for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
/**
* Xoops Members Module
*
* You may not change or alter any portion of this comment or credits
* of supporting developers from this source code or any supporting source code
* which is considered copyrighted (c) material of the original comment or credit authors.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* @copyright XOOPS Project (https://xoops.org)
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @package Xoops Members
* @since 2.3.0
* @author onokazu
* @author John Neill
*/
require_once __DIR__ . '/header.php';
global $xoopsModule;
$op = (isset($_POST['op']) && 'submit' == $_POST['op']) ? 'submit' : 'form';
/** @var \XoopsMemberHandler $memberHandler */
$memberHandler = xoops_getHandler('member');
if ('form' == $op) {
$GLOBALS['xoopsOption']['template_main'] = 'xoopsmembers_searchform.tpl';
require XOOPS_ROOT_PATH . '/header.php';
$total = $memberHandler->getUserCount(new \Criteria('level', 0, '>'));
require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
$form = new \XoopsThemeForm('', 'searchform', 'searchmembers.php');
$uname_text = new \XoopsFormText('', 'user_uname', 30, 60);
$uname_match = new \XoopsFormSelectMatchOption('', 'user_uname_match');
$uname_tray = new \XoopsFormElementTray(_MD_XOOPSMEMBERS_UNAME, ' ');
$uname_tray->addElement($uname_match);
$uname_tray->addElement($uname_text);
$form->addElement($uname_tray);
if (1 == $xoopsModuleConfig['displayrealname']) {
$name_text = new \XoopsFormText('', 'user_name', 30, 60);
$name_match = new \XoopsFormSelectMatchOption('', 'user_name_match');
$name_tray = new \XoopsFormElementTray(_MD_XOOPSMEMBERS_REALNAME, ' ');
$name_tray->addElement($name_match);
$name_tray->addElement($name_text);
$form->addElement($name_tray);
}
if (1 == $xoopsModuleConfig['displayemail']) {
$email_text = new \XoopsFormText('', 'user_email', 30, 60);
$email_match = new \XoopsFormSelectMatchOption('', 'user_email_match');
$email_tray = new \XoopsFormElementTray(_MD_XOOPSMEMBERS_EMAIL, ' ');
$email_tray->addElement($email_match);
$email_tray->addElement($email_text);
$form->addElement($email_tray);
if (1 == $xoopsModuleConfig['displayurl']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_URLCONTAINS, 'user_url', 30, 100));
if (1 == $xoopsModuleConfig['displayfrom']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_LOCATIONCONTAINS, 'user_from', 30, 100));
if (1 == $xoopsModuleConfig['displayoccupation']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_OCCUPATIONCONTAINS, 'user_occ', 30, 100));
if (1 == $xoopsModuleConfig['displayinterest']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_INTERESTCONTAINS, 'user_intrest', 30, 100));
if (1 == $xoopsModuleConfig['displayextrainfo']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_EXTRAINFOCONTAINS, 'bio', 30, 100));
if (1 == $xoopsModuleConfig['displaysignature']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_SIGNATURECONTAINS, 'user_sig', 30, 100));
if (1 == $xoopsModuleConfig['displaylastlogin']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_LASTLOGMORE, 'user_lastlog_more', 10, 5));
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_LASTLOGLESS, 'user_lastlog_less', 10, 5));
if (1 == $xoopsModuleConfig['displayregdate']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_REGMORE, 'user_reg_more', 10, 5));
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_REGLESS, 'user_reg_less', 10, 5));
if (1 == $xoopsModuleConfig['displayposts']) {
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_POSTSMORE, 'user_posts_more', 10, 5));
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_POSTSLESS, 'user_posts_less', 10, 5));
$sort_select = new \XoopsFormSelect(_MD_XOOPSMEMBERS_SORT, 'user_sort');
$sort_select->addOptionArray(['uname' => _MD_XOOPSMEMBERS_UNAME, 'name' => _MD_XOOPSMEMBERS_REALNAME, 'last_login' => _MD_XOOPSMEMBERS_LASTLOGIN, 'user_regdate' => _MD_XOOPSMEMBERS_REGDATE, 'posts' => _MD_XOOPSMEMBERS_POSTS]);
$form->addElement($sort_select);
$order_select = new \XoopsFormSelect(_MD_XOOPSMEMBERS_ORDER, 'user_order');
$order_select->addOptionArray(['ASC' => _MD_XOOPSMEMBERS_ASC, 'DESC' => _MD_XOOPSMEMBERS_DESC]);
$form->addElement($order_select);
$form->addElement(new \XoopsFormText(_MD_XOOPSMEMBERS_LIMIT, 'limit', 6, 2));
$form->addElement(new \XoopsFormHidden('op', 'submit'));
$form->addElement(new \XoopsFormButton('', 'user_submit', _SUBMIT, 'submit'));
$form->assign($xoopsTpl);
$xoopsTpl->assign('totalmember', $total);
if ('submit' == $op) {
$GLOBALS['xoopsOption']['template_main'] = 'xoopsmembers_searchresults.tpl';
$iamadmin = $xoopsUserIsAdmin;
$myts = MyTextSanitizer::getInstance();
$criteria = new \CriteriaCompo();
if (!empty($_POST['user_uname'])) {
$match = (!empty($_POST['user_uname_match'])) ? (int)$_POST['user_uname_match'] : XOOPS_MATCH_START;
$ret = $myts->addSlashes(trim($_POST['user_uname']));
xoops_Criteria($criteria, 'uname', $ret, $match);
if (!empty($_POST['user_name'])) {
$match = (!empty($_POST['user_name_match'])) ? (int)$_POST['user_name_match'] : XOOPS_MATCH_START;
xoops_Criteria($criteria, 'name', $ret, $match);
if (!empty($_POST['user_email'])) {
$match = (!empty($_POST['user_email_match'])) ? (int)$_POST['user_email_match'] : XOOPS_MATCH_START;
$ret = $myts->addSlashes(trim($_POST['user_email']));
if (!$iamadmin) {
$criteria->add(new \Criteria('user_viewemail', 1));
if (!empty($_POST['user_url'])) {
$url = formatURL(trim($_POST['user_url']));
$criteria->add(new \Criteria('url', $myts->addSlashes($url) . '%', 'LIKE'));
if (!empty($_POST['user_from'])) {
$criteria->add(new \Criteria('user_from', '%' . $myts->addSlashes(trim($_POST['user_from'])) . '%', 'LIKE'));
if (!empty($_POST['user_intrest'])) {
$criteria->add(new \Criteria('user_intrest', '%' . $myts->addSlashes(trim($_POST['user_intrest'])) . '%', 'LIKE'));
if (!empty($_POST['user_occ'])) {
$criteria->add(new \Criteria('user_occ', '%' . $myts->addSlashes(trim($_POST['user_occ'])) . '%', 'LIKE'));
if (!empty($_POST['bio'])) {
$criteria->add(new \Criteria('bio', '%' . $myts->addSlashes(trim($_POST['bio'])) . '%', 'LIKE'));
if (!empty($_POST['user_sig'])) {
$criteria->add(new \Criteria('user_sig', '%' . $myts->addSlashes(trim($_POST['user_sig'])) . '%', 'LIKE'));
if (!empty($_POST['user_lastlog_more']) && is_numeric($_POST['user_lastlog_more'])) {
$f_user_lastlog_more = (int)trim($_POST['user_lastlog_more']);
$time = time() - (60 * 60 * 24 * $f_user_lastlog_more);
if ($time > 0) {
$criteria->add(new \Criteria('last_login', $time, '<'));
if (!empty($_POST['user_lastlog_less']) && is_numeric($_POST['user_lastlog_less'])) {
$f_user_lastlog_less = (int)trim($_POST['user_lastlog_less']);
$time = time() - (60 * 60 * 24 * $f_user_lastlog_less);
$criteria->add(new \Criteria('last_login', $time, '>'));
if (!empty($_POST['user_reg_more']) && is_numeric($_POST['user_reg_more'])) {
$f_user_reg_more = (int)trim($_POST['user_reg_more']);
$time = time() - (60 * 60 * 24 * $f_user_reg_more);
$criteria->add(new \Criteria('user_regdate', $time, '<'));
if (!empty($_POST['user_reg_less']) && is_numeric($_POST['user_reg_less'])) {
$f_user_reg_less = (int)$_POST['user_reg_less'];
$time = time() - (60 * 60 * 24 * $f_user_reg_less);
$criteria->add(new \Criteria('user_regdate', $time, '>'));
if (isset($_POST['user_posts_more']) && is_numeric($_POST['user_posts_more'])) {
$criteria->add(new \Criteria('posts', (int)$_POST['user_posts_more'], '>'));
if (!empty($_POST['user_posts_less']) && is_numeric($_POST['user_posts_less'])) {
$criteria->add(new \Criteria('posts', (int)$_POST['user_posts_less'], '<'));
$criteria->add(new \Criteria('level', 0, '>'));
$validsort = ['uname', 'email', 'last_login', 'user_regdate', 'posts'];
$sort = (!in_array($_POST['user_sort'], $validsort)) ? 'uname' : $_POST['user_sort'];
$order = 'ASC';
if (isset($_POST['user_order']) && 'DESC' == $_POST['user_order']) {
$order = 'DESC';
$limit = (!empty($_POST['limit'])) ? (int)$_POST['limit'] : 20;
if (0 == $limit || $limit > 50) {
$limit = 50;
$start = (!empty($_POST['start'])) ? (int)$_POST['start'] : 0;
$total = $memberHandler->getUserCount($criteria);
$xoopsTpl->assign('total_found', $total);
if (0 == $total) {
} elseif ($start < $total) {
if ($iamadmin) {
$xoopsTpl->assign('is_admin', true);
$criteria->setSort($sort);
$criteria->setOrder($order);
$criteria->setStart($start);
$criteria->setLimit($limit);
$foundusers = $memberHandler->getUsers($criteria, true);
foreach (array_keys($foundusers) as $j) {
$userdata['avatar'] = $foundusers[$j]->getVar('user_avatar');
$userdata['realname'] = $foundusers[$j]->getVar('name');
$userdata['name'] = $foundusers[$j]->getVar('uname');
$userdata['id'] = $foundusers[$j]->getVar('uid');
if (1 == $foundusers[$j]->getVar('user_viewemail') || $iamadmin) {
$userdata['email'] = '<a href="mailto:' . $foundusers[$j]->getVar('email') . '"><img src="' . XOOPS_URL . '/images/icons/email.gif" border="0" alt="' . sprintf(_SENDEMAILTO, $foundusers[$j]->getVar('uname', 'e')) . '"></a>';
$userdata['emailaddress'] = $foundusers[$j]->getVar('email');
if ($xoopsUser) {
$userdata['pmlink'] = '<a href="javascript:openWithSelfMain(\'' . XOOPS_URL . '/pmlite.php?send2=1&to_userid=' . $foundusers[$j]->getVar('uid') . '\',\'pmlite\',450,370);"><img src="' . XOOPS_URL . '/images/icons/pm.gif" border="0" alt="' . sprintf(
_SENDPMTO,
$foundusers[$j]->getVar(
'uname',
'e'
)
) . '"></a>';
$userdata['pm'] = $foundusers[$j]->getVar('uid');
if ('' != $foundusers[$j]->getVar('url', 'e')) {
$userdata['website'] = '<a href="' . $foundusers[$j]->getVar('url', 'e') . '" target="_blank"><img src="' . XOOPS_URL . '/images/icons/www.gif" border="0" alt="' . _VISITWEBSITE . '"></a>';
$userdata['url'] = $foundusers[$j]->getVar('url', 'e');
$userdata['registerdate'] = formatTimestamp($foundusers[$j]->getVar('user_regdate'), 's');
if (0 != $foundusers[$j]->getVar('last_login')) {
$userdata['lastlogin'] = formatTimestamp($foundusers[$j]->getVar('last_login'), 'm');
} else {
$userdata['lastlogin'] = _MD_XOOPSMEMBERS_NEVERLOGIN;
$userdata['posts'] = $foundusers[$j]->getVar('posts');
$userdata['adminlink'] = '<a href="' . XOOPS_URL . '/modules/system/admin.php?fct=users&uid=' . $foundusers[$j]->getVar('uid') . '&op=users_edit">' . '<img src=' . $pathIcon16 . '/edit.png' . " alt='" . _EDIT . "' title='" . _EDIT . "' >"
. '</a> <a href="' . XOOPS_URL . '/modules/system/admin.php?fct=users&op=users_delete&uid=' . $foundusers[$j]->getVar('uid') . '">' . '<img src=' . $pathIcon16 . '/delete.png' . " alt='" . _DELETE . "' title='" . _DELETE . "' >" . '</a>';
$userdata['location'] = $foundusers[$j]->getVar('user_from');
$userdata['occupation'] = $foundusers[$j]->getVar('user_occ');
$userdata['interest'] = $foundusers[$j]->getVar('user_intrest');
$userdata['extrainfo'] = $foundusers[$j]->getVar('bio');
$userdata['signature'] = $foundusers[$j]->getVar('user_sig');
$userdata['onlinestatus'] = $foundusers[$j]->isOnline();
$userrank = $foundusers[$j]->rank();
if ($userrank['image']) {
$userdata['rankimage'] = '<img src="' . XOOPS_UPLOAD_URL . '/' . $userrank['image'] . '" alt="">';
$userdata['ranktitle'] = $userrank['title'];
$uid = $userdata['id'];
$groups = $memberHandler->getGroupsByUser($uid, true);
$usergroups = [];
foreach ($groups as $group) {
$usergroups[] = $group->getVar('name');
$userdata['groups'] = implode(', ', $usergroups);
$xoopsTpl->append('users', $userdata);
$totalpages = ceil($total / $limit);
if ($totalpages > 1) {
$hiddenform = '<form name="findnext" action="searchmembers.php" method="post">';
foreach ($_POST as $k => $v) {
$hiddenform .= '<input type="hidden" name="' . htmlspecialchars($k) . '" value="' . $myts->previewTarea($v) . '" >';
if (!isset($_POST['limit'])) {
$hiddenform .= '<input type="hidden" name="limit" value="' . $limit . '" >';
if (!isset($_POST['start'])) {
$hiddenform .= '<input type="hidden" name="start" value="' . $start . '" >';
$prev = $start - $limit;
if ($start - $limit >= 0) {
$hiddenform .= '<a href="#0" onclick="javascript:document.findnext.start.value=' . $prev . ';document.findnext.submit();">' . _MD_XOOPSMEMBERS_PREVIOUS . '</a> ';
$counter = 1;
$currentpage = ($start + $limit) / $limit;
while ($counter <= $totalpages) {
if ($counter == $currentpage) {
$hiddenform .= '<b>' . $counter . '</b> ';
} elseif (($counter > $currentpage - 4 && $counter < $currentpage + 4) || 1 == $counter || $counter == $totalpages) {
if ($counter == $totalpages && $currentpage < $totalpages - 4) {
$hiddenform .= '... ';
$hiddenform .= '<a href="#' . $counter . '" onclick="javascript:document.findnext.start.value=' . ($counter - 1) * $limit . ';document.findnext.submit();">' . $counter . '</a> ';
if (1 == $counter && $currentpage > 5) {
$counter++;
$next = $start + $limit;
if ($total > $next) {
$hiddenform .= ' <a href="#' . $total . '" onclick="javascript:document.findnext.start.value=' . $next . ';document.findnext.submit();">' . _MD_XOOPSMEMBERS_NEXT . '</a>';
$hiddenform .= '</form>';
$xoopsTpl->assign('pagenav', $hiddenform);
$xoopsTpl->assign('lang_numfound', sprintf(_MD_XOOPSMEMBERS_USERSFOUND, $total));
require __DIR__ . '/footer.php';
require_once XOOPS_ROOT_PATH . '/footer.php';
exit();
* xoops_Criteria()
* @param \CriteriaCompo $criteria
* @param string $name
* @param string $ret
* @param string $match
* @return void
function xoops_Criteria(&$criteria, $name = '', $ret = '', $match = '')
$criteria
If this is a false-positive, you can also ignore this issue in your code via the ignore-unused annotation
ignore-unused
function xoops_Criteria(/** @scrutinizer ignore-unused */ &$criteria, $name = '', $ret = '', $match = '')
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
{
global $criteria;
switch ($match) {
case XOOPS_MATCH_START:
$criteria->add(new \Criteria($name, $ret . '%', 'LIKE'));
break;
case XOOPS_MATCH_END:
$criteria->add(new \Criteria($name, '%' . $ret . '%', 'LIKE'));
case XOOPS_MATCH_EQUAL:
$criteria->add(new \Criteria($name, $ret));
case XOOPS_MATCH_CONTAIN:
mambax7 /
xoopsmembers
mambax7
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.