Issues in hotelservice.php (master) - Issues in master - mambax7/xoops-martin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (663)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/hotelservice.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * $Id: hotelservice.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
 * Module:martin
 * Licence: GNU
 */

if (!defined("XOOPS_ROOT_PATH")) {
    die("XOOPS root path not defined");
}

include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';

/**
 * Class MartinHotelService
 */
class MartinHotelService extends XoopsObject
{
    public function MartinHotelservice()
    {
        $this->initVar("service_id", XOBJ_DTYPE_INT, null, false);
        $this->initVar("service_type_id", XOBJ_DTYPE_INT, null, false);
        $this->initVar("service_type_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("service_unit", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("service_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("service_instruction", XOBJ_DTYPE_TXTAREA, null, false);
    }

    /**
     * @return mixed
     */
    public function service_id()
    {
        return $this->getVar("service_id");
    }

    /**
     * @return mixed
     */
    public function service_type_id()
    {
        return $this->getVar("service_type_id");
    }

    /**
     * @return mixed
     */
    public function service_type_name()
    {
        return $this->getVar("service_type_name");
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function service_unit($format = 'S')
    {
        return $this->getVar("service_unit", $format);
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function service_name($format = 'S')
    {
        return $this->getVar("service_name", $format);
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function service_instruction($format = 'S')
    {
        return $this->getVar("service_instruction", $format);
    }
}

/**
 * @method: hotelserviceHandler
 * @license   http://www.blags.org/
 * @created   :2010年05月21日 20时40分
 * @copyright 1997-2010 The Martin Group
 * @author    Martin <[email protected]>
 * */
class MartinHotelServiceHandler extends XoopsObjectHandler
{
    /**
     * create a new hotel city
     * @param bool $isNew flag the new objects as "new"?
     * @return object hotelservice
     */
    public function &create($isNew = true)
    {
        $hotelservice = new MartinHotelService();
        if ($isNew) {
            $hotelservice->setNew();
        }

        return $hotelservice;
    }

    /**
     * retrieve a hotel city
     *
     * @param int $id hotelserviceid of the hotelservice
     * @return mixed reference to the {@link hotelservice} object, FALSE if failed
     */
    public function &get($id)
    {
        if ((int)($id) <= 0) {
            return false;
        }

        $criteria = new CriteriaCompo(new Criteria('service_id', $id));
        $criteria->setLimit(1);
        $obj_array = $this->getObjects($criteria);
        if (count($obj_array) != 1) {
            $obj =& $this->create();

            return $obj;
        }

        return $obj_array[0];
    }

    /**
     * @得到列表
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年05月23日 14时59分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int    $limit
     * @param int    $start
     * @param string $sort
     * @param string $order
     * @param bool   $id_as_key
     * @return array
     */
    public function &getHotelServices($limit = 0, $start = 0, $sort = 'service_id', $order = 'ASC', $id_as_key = true)
    {
        $criteria = new CriteriaCompo();

        $criteria->setSort($sort);
        $criteria->setOrder($order);

        $criteria->setStart($start);
        $criteria->setLimit($limit);

        return $this->getObjects($criteria, $id_as_key);
    }

    /**
     * insert a new hotelservice in the database
     *
     * @param object $hotelservice reference to the {@link hotelservice} object
     * @param bool   $force
     * @return bool FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert(&$hotelservice, $force = false)
    {
        if (strtolower(get_class($hotelservice)) !== 'martinhotelservice') {
            return false;
        }

        if (!$hotelservice->cleanVars()) {
            return false;
        }

        foreach ($hotelservice->cleanVars as $k => $v) {
            ${$k} = $v;
        }

        if ($hotelservice->isNew()) {
            $sql = sprintf("INSERT INTO %s (
                                service_id,
                                service_type_id,
                                service_unit,
                                service_name,
                                service_instruction
                            ) VALUES (
                                NULL,
                                %u,
                                %s,
                                %s,
                                %s
                            )", $this->db->prefix('martin_hotel_service'), $service_type_id, $this->db->quoteString($service_unit), $this->db->quoteString($service_name), $this->db->quoteString($service_instruction));
        } else {
            $sql = sprintf("UPDATE %s SET
                                service_type_id = %u,
                                service_unit = %s,
                                service_name = %s,
                                service_instruction = %s
                            WHERE service_id = %u", $this->db->prefix('martin_hotel_service'), $service_type_id, $this->db->quoteString($service_unit), $this->db->quoteString($service_name), $this->db->quoteString($service_instruction), $service_id);
        }
        //echo "<br />" . $sql . "<br />";
        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }
        if (!$result) {
            $hotelservice->setErrors('The query returned an error. ' . $this->db->error());

            return false;
        }
        if ($hotelservice->isNew()) {
            $hotelservice->assignVar('service_id', $this->db->getInsertId());
        }

        $hotelservice->assignVar('service_id', $service_id);

        return true;
    }

    /**
     * @删除一个城市
     * @method:delete(service_id)
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param object $hotelservice
     * @param bool   $force
     * @return bool|void
     */
    public function delete(&$hotelservice, $force = false)
    {
        if (strtolower(get_class($hotelservice)) !== 'martinhotelservice') {
            return false;
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_hotel_service") . " WHERE service_id = " . $hotelservice->service_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * delete hotel cities matching a set of conditions
     *
     * @param object $criteria {@link CriteriaElement}
     * @return bool FALSE if deletion failed
     */
    public function deleteAll($criteria = null)
    {
        $sql = 'DELETE FROM ' . $this->db->prefix('martin_hotel_service');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$result = $this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * count hotel cities matching a condition
     *
     * @param object $criteria {@link CriteriaElement} to match
     * @return int count of categories
     */
    public function getCount($criteria = null)
    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_hotel_service');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        list($count) = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * @get       objects
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param null $criteria
     * @param bool $id_as_key
     * @return array
     */
    public function &getObjects($criteria = null, $id_as_key = false)
    {
        $ret   = array();
        $limit = $start = 0;
        $sql   = 'SELECT s.*,st.service_type_name FROM ' . $this->db->prefix('martin_hotel_service') . " s left join " . $this->db->prefix("martin_hotel_service_type") . " st ON (s.service_type_id = st.service_type_id ) ";
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
            $sql .= ' ' . $criteria->renderWhere();
            if ($criteria->getSort() != '') {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        //echo "<br />" . $sql . "<br />";
        $result = $this->db->query($sql, $limit, $start);

        if (!$result) {
            return $ret;
        }

        $theObjects = array();

        while ($myrow = $this->db->fetchArray($result)) {
            $hotelservice = new MartinHotelService();
            $hotelservice->assignVars($myrow);
            $theObjects[$myrow['service_id']] =& $hotelservice;
            //var_dump($hotelservice);
            unset($hotelservice);
        }
        //var_dump($theObjects);

        foreach ($theObjects as $theObject) {
            if (!$id_as_key) {
                $ret[] =& $theObject;
            } else {
                $ret[$theObject->service_id()] =& $theObject;
            }
            unset($theObject);
        }

        return $ret;
    }

    /**
     * @get       hotel service list
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $pageSize
     * @param $Limit
     * @return array
     */
    public function getHotelServiceRelations($pageSize, $Limit)
    {
        $rows   = array();
        $sql    = "SELECT s.service_name,sr.*,h.hotel_name FROM " . $this->db->prefix("martin_hotel_service_relation") . " sr
            left join " . $this->db->prefix("martin_hotel_service") . " s ON (s.service_id = sr.service_id)
            left join " . $this->db->prefix("martin_hotel") . " h ON (sr.hotel_id = h.hotel_id) order BY hotel_id DESC
            limit $Limit,$pageSize";
        $result = $this->db->query($sql);
        while ($row = $this->db->fetchArray($result)) {
            $rows[] = $row;
        }

        return $rows;
    }

    /**
     * @get       relation
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @param $service_id
     * @return bool
     */
    public function getHotelServiceRelation($hotel_id, $service_id)
    {
        if (!is_numeric($hotel_id) || !is_numeric($service_id)) {
            return false;
        }
        $sql    = "SELECT s.service_name,sr.*,h.hotel_name FROM " . $this->db->prefix("martin_hotel_service_relation") . " sr
            left join " . $this->db->prefix("martin_hotel_service") . " s ON (s.service_id = sr.service_id)
            left join " . $this->db->prefix("martin_hotel") . " h ON (sr.hotel_id = h.hotel_id) WHERE sr.hotel_id = $hotel_id and sr.service_id = $service_id ";
        $result = $this->db->query($sql);

        return $this->db->fetchArray($result);
    }

    /**
     * delete hotel service relation
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @param $service_id
     * @return bool
     */
    public function DeleteServiceRelation($hotel_id, $service_id)
    {
        if (!is_numeric($hotel_id) || !is_numeric($service_id)) {
            return false;
        }
        $sql = "delete FROM " . $this->db->prefix("martin_hotel_service_relation") . "
            WHERE hotel_id = $hotel_id and service_id = $service_id";

        return $this->db->queryF($sql);
    }

    /**
     * @Insert    Relation
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param      $RelationData
     * @param bool $IsOld
     * @return bool
     */
    public function InsertRelation($RelationData, $IsOld = false)
    {
        if (empty($RelationData) || !is_array($RelationData)) {
            return false;
        }
        foreach ($RelationData as $key => $value) {
            ${$key} = $value;
        }
        if (!$IsOld && $this->CheckRelationExist($hotel_id, $service_id)) {
            return false;
        }

        if (!$IsOld) {
            $sql = "insert INTO " . $this->db->prefix('martin_hotel_service_relation') . " (`hotel_id`,`service_id`,`service_extra_price`) VALUES ($hotel_id,$service_id,$service_extra_price) ";
        } else {
            $sql = "UPDATE " . $this->db->prefix("martin_hotel_service_relation") . " SET service_extra_price = $service_extra_price WHERE hotel_id = $hotel_id and service_id = $service_id";
        }

        //echo $sql;exit;
        return $this->db->queryF($sql);
    }

    /**
     * 检测是否存在
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @param $service_id
     * @return bool
     */
    public function CheckRelationExist($hotel_id, $service_id)
    {
        if (!is_numeric($hotel_id) || !is_numeric($service_id)) {
            return false;
        }
        $sql = "SELECT * FROM " . $this->db->prefix("martin_hotel_service_relation") . " WHERE hotel_id = $hotel_id and service_id = $service_id";

        return is_array($this->db->fetchArray($this->db->query($sql)));
    }

    /**
     * @get       hotel list
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int $hotel_id
     * @return array
     */
    public function getHotelList($hotel_id = 0)
    {
        $rows = array();
        $sql  = "SELECT hotel_id ,hotel_name FROM " . $this->db->prefix("martin_hotel");
        $sql .= $hotel_id > 0 ? " WHERE hotel_id = $hotel_id" : "";
        $sql .= " order BY hotel_rank ,hotel_id DESC ";
        $result = $this->db->query($sql);
        while ($row = $this->db->fetchArray($result)) {
            $rows[$row['hotel_id']] = $row['hotel_name'];
        }

        return $rows;
    }

    /**
     * @get       service list
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int $service_id
     * @return array
     */
    public function getServiceList($service_id = 0)
    {
        $rows = array();
        $sql  = "SELECT service_id ,service_name FROM " . $this->db->prefix("martin_hotel_service");
        $sql .= $hotel_id > 0 ? " WHERE service_id = $service_id" : "";
        $result = $this->db->query($sql);
        while ($row = $this->db->fetchArray($result)) {
            $rows[$row['service_id']] = $row['service_name'];
        }

        return $rows;
    }

    /**
     * @get       relation count
     * @license   http://www.blags.org/
     * @created   :2010年05月30日 20时48分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * */
    public function GetRelationCount()
    {
        $sql    = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_hotel_service_relation');
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        list($count) = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * @get       hotel service
     * @license   http://www.blags.org/
     * @created   :2010年06月16日 22时31分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @return array|bool
     */
    public function getHotelService($hotel_id)
    {
        global $xoopsDB, $xoopsModule;
        $DBPrefx = empty($xoopsdModule) ? $xoopsDB->prefix . '_martin' : $xoopsDB->prefix . '_' . $xoopsModule->getVar('dirname');
        if (empty($hotel_id)) {
            return false;
        }
        $sql = 'SELECT st.service_type_name,s.service_id,s.service_unit,s.service_name,
            s.service_instruction,sr.service_extra_price FROM ';
        $sql .= $DBPrefx . "_hotel_service s INNER JOIN " . $DBPrefx . "_hotel_service_relation sr ON ( sr.service_id = s.service_id ) ";
        $sql .= "INNER JOIN {$DBPrefx}_hotel_service_type st ON (s.service_type_id = st.service_type_id) WHERE sr.hotel_id = " . $hotel_id;
        //echo $sql;
        $rows   = array();
        $result = $xoopsDB->query($sql);
        while ($row = $xoopsDB->fetchArray($result)) {
            //$row['service_extra_price'] = round($row['service_extra_price'],2);
            $rows[] = $row;
        }

        return $rows;
    }
}


1		<?php
2		/**
3		* $Id: hotelservice.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
4		* Module:martin
5		* Licence: GNU
6		*/
7
8		if (!defined("XOOPS_ROOT_PATH")) {
9		die("XOOPS root path not defined");
10		}
11
12		include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';
13
14		/**
15		* Class MartinHotelService
16		*/
17		class MartinHotelService extends XoopsObject
18		{
19		public function MartinHotelservice()
20		{
21		$this->initVar("service_id", XOBJ_DTYPE_INT, null, false);
22		$this->initVar("service_type_id", XOBJ_DTYPE_INT, null, false);
23		$this->initVar("service_type_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
24		$this->initVar("service_unit", XOBJ_DTYPE_TXTBOX, null, true, 255);
25		$this->initVar("service_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
26		$this->initVar("service_instruction", XOBJ_DTYPE_TXTAREA, null, false);
27		}
28
29		/**
30		* @return mixed
31		*/
32		public function service_id()
33		{
34		return $this->getVar("service_id");
35		}
36
37		/**
38		* @return mixed
39		*/
40		public function service_type_id()
41		{
42		return $this->getVar("service_type_id");
43		}
44
45		/**
46		* @return mixed
47		*/
48		public function service_type_name()
49		{
50		return $this->getVar("service_type_name");
51		}
52
53		/**
54		* @param string $format
55		* @return mixed
56		*/
57		public function service_unit($format = 'S')
58		{
59		return $this->getVar("service_unit", $format);
60		}
61
62		/**
63		* @param string $format
64		* @return mixed
65		*/
66		public function service_name($format = 'S')
67		{
68		return $this->getVar("service_name", $format);
69		}
70
71		/**
72		* @param string $format
73		* @return mixed
74		*/
75		public function service_instruction($format = 'S')
76		{
77		return $this->getVar("service_instruction", $format);
78		}
79		}
80
81		/**
82		* @method: hotelserviceHandler
83		* @license http://www.blags.org/
84		* @created :2010年05月21日 20时40分
85		* @copyright 1997-2010 The Martin Group
86		* @author Martin <[email protected]>
87		* */
88		class MartinHotelServiceHandler extends XoopsObjectHandler
89		{
90		/**
91		* create a new hotel city
92		* @param bool $isNew flag the new objects as "new"?
93		* @return object hotelservice
94		*/
95		public function &create($isNew = true)
96		{
97		$hotelservice = new MartinHotelService();
98		if ($isNew) {
99		$hotelservice->setNew();
100		}
101
102		return $hotelservice;
103		}
104
105		/**
106		* retrieve a hotel city
107		*
108		* @param int $id hotelserviceid of the hotelservice
109		* @return mixed reference to the {@link hotelservice} object, FALSE if failed
110		*/
111	View Code Duplication	public function &get($id)
112		{
113		if ((int)($id) <= 0) {
114		return false;
115		}
116
117		$criteria = new CriteriaCompo(new Criteria('service_id', $id));
118		$criteria->setLimit(1);
119		$obj_array = $this->getObjects($criteria);
120		if (count($obj_array) != 1) {
121		$obj =& $this->create();
122
123		return $obj;
124		}
125
126		return $obj_array[0];
127		}
128
129		/**
130		* @得到列表
131		* @method:
132		* @license http://www.blags.org/
133		* @created :2010年05月23日 14时59分
134		* @copyright 1997-2010 The Martin Group
135		* @author Martin <[email protected]>
136		* @param int $limit
137		* @param int $start
138		* @param string $sort
139		* @param string $order
140		* @param bool $id_as_key
141		* @return array
142		*/
143	View Code Duplication	public function &getHotelServices($limit = 0, $start = 0, $sort = 'service_id', $order = 'ASC', $id_as_key = true)
144		{
145		$criteria = new CriteriaCompo();
146
147		$criteria->setSort($sort);
148		$criteria->setOrder($order);
149
150		$criteria->setStart($start);
151		$criteria->setLimit($limit);
152
153		return $this->getObjects($criteria, $id_as_key);
154		}
155
156		/**
157		* insert a new hotelservice in the database
158		*
159		* @param object $hotelservice reference to the {@link hotelservice} object
160		* @param bool $force
161		* @return bool FALSE if failed, TRUE if already present and unchanged or successful
162		*/
163	View Code Duplication	public function insert(&$hotelservice, $force = false)
164		{
165		if (strtolower(get_class($hotelservice)) !== 'martinhotelservice') {
166		return false;
167		}
168
169		if (!$hotelservice->cleanVars()) {
170		return false;
171		}
172
173		foreach ($hotelservice->cleanVars as $k => $v) {
174		${$k} = $v;
175		}
176
177		if ($hotelservice->isNew()) {
178		$sql = sprintf("INSERT INTO %s (
179		service_id,
180		service_type_id,
181		service_unit,
182		service_name,
183		service_instruction
184		) VALUES (
185		NULL,
186		%u,
187		%s,
188		%s,
189		%s
190		)", $this->db->prefix('martin_hotel_service'), $service_type_id, $this->db->quoteString($service_unit), $this->db->quoteString($service_name), $this->db->quoteString($service_instruction));
191		} else {
192		$sql = sprintf("UPDATE %s SET
193		service_type_id = %u,
194		service_unit = %s,
195		service_name = %s,
196		service_instruction = %s
197		WHERE service_id = %u", $this->db->prefix('martin_hotel_service'), $service_type_id, $this->db->quoteString($service_unit), $this->db->quoteString($service_name), $this->db->quoteString($service_instruction), $service_id);
198		}
199		//echo "<br />" . $sql . "<br />";
200		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
201		$result = $this->db->queryF($sql);
202		} else {
203		$result = $this->db->query($sql);
204		}
205		if (!$result) {
206		$hotelservice->setErrors('The query returned an error. ' . $this->db->error());
207
208		return false;
209		}
210		if ($hotelservice->isNew()) {
211		$hotelservice->assignVar('service_id', $this->db->getInsertId());
212		}
213
214		$hotelservice->assignVar('service_id', $service_id);
215
216		return true;
217		}
218
219		/**
220		* @删除一个城市
221		* @method:delete(service_id)
222		* @license http://www.blags.org/
223		* @created :2010年05月21日 20时40分
224		* @copyright 1997-2010 The Martin Group
225		* @author Martin <[email protected]>
226		* @param object $hotelservice
227		* @param bool $force
228		* @return bool\|void
229		*/
230	View Code Duplication	public function delete(&$hotelservice, $force = false)
231		{
232		if (strtolower(get_class($hotelservice)) !== 'martinhotelservice') {
233		return false;
234		}
235
236		$sql = "DELETE FROM " . $this->db->prefix("martin_hotel_service") . " WHERE service_id = " . $hotelservice->service_id();
237
238		if (false != $force) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `!==` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
239		$result = $this->db->queryF($sql);
240		} else {
241		$result = $this->db->query($sql);
242		}
243
244		if (!$result) {
245		return false;
246		}
247
248		return true;
249		}
250
251		/**
252		* delete hotel cities matching a set of conditions
253		*
254		* @param object $criteria {@link CriteriaElement}
255		* @return bool FALSE if deletion failed
256		*/
257	View Code Duplication	public function deleteAll($criteria = null)
258		{
259		$sql = 'DELETE FROM ' . $this->db->prefix('martin_hotel_service');
260		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
261		$sql .= ' ' . $criteria->renderWhere();
262		}
263		if (!$result = $this->db->query($sql)) {
264		return false;
265		}
266
267		return true;
268		}
269
270		/**
271		* count hotel cities matching a condition
272		*
273		* @param object $criteria {@link CriteriaElement} to match
274		* @return int count of categories
275		*/
276	View Code Duplication	public function getCount($criteria = null)
277		{
278		$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_hotel_service');
279		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
280		$sql .= ' ' . $criteria->renderWhere();
281		}
282		$result = $this->db->query($sql);
283		if (!$result) {
284		return 0;
285		}
286		list($count) = $this->db->fetchRow($result);
287
288		return $count;
289		}
290
291		/**
292		* @get objects
293		* @license http://www.blags.org/
294		* @created :2010年05月21日 20时40分
295		* @copyright 1997-2010 The Martin Group
296		* @author Martin <[email protected]>
297		* @param null $criteria
298		* @param bool $id_as_key
299		* @return array
300		*/
301		public function &getObjects($criteria = null, $id_as_key = false)
302		{
303		$ret = array();
304		$limit = $start = 0;
305		$sql = 'SELECT s.*,st.service_type_name FROM ' . $this->db->prefix('martin_hotel_service') . " s left join " . $this->db->prefix("martin_hotel_service_type") . " st ON (s.service_type_id = st.service_type_id ) ";
306		if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {
307		$sql .= ' ' . $criteria->renderWhere();
308		if ($criteria->getSort() != '') {
309		$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
310		}
311		$limit = $criteria->getLimit();
312		$start = $criteria->getStart();
313		}
314		//echo "<br />" . $sql . "<br />";
315		$result = $this->db->query($sql, $limit, $start);
316
317		if (!$result) {
318		return $ret;
319		}
320
321		$theObjects = array();
322
323		while ($myrow = $this->db->fetchArray($result)) {
324		$hotelservice = new MartinHotelService();
325		$hotelservice->assignVars($myrow);
326		$theObjects[$myrow['service_id']] =& $hotelservice;
327		//var_dump($hotelservice);
328		unset($hotelservice);
329		}
330		//var_dump($theObjects);
331
332		foreach ($theObjects as $theObject) {
333		if (!$id_as_key) {
334		$ret[] =& $theObject;
335		} else {
336		$ret[$theObject->service_id()] =& $theObject;
337		}
338		unset($theObject);
339		}
340
341		return $ret;
342		}
343
344		/**
345		* @get hotel service list
346		* @license http://www.blags.org/
347		* @created :2010年05月30日 20时48分
348		* @copyright 1997-2010 The Martin Group
349		* @author Martin <[email protected]>
350		* @param $pageSize
351		* @param $Limit
352		* @return array
353		*/
354		public function getHotelServiceRelations($pageSize, $Limit)
355		{
356		$rows = array();
357		$sql = "SELECT s.service_name,sr.*,h.hotel_name FROM " . $this->db->prefix("martin_hotel_service_relation") . " sr
358		left join " . $this->db->prefix("martin_hotel_service") . " s ON (s.service_id = sr.service_id)
359		left join " . $this->db->prefix("martin_hotel") . " h ON (sr.hotel_id = h.hotel_id) order BY hotel_id DESC
360		limit $Limit,$pageSize";
361		$result = $this->db->query($sql);
362		while ($row = $this->db->fetchArray($result)) {
363		$rows[] = $row;
364		}
365
366		return $rows;
367		}
368
369		/**
370		* @get relation
371		* @license http://www.blags.org/
372		* @created :2010年05月30日 20时48分
373		* @copyright 1997-2010 The Martin Group
374		* @author Martin <[email protected]>
375		* @param $hotel_id
376		* @param $service_id
377		* @return bool
378		*/
379		public function getHotelServiceRelation($hotel_id, $service_id)
380		{
381		if (!is_numeric($hotel_id) \|\| !is_numeric($service_id)) {
382		return false;
383		}
384		$sql = "SELECT s.service_name,sr.*,h.hotel_name FROM " . $this->db->prefix("martin_hotel_service_relation") . " sr
385		left join " . $this->db->prefix("martin_hotel_service") . " s ON (s.service_id = sr.service_id)
386		left join " . $this->db->prefix("martin_hotel") . " h ON (sr.hotel_id = h.hotel_id) WHERE sr.hotel_id = $hotel_id and sr.service_id = $service_id ";
387		$result = $this->db->query($sql);
388
389		return $this->db->fetchArray($result);
390		}
391
392		/**
393		* delete hotel service relation
394		* @license http://www.blags.org/
395		* @created :2010年05月30日 20时48分
396		* @copyright 1997-2010 The Martin Group
397		* @author Martin <[email protected]>
398		* @param $hotel_id
399		* @param $service_id
400		* @return bool
401		*/
402		public function DeleteServiceRelation($hotel_id, $service_id)
403		{
404		if (!is_numeric($hotel_id) \|\| !is_numeric($service_id)) {
405		return false;
406		}
407		$sql = "delete FROM " . $this->db->prefix("martin_hotel_service_relation") . "
408		WHERE hotel_id = $hotel_id and service_id = $service_id";
409
410		return $this->db->queryF($sql);
411		}
412
413		/**
414		* @Insert Relation
415		* @license http://www.blags.org/
416		* @created :2010年05月30日 20时48分
417		* @copyright 1997-2010 The Martin Group
418		* @author Martin <[email protected]>
419		* @param $RelationData
420		* @param bool $IsOld
421		* @return bool
422		*/
423		public function InsertRelation($RelationData, $IsOld = false)
424		{
425		if (empty($RelationData) \|\| !is_array($RelationData)) {
426		return false;
427		}
428		foreach ($RelationData as $key => $value) {
429		${$key} = $value;
430		}
431		if (!$IsOld && $this->CheckRelationExist($hotel_id, $service_id)) {
432		return false;
433		}
434
435		if (!$IsOld) {
436		$sql = "insert INTO " . $this->db->prefix('martin_hotel_service_relation') . " (`hotel_id`,`service_id`,`service_extra_price`) VALUES ($hotel_id,$service_id,$service_extra_price) ";
437		} else {
438		$sql = "UPDATE " . $this->db->prefix("martin_hotel_service_relation") . " SET service_extra_price = $service_extra_price WHERE hotel_id = $hotel_id and service_id = $service_id";
439		}
440
441		//echo $sql;exit;
442		return $this->db->queryF($sql);
443		}
444
445		/**
446		* 检测是否存在
447		* @license http://www.blags.org/
448		* @created :2010年05月30日 20时48分
449		* @copyright 1997-2010 The Martin Group
450		* @author Martin <[email protected]>
451		* @param $hotel_id
452		* @param $service_id
453		* @return bool
454		*/
455		public function CheckRelationExist($hotel_id, $service_id)
456		{
457		if (!is_numeric($hotel_id) \|\| !is_numeric($service_id)) {
458		return false;
459		}
460		$sql = "SELECT * FROM " . $this->db->prefix("martin_hotel_service_relation") . " WHERE hotel_id = $hotel_id and service_id = $service_id";
461
462		return is_array($this->db->fetchArray($this->db->query($sql)));
463		}
464
465		/**
466		* @get hotel list
467		* @license http://www.blags.org/
468		* @created :2010年05月30日 20时48分
469		* @copyright 1997-2010 The Martin Group
470		* @author Martin <[email protected]>
471		* @param int $hotel_id
472		* @return array
473		*/
474	View Code Duplication	public function getHotelList($hotel_id = 0)
475		{
476		$rows = array();
477		$sql = "SELECT hotel_id ,hotel_name FROM " . $this->db->prefix("martin_hotel");
478		$sql .= $hotel_id > 0 ? " WHERE hotel_id = $hotel_id" : "";
479		$sql .= " order BY hotel_rank ,hotel_id DESC ";
480		$result = $this->db->query($sql);
481		while ($row = $this->db->fetchArray($result)) {
482		$rows[$row['hotel_id']] = $row['hotel_name'];
483		}
484
485		return $rows;
486		}
487
488		/**
489		* @get service list
490		* @license http://www.blags.org/
491		* @created :2010年05月30日 20时48分
492		* @copyright 1997-2010 The Martin Group
493		* @author Martin <[email protected]>
494		* @param int $service_id
495		* @return array
496		*/
497	View Code Duplication	public function getServiceList($service_id = 0)
498		{
499		$rows = array();
500		$sql = "SELECT service_id ,service_name FROM " . $this->db->prefix("martin_hotel_service");
501		$sql .= $hotel_id > 0 ? " WHERE service_id = $service_id" : "";
502		$result = $this->db->query($sql);
503		while ($row = $this->db->fetchArray($result)) {
504		$rows[$row['service_id']] = $row['service_name'];
505		}
506
507		return $rows;
508		}
509
510		/**
511		* @get relation count
512		* @license http://www.blags.org/
513		* @created :2010年05月30日 20时48分
514		* @copyright 1997-2010 The Martin Group
515		* @author Martin <[email protected]>
516		* */
517		public function GetRelationCount()
518		{
519		$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_hotel_service_relation');
520		$result = $this->db->query($sql);
521		if (!$result) {
522		return 0;
523		}
524		list($count) = $this->db->fetchRow($result);
525
526		return $count;
527		}
528
529		/**
530		* @get hotel service
531		* @license http://www.blags.org/
532		* @created :2010年06月16日 22时31分
533		* @copyright 1997-2010 The Martin Group
534		* @author Martin <[email protected]>
535		* @param $hotel_id
536		* @return array\|bool
537		*/
538		public function getHotelService($hotel_id)
539		{
540		global $xoopsDB, $xoopsModule;
541		$DBPrefx = empty($xoopsdModule) ? $xoopsDB->prefix . '_martin' : $xoopsDB->prefix . '_' . $xoopsModule->getVar('dirname');
542		if (empty($hotel_id)) {
543		return false;
544		}
545		$sql = 'SELECT st.service_type_name,s.service_id,s.service_unit,s.service_name,
546		s.service_instruction,sr.service_extra_price FROM ';
547		$sql .= $DBPrefx . "_hotel_service s INNER JOIN " . $DBPrefx . "_hotel_service_relation sr ON ( sr.service_id = s.service_id ) ";
548		$sql .= "INNER JOIN {$DBPrefx}_hotel_service_type st ON (s.service_type_id = st.service_type_id) WHERE sr.hotel_id = " . $hotel_id;
549		//echo $sql;
550		$rows = array();
551		$result = $xoopsDB->query($sql);
552		while ($row = $xoopsDB->fetchArray($result)) {
553		//$row['service_extra_price'] = round($row['service_extra_price'],2);
554		$rows[] = $row;
555		}
556
557		return $rows;
558		}
559		}
560

mambax7 / xoops-martin

Issues (663)

Security Analysis not enabled

class/hotelservice.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like