Issues in vote-ajax.php - Fixed Issues - Inspection of "Add HMAC 4.40.1" - mmainstreet/jodel-web - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 11dc5e...b84ad6 )

by mains

created 2017-04-10 20:45 UTC

vote-ajax.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

include 'php/jodel-web.php';

if(isset($_GET['postId']) && $_GET['vote'])
{
	header('Content-Type: application/json');
    echo json_encode($jodelAccountForKarma->votePostId($_GET['postId'], $_GET['vote']));
    die();
}

if(isset($_GET['solution']) && isset($_POST['deviceUid']))
{
	$jodelAccount = new JodelAccount($_POST['deviceUid']);
	$response = array("success" => $jodelAccount->verifyCaptcha());
	echo json_encode($response);
	die();
}
$userIsAdmin = isUserAdmin();
$userIsVoter = isUserVoter();

if(!$userIsVoter && !$userIsAdmin)
{
	error_log($_SERVER['REMOTE_ADDR']  . ' used a wrong password on vote-ajax.php');
	$response = array("message" => $_SERVER['REMOTE_ADDR']  . ' used a wrong password on vote-ajax.php',"success" => false);
	echo json_encode($response);
	die();
}
else
{
	if($userIsVoter)
	{
		$result = $db->query("SELECT user_token, remaining_votes FROM users WHERE user_token = '" . $_COOKIE['JodelVoterPassword'] . "'");
		if($result->num_rows > 0)
		{
			$row = $result->fetch_assoc();
			$remaining_votes = $row['remaining_votes'];
		}
		if($remaining_votes <= 0)
		{
			$message = 'This voter account run out of votes. For more information please contact [email protected]';
			$success = false;

			$response = array("success" => $success, "message" => $message);
			echo json_encode($response);
			die();
		}
	}
		

	$message = "";
	$success = true;
	$token = "";
		if(isset($_POST['vote']) && isset($_POST['postId']))
		{
			$i = 0;
			$result = $db->query("SELECT access_token, device_uid FROM accounts WHERE device_uid NOT IN (SELECT device_uid FROM votes WHERE postId = '" . $_POST['postId'] . "')");

			if($result->num_rows > 0)
			{
				$row = $result->fetch_assoc();
				$accessToken = $row['access_token'];
				$deviceUid = $row['device_uid'];
				
				$jodelAccount = new JodelAccount($deviceUid);

				if(!$jodelAccount->isAccountVerified())
				{
					$message = "This account is not verified. Please verify this account first.";
					$captcha = $jodelAccount->getCaptcha();
					/* save captcha images

					$filename = explode("/", $captcha['image_url']);
					$filename = $filename[count($filename) - 1];
					if (!file_exists("captcha/".$filename))
					{
						$image = file_get_contents($captcha['image_url']);
						$fp = fopen("captcha/".$filename, 'w');
						fwrite($fp, $image);
						fclose($fp);
					}
					
						$captchaCodes = array("1CEAFRH69O" => "7-8",
										 "2QT6JRL06T" => "1-2",
										 "4GEIEE5P8P" => "2-6-8",
										 "5VI2JTJYWY" => "0-5",
										 "6UHC4L53DG" => "0-2-3",
										 "18FTBXVIJC" => "1-3-5",
										 "AKWROEYSD3" => "1-5-7",
										 "BL5901E1JS" => "0-4",
										 "BNB1P58AJ6" => "4",
										 "CORKCXU0TA" => "2-4-5",
										 "D3SKGYMB0C" => "1",
										 "DB96PZYUM7" => "2-7",
										 "EJSHC2LTY1" => "5-6-8",
										 "G6X12MP9DW" => "3",
										 "IGDPXAFRE8" => "1-6-7",
										 "IH92Z2ETIE" => "1-2-7",
										 "JGA66GP5TG" => "1-5-8",
										 "KUD8PU6UAB" => "5",
										 "MF7ZX46TQQ" => "0-1-8",
										 "MFDV8CMHHG" => "2-7-8",
										 "MI9R8R1YIZ" => "1-7-8",
										 "NI1A0RU1VJ" => "3-4-6",
										 "OFJP966MXD" => "1-4-6",
										 "OQZBADCV8I" => "2-5-8",
										 "QNLPAJ8XGM" => "3-7-8",
										 "RXNR1VZPUC" => "0-4-6",
										 "YLJB76EJDY" => "3-4",
										 "YO9E3X95IG" => "0-1-7",
										 "ZJP7PW2LRG" => "4-5");
						$filename = explode("/", $captcha['image_url']);
						$filename = explode(".", $filename[count($filename) - 1])[0];
						$_GET['solution'] = $captchaCodes[$filename];
						*/

						$_GET['key'] = $captcha["key"];
						$_GET['deviceUid'] = $deviceUid;
						//$response = array("success" => $jodelAccount->verifyCaptcha());

						//echo json_encode($response);

						//die();
					$success = false;
				}
				else
				{
					$remaining_votes = $remaining_votes - 1;
					$result = $db->query("UPDATE users 
                                SET remaining_votes='" . $remaining_votes . "'
                                WHERE user_token='" . $_COOKIE['JodelVoterPassword'] . "'");
					if($result === false)
					{
               			error_log("Update remaining votes failed: (" . $db->errno . ") " . $db->error);
               		}
               		$db->close();
					$jodelAccount->votePostId($_POST['postId'], $_POST['vote']);
				}
			}
			else
			{
				$message = 'There is no account available for this jodel. Please create at least one new account to vote this jodel.';
				$success = false;
			}
		}

	if (isset($captcha))
	{
		$response = array("success" => $success, "message" => $message, "captcha" => $captcha, "deviceUid" => $deviceUid);
	}
	else 
	{
		$response = array("success" => $success, "message" => $message);
	}
}
echo json_encode($response);
?>

1		<?php
2
3		include 'php/jodel-web.php';
4
5		if(isset($_GET['postId']) && $_GET['vote'])
6		{
7		header('Content-Type: application/json');
8		echo json_encode($jodelAccountForKarma->votePostId($_GET['postId'], $_GET['vote']));
9		die();
10		}
11
12	View Code Duplication	if(isset($_GET['solution']) && isset($_POST['deviceUid']))
13		{
14		$jodelAccount = new JodelAccount($_POST['deviceUid']);
15		$response = array("success" => $jodelAccount->verifyCaptcha());
16		echo json_encode($response);
17		die();
18		}
19		$userIsAdmin = isUserAdmin();
20		$userIsVoter = isUserVoter();
21
22		if(!$userIsVoter && !$userIsAdmin)
23		{
24		error_log($_SERVER['REMOTE_ADDR'] . ' used a wrong password on vote-ajax.php');
25		$response = array("message" => $_SERVER['REMOTE_ADDR'] . ' used a wrong password on vote-ajax.php',"success" => false);
26		echo json_encode($response);
27		die();
28		}
29		else
30		{
31		if($userIsVoter)
32		{
33		$result = $db->query("SELECT user_token, remaining_votes FROM users WHERE user_token = '" . $_COOKIE['JodelVoterPassword'] . "'");
34		if($result->num_rows > 0)
35		{
36		$row = $result->fetch_assoc();
37		$remaining_votes = $row['remaining_votes'];
38		}
39		if($remaining_votes <= 0)
40		{
41		$message = 'This voter account run out of votes. For more information please contact [email protected]';
42		$success = false;
43
44		$response = array("success" => $success, "message" => $message);
45		echo json_encode($response);
46		die();
47		}
48		}
49
50
51		$message = "";
52		$success = true;
53		$token = "";
54		if(isset($_POST['vote']) && isset($_POST['postId']))
55		{
56		$i = 0;
57		$result = $db->query("SELECT access_token, device_uid FROM accounts WHERE device_uid NOT IN (SELECT device_uid FROM votes WHERE postId = '" . $_POST['postId'] . "')");
58
59		if($result->num_rows > 0)
60		{
61		$row = $result->fetch_assoc();
62		$accessToken = $row['access_token'];
63		$deviceUid = $row['device_uid'];
64
65		$jodelAccount = new JodelAccount($deviceUid);
66
67		if(!$jodelAccount->isAccountVerified())
68		{
69		$message = "This account is not verified. Please verify this account first.";
70		$captcha = $jodelAccount->getCaptcha();
71		/* save captcha images
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-02-19 01:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
72		$filename = explode("/", $captcha['image_url']);
73		$filename = $filename[count($filename) - 1];
74		if (!file_exists("captcha/".$filename))
75		{
76		$image = file_get_contents($captcha['image_url']);
77		$fp = fopen("captcha/".$filename, 'w');
78		fwrite($fp, $image);
79		fclose($fp);
80		}
81
82		$captchaCodes = array("1CEAFRH69O" => "7-8",
83		"2QT6JRL06T" => "1-2",
84		"4GEIEE5P8P" => "2-6-8",
85		"5VI2JTJYWY" => "0-5",
86		"6UHC4L53DG" => "0-2-3",
87		"18FTBXVIJC" => "1-3-5",
88		"AKWROEYSD3" => "1-5-7",
89		"BL5901E1JS" => "0-4",
90		"BNB1P58AJ6" => "4",
91		"CORKCXU0TA" => "2-4-5",
92		"D3SKGYMB0C" => "1",
93		"DB96PZYUM7" => "2-7",
94		"EJSHC2LTY1" => "5-6-8",
95		"G6X12MP9DW" => "3",
96		"IGDPXAFRE8" => "1-6-7",
97		"IH92Z2ETIE" => "1-2-7",
98		"JGA66GP5TG" => "1-5-8",
99		"KUD8PU6UAB" => "5",
100		"MF7ZX46TQQ" => "0-1-8",
101		"MFDV8CMHHG" => "2-7-8",
102		"MI9R8R1YIZ" => "1-7-8",
103		"NI1A0RU1VJ" => "3-4-6",
104		"OFJP966MXD" => "1-4-6",
105		"OQZBADCV8I" => "2-5-8",
106		"QNLPAJ8XGM" => "3-7-8",
107		"RXNR1VZPUC" => "0-4-6",
108		"YLJB76EJDY" => "3-4",
109		"YO9E3X95IG" => "0-1-7",
110		"ZJP7PW2LRG" => "4-5");
111		$filename = explode("/", $captcha['image_url']);
112		$filename = explode(".", $filename[count($filename) - 1])[0];
113		$_GET['solution'] = $captchaCodes[$filename];
114		*/
115
116		$_GET['key'] = $captcha["key"];
117		$_GET['deviceUid'] = $deviceUid;
118		//$response = array("success" => $jodelAccount->verifyCaptcha());
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-03-05 14:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `65%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
119		//echo json_encode($response);
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-03-05 14:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `72%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
120		//die();
121		$success = false;
122		}
123		else
124		{
125		$remaining_votes = $remaining_votes - 1;
126		$result = $db->query("UPDATE users
127		SET remaining_votes='" . $remaining_votes . "'
128		WHERE user_token='" . $_COOKIE['JodelVoterPassword'] . "'");
129	View Code Duplication	if($result === false)
130		{
131		error_log("Update remaining votes failed: (" . $db->errno . ") " . $db->error);
132		}
133		$db->close();
134		$jodelAccount->votePostId($_POST['postId'], $_POST['vote']);
135		}
136		}
137		else
138		{
139		$message = 'There is no account available for this jodel. Please create at least one new account to vote this jodel.';
140		$success = false;
141		}
142		}
143
144		if (isset($captcha))
145		{
146		$response = array("success" => $success, "message" => $message, "captcha" => $captcha, "deviceUid" => $deviceUid);
147		}
148		else
149		{
150		$response = array("success" => $success, "message" => $message);
151		}
152		}
153		echo json_encode($response);
154		?>

mmainstreet / jodel-web

Push — master ( 11dc5e...b84ad6 )

vote-ajax.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like