Issues in group.php (master) - Issues in master - mambax7/xoops-martin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (663)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/group.php (3 issues)

Labels

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * $Id: group.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
 * Module:martin
 * Licence: GNU
 */

if (!defined("XOOPS_ROOT_PATH")) {
    die("XOOPS root path not defined");
}

include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';

/**
 * Class MartinGroup
 */
class MartinGroup extends XoopsObject
{
    public function MartinGroup()
    {
        $this->initVar("group_id", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("group_info", XOBJ_DTYPE_TXTAREA, null, false);
        $this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_can_use_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_sented_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_status", XOBJ_DTYPE_INT, null, false);
        $this->initVar("group_add_time", XOBJ_DTYPE_INT, null, false);
    }

    /**
     * @return mixed
     */
    public function group_id()
    {
        return $this->getVar("group_id");
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function group_name($format = 'S')
    {
        return $this->getVar("group_name", $format);
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function group_info($format = 'edit')
    {
        return $this->getVar("group_info", $format);
    }

    /**
     * @return mixed
     */
    public function check_in_date()
    {
        return $this->getVar("check_in_date");
    }

    /**
     * @return mixed
     */
    public function check_out_date()
    {
        return $this->getVar("check_out_date");
    }

    /**
     * @return mixed
     */
    public function apply_start_date()
    {
        return $this->getVar("apply_start_date");
    }

    /**
     * @return mixed
     */
    public function apply_end_date()
    {
        return $this->getVar("apply_end_date");
    }

    /**
     * @return mixed
     */
    public function group_price()
    {
        return $this->getVar("group_price");
    }

    /**
     * @return mixed
     */
    public function group_can_use_coupon()
    {
        return $this->getVar("group_can_use_coupon");
    }

    /**
     * @return mixed
     */
    public function group_sented_coupon()
    {
        return $this->getVar("group_sented_coupon");
    }

    /**
     * @return mixed
     */
    public function group_status()
    {
        return $this->getVar("group_status");
    }

    /**
     * @return mixed
     */
    public function group_add_time()
    {
        return $this->getVar("group_add_time");
    }
}

/**
 * @method: groupHandler
 * @license   http://www.blags.org/
 * @created   :2010年05月21日 20时40分
 * @copyright 1997-2010 The Martin Group
 * @author    Martin <[email protected]>
 * */
class MartinGroupHandler extends XoopsObjectHandler
{
    /**
     * create a new hotel city
     * @param bool $isNew flag the new objects as "new"?
     * @return object group
     */
    public function &create($isNew = true)
    {
        $group = new MartinGroup();
        if ($isNew) {
            $group->setNew();
        }

        return $group;
    }

    /**
     * retrieve a hotel city
     *
     * @param int $id groupid of the group
     * @return mixed reference to the {@link group} object, FALSE if failed
     */
    public function &get($id)
    {
        if ((int)($id) <= 0) {
            return false;
        }

        $criteria = new CriteriaCompo(new Criteria('group_id', $id));
        $criteria->setLimit(1);
        $obj_array = $this->getObjects($criteria);
        if (count($obj_array) != 1) {
            $obj =& $this->create();

            return $obj;
        }

        return $obj_array[0];
    }

    /**
     * @get       rows
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param      $sql
     * @param null $key
     * @return array
     */
    public function GetRows($sql, $key = null)
    {
        global $xoopsDB;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            if (is_null($key)) {
                $rows[] = $row;
            } else {
                $rows[$row[$key]] = $row;
            }
        }

        return $rows;
    }

    /**
     * @得到列表
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年05月23日 14时59分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int    $limit
     * @param int    $start
     * @param string $sort
     * @param string $order
     * @param bool   $id_as_key
     * @return array
     */
    public function &getGroups($limit = 0, $start = 0, $sort = 'group_add_time', $order = 'DESC', $id_as_key = true)
    {
        $criteria = new CriteriaCompo();

        $criteria->setSort($sort);
        $criteria->setOrder($order);

        $criteria->setStart($start);
        $criteria->setLimit($limit);

        return $this->getObjects($criteria, $id_as_key);
    }

    /**
     * insert a new group in the database
     *
     * @param object $group reference to the {@link group} object
     * @param bool   $force
     * @return bool FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert(&$group, $force = false)
    {
        if (strtolower(get_class($group)) !== 'martingroup') {
            return false;
        }

        if (!$group->cleanVars()) {
            return false;
        }

        foreach ($group->cleanVars as $k => $v) {
            ${$k} = $v;
        }

        if ($group->isNew()) {
            $sql = sprintf("INSERT INTO %s (
                                group_id,
                                group_name,
                                group_info,
                                check_in_date,
                                check_out_date,
                                apply_start_date,
                                apply_end_date,
                                group_price,
                                group_can_use_coupon,
                                group_sented_coupon,
                                group_status,
                                group_add_time
                            ) VALUES (
                                NULL,
                                %s,%s,%u,%u,%u,%u,%u,%u,%u,%u,%u
                            )", $this->db->prefix('martin_group'), $this->db->quoteString($group_name), $this->db->quoteString($group_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $group_price, $group_can_use_coupon, $group_sented_coupon, $group_status, $group_add_time);
        } else {
            $sql = sprintf("UPDATE %s SET
                                group_name = %s,
                                group_info = %s,
                                check_in_date = %u,
                                check_out_date = %u,
                                apply_start_date = %u,
                                apply_end_date = %u,
                                group_price = %u,
                                group_can_use_coupon = %u,
                                group_sented_coupon = %u,
                                group_status = %u
                            WHERE group_id = %u", $this->db->prefix('martin_group'), $this->db->quoteString($group_name), $this->db->quoteString($group_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $group_price, $group_can_use_coupon, $group_sented_coupon, $group_status, $group_id);
        }
        //echo $sql;exit;
        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        return $group_id > 0 ? $group_id : $this->db->getInsertId();
    }

    /**
     * @删除一个城市
     * @method:delete(group_id)
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param object $group
     * @param bool   $force
     * @return bool|void
     */
    public function delete(&$group, $force = false)
    {
        if (strtolower(get_class($group)) !== 'martingroup') {
            return false;
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_group") . " WHERE group_id = " . $group->group_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_group_room") . " WHERE group_id = " . $group->group_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * delete hotel cities matching a set of conditions
     *
     * @param object $criteria {@link CriteriaElement}
     * @return bool FALSE if deletion failed
     */
    public function deleteAll($criteria = null)
    {
        $sql = 'DELETE FROM ' . $this->db->prefix('martin_group');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$result = $this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * count hotel cities matching a condition
     *
     * @param object $criteria {@link CriteriaElement} to match
     * @return int count of categories
     */
    public function getCount($criteria = null)
    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_group');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        list($count) = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * @得到城市
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param null $criteria
     * @param bool $id_as_key
     * @return array
     */
    public function &getObjects($criteria = null, $id_as_key = false)
    {
        $ret   = array();
        $limit = $start = 0;
        $sql   = 'SELECT * FROM ' . $this->db->prefix('martin_group');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
            if ($criteria->getSort() != '') {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        $sql .= " order by  apply_start_date DESC , group_id DESC ";
        //echo "<br />" . $sql . "<br />";
        $result = $this->db->query($sql, $limit, $start);

        if (!$result) {
            return $ret;
        }

        $theObjects = array();

        while ($myrow = $this->db->fetchArray($result)) {
            $group = new MartinGroup();
            $group->assignVars($myrow);
            $theObjects[$myrow['group_id']] =& $group;
            //var_dump($group);
            unset($group);
        }
        //var_dump($theObjects);

        foreach ($theObjects as $theObject) {
            if (!$id_as_key) {
                $ret[] =& $theObject;
            } else {
                $ret[$theObject->group_id()] =& $theObject;
            }
            unset($theObject);
        }

        return $ret;
    }

    /**
     * @get       room list
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $group_id
     * @return array|bool
     */
    public function getRoomList($group_id)
    {
        global $xoopsDB;
        if (empty($group_id)) {
            return false;
        }
        $sql    = "SELECT gr.room_id,gr.room_count,r.room_name FROM " . $xoopsDB->prefix("martin_group_room") . " gr
            left join " . $xoopsDB->prefix("martin_room") . " r ON r.room_id = gr.room_id
            WHERE group_id = " . $group_id;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[] = $row;
        }

        return $rows;
    }

    /**
     * @param $group_id
     * @param $room_ids
     * @param $room_counts
     * @param $isNew
     * @return bool
     */
    public function InsertGroupRoom($group_id, $room_ids, $room_counts, $isNew)
    {
        global $xoopsDB;
        if (!$group_id || !is_array($room_ids)) {
            // delete data
            $sql = "delete FROM " . $xoopsDB->prefix("martin_group") . " WHERE group_id = " . $group_id;
            if ($group_id > 0) {
                $xoopsDB->query($sql);
            }

            return false;
        }
        $dsql = 'delete FROM ' . $xoopsDB->prefix("martin_group_room") . " WHERE group_id = $group_id";
        $xoopsDB->query($dsql);

        $sql = "insert INTO " . $xoopsDB->prefix("martin_group_room") . " (group_id,room_id,room_count) VALUES ";
        foreach ($room_ids as $key => $room_id) {
            $room_count = $room_counts[$key];
            $sql .= $prefix . "($group_id,$room_id,$room_count)";
            $prefix = ",";
        }

        //echo $sql;
        return $xoopsDB->query($sql);
    }

    /**
     * @get       room by hotel
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @return array
     */
    public function GetRoomListByHotel($hotel_id)
    {
        global $xoopsDB;
        $sql = "SELECT room_id,room_name FROM " . $xoopsDB->prefix("martin_room");
        $sql .= $hotel_id > 0 ? " WHERE hotel_id = " . $hotel_id : " ";
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[$row['room_id']] = $row['room_name'];
        }

        return $rows;
    }

    /**
     * @get       top group list
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int $limit
     * @return array
     */
    public function GetGroupList($limit = 6)
    {
        global $xoopsDB;
        $sql = 'SELECT * FROM ' . $xoopsDB->prefix('martin_group') . ' WHERE group_status = 1 AND apply_end_date > ' . time() . ' order by apply_end_date , group_id DESC limit ' . $limit;

        return $this->GetRows($sql);
    }

    /**
     * @get       Group rooms
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $group_id
     * @return array
     */
    public function GetGroupRooms($group_id)
    {
        global $xoopsDB;
        if (!$group_id) {
            return $group_id;
        }
        $sql = 'SELECT gr.*,r.*,rt.room_type_info,h.* FROM ' . $xoopsDB->prefix("martin_group_room") . ' gr ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room') . ' r ON ( r.room_id = gr.room_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room_type') . ' rt ON ( r.room_type_id = rt.room_type_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_hotel') . ' h ON ( r.hotel_id = h.hotel_id ) ';
        $sql .= ' WHERE gr.group_id = ' . $group_id;

        //echo $sql;
        return $this->GetRows($sql);
    }

    /**
     * @add       user join group
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年06月22日 20时19分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $Data
     * @return
     */
    public function AddUserGroup($Data)
    {
        global $xoopsDB;
        if (!is_array($Data) || empty($Data)) {
            return $Data;
        }
        $sql = 'INSERT INTO ' . $xoopsDB->prefix('martin_group_join') . ' (%s) VALUES (%s) ';
        foreach ($Data as $key => $value) {
            $keys .= $prefix . $key;
            $values .= $prefix . $value;
            $prefix = ',';
        }
        $sql = sprintf($sql, $keys, $values);
        //echo $sql;
        $xoopsDB->query($sql);

        return $xoopsDB->getInsertId();
    }

    /**
     * @get       group join list
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年06月22日 20时19分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $group_id
     * @return array|bool
     */
    public function getGroupJoinList($group_id)
    {
        if (!$group_id) {
            return false;
        }
        global $xoopsDB;
        $sql = 'SELECT j.*,u.uname FROM ' . $xoopsDB->prefix('martin_group_join') . ' j ';
        $sql .= 'INNER JOIN ' . $xoopsDB->prefix('users') . ' u ON (u.uid = j.uid) ';
        $sql .= 'WHERE j.group_id = ' . $group_id . ' ';
        $sql .= 'ORDER BY j.join_id DESC ';

        return $this->GetRows($sql);
    }

    /**
     * @check     group join exist
     * @license   http://www.blags.org/
     * @created   :2010年06月22日 20时19分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $Data
     * @return bool
     */
    public function CheckJoinExist($Data)
    {
        global $xoopsDB;
        $sql  = ' SELECT * FROM ' . $xoopsDB->prefix('martin_group_join') . " WHERE uid = {$Data['uid']}
            AND group_id = {$Data['group_id']} ";
        $rows = $this->GetRows($sql);

        return is_array($rows) && !empty($rows);
    }
}


1		<?php
2		/**
3		* $Id: group.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
4		* Module:martin
5		* Licence: GNU
6		*/
7
8		if (!defined("XOOPS_ROOT_PATH")) {
9		die("XOOPS root path not defined");
10		}
11
12		include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';
13
14		/**
15		* Class MartinGroup
16		*/
17		class MartinGroup extends XoopsObject
18		{
19		public function MartinGroup()
20		{
21		$this->initVar("group_id", XOBJ_DTYPE_INT, null, false);
22		$this->initVar("group_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
23		$this->initVar("group_info", XOBJ_DTYPE_TXTAREA, null, false);
24		$this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
25		$this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
26		$this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
27		$this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
28		$this->initVar("group_price", XOBJ_DTYPE_INT, null, false);
29		$this->initVar("group_can_use_coupon", XOBJ_DTYPE_INT, null, false);
30		$this->initVar("group_sented_coupon", XOBJ_DTYPE_INT, null, false);
31		$this->initVar("group_status", XOBJ_DTYPE_INT, null, false);
32		$this->initVar("group_add_time", XOBJ_DTYPE_INT, null, false);
33		}
34
35		/**
36		* @return mixed
37		*/
38		public function group_id()
39		{
40		return $this->getVar("group_id");
41		}
42
43		/**
44		* @param string $format
45		* @return mixed
46		*/
47		public function group_name($format = 'S')
48		{
49		return $this->getVar("group_name", $format);
50		}
51
52		/**
53		* @param string $format
54		* @return mixed
55		*/
56		public function group_info($format = 'edit')
57		{
58		return $this->getVar("group_info", $format);
59		}
60
61		/**
62		* @return mixed
63		*/
64		public function check_in_date()
65		{
66		return $this->getVar("check_in_date");
67		}
68
69		/**
70		* @return mixed
71		*/
72		public function check_out_date()
73		{
74		return $this->getVar("check_out_date");
75		}
76
77		/**
78		* @return mixed
79		*/
80		public function apply_start_date()
81		{
82		return $this->getVar("apply_start_date");
83		}
84
85		/**
86		* @return mixed
87		*/
88		public function apply_end_date()
89		{
90		return $this->getVar("apply_end_date");
91		}
92
93		/**
94		* @return mixed
95		*/
96		public function group_price()
97		{
98		return $this->getVar("group_price");
99		}
100
101		/**
102		* @return mixed
103		*/
104		public function group_can_use_coupon()
105		{
106		return $this->getVar("group_can_use_coupon");
107		}
108
109		/**
110		* @return mixed
111		*/
112		public function group_sented_coupon()
113		{
114		return $this->getVar("group_sented_coupon");
115		}
116
117		/**
118		* @return mixed
119		*/
120		public function group_status()
121		{
122		return $this->getVar("group_status");
123		}
124
125		/**
126		* @return mixed
127		*/
128		public function group_add_time()
129		{
130		return $this->getVar("group_add_time");
131		}
132		}
133
134		/**
135		* @method: groupHandler
136		* @license http://www.blags.org/
137		* @created :2010年05月21日 20时40分
138		* @copyright 1997-2010 The Martin Group
139		* @author Martin <[email protected]>
140		* */
141		class MartinGroupHandler extends XoopsObjectHandler
142		{
143		/**
144		* create a new hotel city
145		* @param bool $isNew flag the new objects as "new"?
146		* @return object group
147		*/
148		public function &create($isNew = true)
149		{
150		$group = new MartinGroup();
151		if ($isNew) {
152		$group->setNew();
153		}
154
155		return $group;
156		}
157
158		/**
159		* retrieve a hotel city
160		*
161		* @param int $id groupid of the group
162		* @return mixed reference to the {@link group} object, FALSE if failed
163		*/
164	View Code Duplication	public function &get($id)
165		{
166		if ((int)($id) <= 0) {
167		return false;
168		}
169
170		$criteria = new CriteriaCompo(new Criteria('group_id', $id));
171		$criteria->setLimit(1);
172		$obj_array = $this->getObjects($criteria);
173		if (count($obj_array) != 1) {
174		$obj =& $this->create();
175
176		return $obj;
177		}
178
179		return $obj_array[0];
180		}
181
182		/**
183		* @get rows
184		* @license http://www.blags.org/
185		* @created :2010年06月20日 13时09分
186		* @copyright 1997-2010 The Martin Group
187		* @author Martin <[email protected]>
188		* @param $sql
189		* @param null $key
190		* @return array
191		*/
192	View Code Duplication	public function GetRows($sql, $key = null)
193		{
194		global $xoopsDB;
195		$result = $xoopsDB->query($sql);
196		$rows = array();
197		while ($row = $xoopsDB->fetchArray($result)) {
198		if (is_null($key)) {
199		$rows[] = $row;
200		} else {
201		$rows[$row[$key]] = $row;
202		}
203		}
204
205		return $rows;
206		}
207
208		/**
209		* @得到列表
210		* @method:
211		* @license http://www.blags.org/
212		* @created :2010年05月23日 14时59分
213		* @copyright 1997-2010 The Martin Group
214		* @author Martin <[email protected]>
215		* @param int $limit
216		* @param int $start
217		* @param string $sort
218		* @param string $order
219		* @param bool $id_as_key
220		* @return array
221		*/
222	View Code Duplication	public function &getGroups($limit = 0, $start = 0, $sort = 'group_add_time', $order = 'DESC', $id_as_key = true)
223		{
224		$criteria = new CriteriaCompo();
225
226		$criteria->setSort($sort);
227		$criteria->setOrder($order);
228
229		$criteria->setStart($start);
230		$criteria->setLimit($limit);
231
232		return $this->getObjects($criteria, $id_as_key);
233		}
234
235		/**
236		* insert a new group in the database
237		*
238		* @param object $group reference to the {@link group} object
239		* @param bool $force
240		* @return bool FALSE if failed, TRUE if already present and unchanged or successful
241		*/
242		public function insert(&$group, $force = false)
243		{
244		if (strtolower(get_class($group)) !== 'martingroup') {
245		return false;
246		}
247
248		if (!$group->cleanVars()) {
249		return false;
250		}
251
252		foreach ($group->cleanVars as $k => $v) {
253		${$k} = $v;
254		}
255
256		if ($group->isNew()) {
257		$sql = sprintf("INSERT INTO %s (
258		group_id,
259		group_name,
260		group_info,
261		check_in_date,
262		check_out_date,
263		apply_start_date,
264		apply_end_date,
265		group_price,
266		group_can_use_coupon,
267		group_sented_coupon,
268		group_status,
269		group_add_time
270		) VALUES (
271		NULL,
272		%s,%s,%u,%u,%u,%u,%u,%u,%u,%u,%u
273		)", $this->db->prefix('martin_group'), $this->db->quoteString($group_name), $this->db->quoteString($group_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $group_price, $group_can_use_coupon, $group_sented_coupon, $group_status, $group_add_time);
274		} else {
275		$sql = sprintf("UPDATE %s SET
276		group_name = %s,
277		group_info = %s,
278		check_in_date = %u,
279		check_out_date = %u,
280		apply_start_date = %u,
281		apply_end_date = %u,
282		group_price = %u,
283		group_can_use_coupon = %u,
284		group_sented_coupon = %u,
285		group_status = %u
286		WHERE group_id = %u", $this->db->prefix('martin_group'), $this->db->quoteString($group_name), $this->db->quoteString($group_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $group_price, $group_can_use_coupon, $group_sented_coupon, $group_status, $group_id);
287		}
288		//echo $sql;exit;
289		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
290		$result = $this->db->queryF($sql);
291		} else {
292		$result = $this->db->query($sql);
293		}
294
295		return $group_id > 0 ? $group_id : $this->db->getInsertId();
296		}
297
298		/**
299		* @删除一个城市
300		* @method:delete(group_id)
301		* @license http://www.blags.org/
302		* @created :2010年05月21日 20时40分
303		* @copyright 1997-2010 The Martin Group
304		* @author Martin <[email protected]>
305		* @param object $group
306		* @param bool $force
307		* @return bool\|void
308		*/
309	View Code Duplication	public function delete(&$group, $force = false)
310		{
311		if (strtolower(get_class($group)) !== 'martingroup') {
312		return false;
313		}
314
315		$sql = "DELETE FROM " . $this->db->prefix("martin_group") . " WHERE group_id = " . $group->group_id();
316
317		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
318		$result = $this->db->queryF($sql);
319		} else {
320		$result = $this->db->query($sql);
321		}
322
323		$sql = "DELETE FROM " . $this->db->prefix("martin_group_room") . " WHERE group_id = " . $group->group_id();
324
325		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
326		$result = $this->db->queryF($sql);
327		} else {
328		$result = $this->db->query($sql);
329		}
330
331		if (!$result) {
332		return false;
333		}
334
335		return true;
336		}
337
338		/**
339		* delete hotel cities matching a set of conditions
340		*
341		* @param object $criteria {@link CriteriaElement}
342		* @return bool FALSE if deletion failed
343		*/
344	View Code Duplication	public function deleteAll($criteria = null)
345		{
346		$sql = 'DELETE FROM ' . $this->db->prefix('martin_group');
347		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
348		$sql .= ' ' . $criteria->renderWhere();
349		}
350		if (!$result = $this->db->query($sql)) {
351		return false;
352		}
353
354		return true;
355		}
356
357		/**
358		* count hotel cities matching a condition
359		*
360		* @param object $criteria {@link CriteriaElement} to match
361		* @return int count of categories
362		*/
363	View Code Duplication	public function getCount($criteria = null)
364		{
365		$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_group');
366		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
367		$sql .= ' ' . $criteria->renderWhere();
368		}
369		$result = $this->db->query($sql);
370		if (!$result) {
371		return 0;
372		}
373		list($count) = $this->db->fetchRow($result);
374
375		return $count;
376		}
377
378		/**
379		* @得到城市
380		* @license http://www.blags.org/
381		* @created :2010年05月21日 20时40分
382		* @copyright 1997-2010 The Martin Group
383		* @author Martin <[email protected]>
384		* @param null $criteria
385		* @param bool $id_as_key
386		* @return array
387		*/
388	View Code Duplication	public function &getObjects($criteria = null, $id_as_key = false)
389		{
390		$ret = array();
391		$limit = $start = 0;
392		$sql = 'SELECT * FROM ' . $this->db->prefix('martin_group');
393		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
394		$sql .= ' ' . $criteria->renderWhere();
395		if ($criteria->getSort() != '') {
396		$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
397		}
398		$limit = $criteria->getLimit();
399		$start = $criteria->getStart();
400		}
401		$sql .= " order by apply_start_date DESC , group_id DESC ";
402		//echo "<br />" . $sql . "<br />";
403		$result = $this->db->query($sql, $limit, $start);
404
405		if (!$result) {
406		return $ret;
407		}
408
409		$theObjects = array();
410
411		while ($myrow = $this->db->fetchArray($result)) {
412		$group = new MartinGroup();
413		$group->assignVars($myrow);
414		$theObjects[$myrow['group_id']] =& $group;
415		//var_dump($group);
416		unset($group);
417		}
418		//var_dump($theObjects);
419
420		foreach ($theObjects as $theObject) {
421		if (!$id_as_key) {
422		$ret[] =& $theObject;
423		} else {
424		$ret[$theObject->group_id()] =& $theObject;
425		}
426		unset($theObject);
427		}
428
429		return $ret;
430		}
431
432		/**
433		* @get room list
434		* @license http://www.blags.org/
435		* @created :2010年06月03日 20时05分
436		* @copyright 1997-2010 The Martin Group
437		* @author Martin <[email protected]>
438		* @param $group_id
439		* @return array\|bool
440		*/
441	View Code Duplication	public function getRoomList($group_id)
442		{
443		global $xoopsDB;
444		if (empty($group_id)) {
445		return false;
446		}
447		$sql = "SELECT gr.room_id,gr.room_count,r.room_name FROM " . $xoopsDB->prefix("martin_group_room") . " gr
448		left join " . $xoopsDB->prefix("martin_room") . " r ON r.room_id = gr.room_id
449		WHERE group_id = " . $group_id;
450		$result = $xoopsDB->query($sql);
451		$rows = array();
452		while ($row = $xoopsDB->fetchArray($result)) {
453		$rows[] = $row;
454		}
455
456		return $rows;
457		}
458
459		/**
460		* @param $group_id
461		* @param $room_ids
462		* @param $room_counts
463		* @param $isNew
464		* @return bool
465		*/
466	View Code Duplication	public function InsertGroupRoom($group_id, $room_ids, $room_counts, $isNew)
467		{
468		global $xoopsDB;
469		if (!$group_id \|\| !is_array($room_ids)) {
470		// delete data
471		$sql = "delete FROM " . $xoopsDB->prefix("martin_group") . " WHERE group_id = " . $group_id;
472		if ($group_id > 0) {
473		$xoopsDB->query($sql);
474		}
475
476		return false;
477		}
478		$dsql = 'delete FROM ' . $xoopsDB->prefix("martin_group_room") . " WHERE group_id = $group_id";
479		$xoopsDB->query($dsql);
480
481		$sql = "insert INTO " . $xoopsDB->prefix("martin_group_room") . " (group_id,room_id,room_count) VALUES ";
482		foreach ($room_ids as $key => $room_id) {
483		$room_count = $room_counts[$key];
484		$sql .= $prefix . "($group_id,$room_id,$room_count)";
485		$prefix = ",";
486		}
487
488		//echo $sql;
489		return $xoopsDB->query($sql);
490		}
491
492		/**
493		* @get room by hotel
494		* @license http://www.blags.org/
495		* @created :2010年06月03日 20时05分
496		* @copyright 1997-2010 The Martin Group
497		* @author Martin <[email protected]>
498		* @param $hotel_id
499		* @return array
500		*/
501	View Code Duplication	public function GetRoomListByHotel($hotel_id)
502		{
503		global $xoopsDB;
504		$sql = "SELECT room_id,room_name FROM " . $xoopsDB->prefix("martin_room");
505		$sql .= $hotel_id > 0 ? " WHERE hotel_id = " . $hotel_id : " ";
506		$result = $xoopsDB->query($sql);
507		$rows = array();
508		while ($row = $xoopsDB->fetchArray($result)) {
509		$rows[$row['room_id']] = $row['room_name'];
510		}
511
512		return $rows;
513		}
514
515		/**
516		* @get top group list
517		* @license http://www.blags.org/
518		* @created :2010年06月20日 13时09分
519		* @copyright 1997-2010 The Martin Group
520		* @author Martin <[email protected]>
521		* @param int $limit
522		* @return array
523		*/
524	View Code Duplication	public function GetGroupList($limit = 6)
525		{
526		global $xoopsDB;
527		$sql = 'SELECT * FROM ' . $xoopsDB->prefix('martin_group') . ' WHERE group_status = 1 AND apply_end_date > ' . time() . ' order by apply_end_date , group_id DESC limit ' . $limit;
528
529		return $this->GetRows($sql);
530		}
531
532		/**
533		* @get Group rooms
534		* @license http://www.blags.org/
535		* @created :2010年06月20日 13时09分
536		* @copyright 1997-2010 The Martin Group
537		* @author Martin <[email protected]>
538		* @param $group_id
539		* @return array
540		*/
541	View Code Duplication	public function GetGroupRooms($group_id)
542		{
543		global $xoopsDB;
544		if (!$group_id) {
545		return $group_id;
546		}
547		$sql = 'SELECT gr.,r.,rt.room_type_info,h.* FROM ' . $xoopsDB->prefix("martin_group_room") . ' gr ';
548		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room') . ' r ON ( r.room_id = gr.room_id ) ';
549		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room_type') . ' rt ON ( r.room_type_id = rt.room_type_id ) ';
550		$sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_hotel') . ' h ON ( r.hotel_id = h.hotel_id ) ';
551		$sql .= ' WHERE gr.group_id = ' . $group_id;
552
553		//echo $sql;
554		return $this->GetRows($sql);
555		}
556
557		/**
558		* @add user join group
559		* @method:
560		* @license http://www.blags.org/
561		* @created :2010年06月22日 20时19分
562		* @copyright 1997-2010 The Martin Group
563		* @author Martin <[email protected]>
564		* @param $Data
565		* @return
566		*/
567	View Code Duplication	public function AddUserGroup($Data)
568		{
569		global $xoopsDB;
570		if (!is_array($Data) \|\| empty($Data)) {
571		return $Data;
572		}
573		$sql = 'INSERT INTO ' . $xoopsDB->prefix('martin_group_join') . ' (%s) VALUES (%s) ';
574		foreach ($Data as $key => $value) {
575		$keys .= $prefix . $key;
576		$values .= $prefix . $value;
577		$prefix = ',';
578		}
579		$sql = sprintf($sql, $keys, $values);
580		//echo $sql;
581		$xoopsDB->query($sql);
582
583		return $xoopsDB->getInsertId();
584		}
585
586		/**
587		* @get group join list
588		* @method:
589		* @license http://www.blags.org/
590		* @created :2010年06月22日 20时19分
591		* @copyright 1997-2010 The Martin Group
592		* @author Martin <[email protected]>
593		* @param $group_id
594		* @return array\|bool
595		*/
596	View Code Duplication	public function getGroupJoinList($group_id)
597		{
598		if (!$group_id) {
599		return false;
600		}
601		global $xoopsDB;
602		$sql = 'SELECT j.*,u.uname FROM ' . $xoopsDB->prefix('martin_group_join') . ' j ';
603		$sql .= 'INNER JOIN ' . $xoopsDB->prefix('users') . ' u ON (u.uid = j.uid) ';
604		$sql .= 'WHERE j.group_id = ' . $group_id . ' ';
605		$sql .= 'ORDER BY j.join_id DESC ';
606
607		return $this->GetRows($sql);
608		}
609
610		/**
611		* @check group join exist
612		* @license http://www.blags.org/
613		* @created :2010年06月22日 20时19分
614		* @copyright 1997-2010 The Martin Group
615		* @author Martin <[email protected]>
616		* @param $Data
617		* @return bool
618		*/
619		public function CheckJoinExist($Data)
620		{
621		global $xoopsDB;
622		$sql = ' SELECT * FROM ' . $xoopsDB->prefix('martin_group_join') . " WHERE uid = {$Data['uid']}
623		AND group_id = {$Data['group_id']} ";
624		$rows = $this->GetRows($sql);
625
626		return is_array($rows) && !empty($rows);
627		}
628		}
629

mambax7 / xoops-martin

Issues (663)

Security Analysis not enabled

class/group.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like