
547		{
548		global $xoopsDB;
549		$sql = 'SELECT * FROM ' . $xoopsDB->prefix('martin_auction') . ' WHERE auction_status = 1 AND apply_end_date > ' . time() . ' order by apply_end_date , auction_id DESC limit ' . $limit;
550
551		return $this->GetRows($sql);
552		}
553
554		/**
555		* @get Auction rooms
556		* @license http://www.blags.org/
557		* @created :2010年06月20日 13时09分
558		* @copyright 1997-2010 The Martin Group
559		* @author Martin <[email protected]>
560		* @param $auction_id
561		* @return array
562		*/
563	View Code Duplication	public function GetAuctionRooms($auction_id)
564		{
565		global $xoopsDB;
566		if (!$auction_id) {
567		return $auction_id;
568		}
569		$sql = 'SELECT a.,r.,rt.room_type_info,h.* FROM ' . $xoopsDB->prefix("martin_auction_room") . ' a ';
570		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room') . ' r ON ( r.room_id = a.room_id ) ';
571		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room_type') . ' rt ON ( r.room_type_id = rt.room_type_id ) ';
572		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_hotel') . ' h ON ( r.hotel_id = h.hotel_id ) ';
573		$sql .= ' WHERE a.auction_id = ' . $auction_id;
574
575		//echo $sql;
576		return $this->GetRows($sql);
577		}
578
579		/**
580		* @add user auction bid
581		* @license http://www.blags.org/
582		* @created :2010年06月21日 21时40分
583		* @copyright 1997-2010 The Martin Group
584		* @author Martin <[email protected]>
585		* @param $Data
586		* @return
587		*/
588	View Code Duplication	public function AddUserAuction($Data)
589		{
590		global $xoopsDB;
591		if (!is_array($Data) \|\| empty($Data)) {
592		return $Data;
593		}
594		$sql = 'INSERT INTO ' . $xoopsDB->prefix('martin_auction_bid') . ' (%s) VALUES (%s) ';
595		foreach ($Data as $key => $value) {
596		$keys .= $prefix . $key;
597		$values .= $prefix . $value;
598		$prefix = ',';
599		}
600		$sql = sprintf($sql, $keys, $values);
601		//echo $sql;
602		$xoopsDB->query($sql);
603
604		return $xoopsDB->getInsertId();
605		}
606
607		/**
608		* @get auction bid list
609		* @method:
610		* @license http://www.blags.org/
611		* @created :2010年06月21日 21时40分
612		* @copyright 1997-2010 The Martin Group
613		* @author Martin <[email protected]>
614		* @param $auction_id
615		* @return array\|bool
616		*/
617	View Code Duplication	public function getAuctionBidList($auction_id)
618		{
619		if (!$auction_id) {
620		return false;
621		}
622		global $xoopsDB;
623		$sql = 'SELECT b.*,u.uname FROM ' . $xoopsDB->prefix('martin_auction_bid') . ' b ';
624		$sql .= 'INNER JOIN ' . $xoopsDB->prefix('users') . ' u ON (u.uid = b.uid) ';
625		$sql .= 'WHERE b.auction_id = ' . $auction_id . ' ';
626		$sql .= 'ORDER BY b.bid_price DESC , b.bid_id DESC ';
627
628		return $this->GetRows($sql);
629		}
630		}
631

mambax7 / xoops-martin

Issues (663)

Security Analysis not enabled

class/auction.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like