Issues in admin.php - All Issues - Inspection of "Fixed display user_handle in comments" - mmainstreet/jodel-web - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 710747...fb0372 )

by mains

created 2017-03-03 19:04 UTC

admin.php (17 issues)

Labels

Severity

Informational 17

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

include 'php/jodel-web.php';

if((!isset($_GET['pw']) || $config['pw'] != $_GET['pw']) && !isUserAdmin())
{
	error_log($_SERVER['REMOTE_ADDR']  . ' used a wrong password on admin.php');
	die();
}
else if (isset($_GET['pw']))
{
	setcookie('JodelAdminPassword', $_GET['pw'], time()+60*60*24*365*10);
	error_log('admin password saved for [' . $_SERVER ['HTTP_USER_AGENT'] . ']');
}



if(isset($_POST['createAccount']) && $_POST['createAccount'])
{
	$newJodelAccount = new JodelAccount();
}


//Vote
if(isset($_POST['vote']) && isset($_POST['postId']) && isset($_POST['quantity']))
{
	$i = 0;
$a = "a";
$ab = "ab";
$abc = "abc";
	$result = $db->query("SELECT access_token, device_uid FROM accounts WHERE device_uid NOT IN (SELECT device_uid FROM votes WHERE postId = '" . $_POST['postId'] . "')");


	if($result->num_rows > 0)
	{
		// output data of each row
		while(($row = $result->fetch_assoc()) && $i < $_POST['quantity'])
		{
			$jodelAccount = new JodelAccount($row['device_uid']);

			if($jodelAccount->votePostId($_POST['postId'], $_POST['vote']))
			{
				$i++;
			}
		}
	}
	else
	{
		echo "Error: 0 results";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
	}
}


?>
<!DOCTYPE html>
<html lang="en">
	<head>
		<title>Backend - JodelBlue WebClient</title>
		
		<meta charset="utf8">
		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
		<meta http-equiv="x-ua-compatible" content="ie=edge">
		
		<meta name="description" content="JodelBlue is a WebClient for the Jodel App. No registration required! Browse Jodels all over the world. Send your own Jodels or upvote others.">

		<meta name="keywords" content="jodelblue, jodel, blue, webclient, web, client">
		
		<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.5/css/bootstrap.min.css" integrity="sha384-AysaV+vQoT3kOAXZkl02PThvDr8HYKPZhNT5h/CXfBThSRXQ6jW5DO2ekP5ViFdi" crossorigin="anonymous">

				<link rel="stylesheet" href="<?php echo $baseUrl;?>css/font-awesome.min.css">
		<link rel="stylesheet" href="<?php echo $baseUrl;?>style.css" type="text/css">
		
		<link rel="shortcut icon" type="image/x-icon" href="<?php echo $baseUrl;?>img/favicon/favicon.ico">
		<link rel="icon" type="image/x-icon" href="<?php echo $baseUrl;?>img/favicon/favicon.ico">
		<link rel="icon" type="image/gif" href="<?php echo $baseUrl;?>img/favicon/favicon.gif">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon.png">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon.png">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-57x57.png" sizes="57x57">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-60x60.png" sizes="60x60">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-72x72.png" sizes="72x72">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-76x76.png" sizes="76x76">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-114x114.png" sizes="114x114">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-120x120.png" sizes="120x120">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-128x128.png" sizes="128x128">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-144x144.png" sizes="144x144">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-152x152.png" sizes="152x152">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-180x180.png" sizes="180x180">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-precomposed.png">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-16x16.png" sizes="16x16">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-32x32.png" sizes="32x32">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-96x96.png" sizes="96x96">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-160x160.png" sizes="160x160">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-192x192.png" sizes="192x192">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-196x196.png" sizes="196x196">
		<meta name="msapplication-TileImage" content="<?php echo $baseUrl;?>img/favicon/win8-tile-144x144.png"> 
		<meta name="msapplication-TileColor" content="#5682a3"> 
		<meta name="msapplication-navbutton-color" content="#5682a3"> 
		<meta name="application-name" content="JodelBlue"/> 
		<meta name="msapplication-tooltip" content="JodelBlue"/> 
		<meta name="apple-mobile-web-app-title" content="JodelBlue"/> 
		<meta name="msapplication-square70x70logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-70x70.png"> 
		<meta name="msapplication-square144x144logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-144x144.png"> 
		<meta name="msapplication-square150x150logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-150x150.png"> 
		<meta name="msapplication-wide310x150logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-310x150.png"> 
		<meta name="msapplication-square310x310logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-310x310.png"> 
	</head>
	
	<body>
		<header>
			<nav class="navbar navbar-full navbar-dark navbar-fixed-top">
				<div class="container">					
						<h1>
						<a href="./" class="spinnable">
						
						JodelBlue <i class="fa fa-refresh fa-1x"></i></a>
					</h1>					
				</div>
			</nav>
		</header>
		
		<div class="mainContent container">		
			<div class="content row">
				<article class="topContent col-sm-8">

					<content id="posts" class="adminpanel">
						<h2>account management</h2>
						<form method="post">
							<div>
							<?php
								$result = $db->query("SELECT COUNT(*) FROM accounts");
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
								echo $result->fetch_row()[0];
							?>
							accounts in the database</div>
							<button type="submit" name="createAccount" value="TRUE">Create new Account</button>
						</form>
						<hr>
						<h2>voting</h2>
						<form method="POST">
							<input placeholder="quantity" type="number" name="quantity"><br>
							<input placeholder="postId" type="text" name="postId"><br>
							<button type="submit" name="vote" value="up" class="half">Upvote</button>
							<button type="submit" name="vote" value="down" class="half">Downvote</button>
						</form>
						<hr>
						<h2>delayed voting</h2>
							<input placeholder="quantity" id="quantityDelay" type="number" name="quantity"><br>
							<input placeholder="min interval" id="minDelay" value="<?php echo $config["minInterval"]?>" type="text" name="min"><br>
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
							<input placeholder="max interval" id="maxDelay" value="<?php echo $config["maxInterval"]?>" type="text" name="max"><br>
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
							<input placeholder="postId" id="postIdDelay" value="<?php echo $_GET["postId"]?>" type="text" name="postId"><br>
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
							<button name="vote" value="up" class="half" onClick="vote('up');">Upvote</button>
							<button name="vote" value="down" class="half" onClick="vote('down');">Downvote</button><br>
							<progress id="progressDelay" value="0" max="100"></progress>
							<div id="ResponseMessage"></div>
							<div id="ResponseCaptcha"></div>
						
					</content>
				</article>
			</div>
		</div>
		
		
		<!-- jQuery, Tether, Bootstrap JS and own-->
		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha384-3ceskX3iaEnIogmQchP8opvBy3Mi7Ce34nWjpBIwVTHfGYWQS9jwHDVRnpKKHJg7" crossorigin="anonymous"></script>

    	<script src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.3.7/js/tether.min.js" integrity="sha384-XTs3FgkjiBgo8qjEjBk0tGmf3wPrWtA6coPfQDfFEY8AnYJwjalXCiosYRBIBZX8" crossorigin="anonymous"></script>

    	<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.5/js/bootstrap.min.js" integrity="sha384-BLiI7JTZm+JWlgKa0M0kGRpJbF2J8q+qreVrKBC47e3K6BW78kGLrCkeRX6I9RoK" crossorigin="anonymous"></script>


		<script>
			//delayed voting
			var rekData;
			function vote(type)
			{
				var id = $("#postIdDelay").val();
				var quantity = parseInt($("#quantityDelay").val());
				var minTime = parseFloat($("#minDelay").val());
				var maxTime = parseFloat($("#maxDelay").val());	
				var data = {"vote": type,
						   "id":id,
							"i": 1,
						   "quantity":quantity,
						   "minTime":minTime,
						   "maxTime":maxTime};
				
				$("#progressDelay").attr("max", quantity);
				$("#progressDelay").val(0);
				if (minTime > maxTime)
				{
					$("#ResponseMessage").html("min interval is greater than max interval");
					
				}
				else if (id == "")
				{
					$("#ResponseMessage").html("please enter a postId");
				}
				else if (isNaN(quantity))
				{
					$("#ResponseMessage").html("please enter a valid quantity of votes");
				}
				else 
				{
					voteRek(data);
				}
			}
			
			function voteRek(data)
			{
				$.ajax({
				  type: "POST",
				  url: "<?php echo $baseUrl;?>vote-ajax.php?pw=<?php echo $_GET["pw"]?>",
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
				  data: {"vote" : data["vote"],
						 "postId" : data["id"]},
				  success: function(result){
					  $("#progressDelay").val(data["i"]);
					  var response;
					  try 
					  {
						response = JSON.parse(result);
					  } catch (e) {
						//voteRek(data);
					  }
					  if (response["success"] != true)
					  {
						  $("#ResponseMessage").html(response["message"]);
						  if (response["captcha"] != null) {
							  rekData = data;
							  $("#ResponseCaptcha").append( "<div id='captchaWrapper_" + data["i"] + "'><img src='" + response["captcha"]["image_url"] + "' style='width:100%'><div class='captchaWrapper'><input id='box_0' type='checkbox'><input id='box_1' type='checkbox'><input id='box_2' type='checkbox'><input id='box_3' type='checkbox'><input id='box_4' type='checkbox'><input id='box_5' type='checkbox'><input id='box_6' type='checkbox'><input id='box_7' type='checkbox'><input id='box_8' type='checkbox'></div><button onClick=\"verifyAccount(" + data["i"] + ", '" + response["captcha"]["key"] + "' , '" + response["deviceUid"] + "');\">Verify</button></div>");

							  //verifyAccount(data["i"], response["captcha"]["key"], response["deviceUid"]);
						  }
					  }
					  else if (data["i"] < data["quantity"])
					  {
						  $("#ResponseMessage").html(data["i"] + " of " + data["quantity"]);
						  data["i"] += 1;
						  setTimeout(function(){voteRek(data)}, getRandomFloat(data["minTime"],data["maxTime"])*1000);
					  } else {
						  $("#ResponseMessage").html(data["quantity"] + " votes completed");
					  }
				  }
				});
			}
			
			function verifyAccount(id, key, deviceUid)
			{
				var solution = "";
				for (i=0; i<9; i++) {
					var box = $("#box_"+i);
					if (box.is(':checked') == true)
					{
						if (solution != "")
						{
							solution += "-" + i;
						}
						else 
						{
							solution = i;
						}

					}
				}
				console.log(solution);
				$.ajax({
				  type: "POST",
				  url: "<?php echo $baseUrl;?>vote-ajax.php?pw=<?php echo $_GET["pw"]?>&solution=" + solution + "&key="+key,
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
				  data: {"deviceUid" : deviceUid},
				  success: function(result){
					  var response = JSON.parse(result);
					  console.log("Verification = "+response["success"])
					  $("#captchaWrapper_"+id).remove();
					  voteRek(rekData);
				  }
				});
			}
			
			function getRandomFloat(min, max)
			{
			  return Math.floor(Math.random() * (max - min)) + min;
			}

		</script>
	</body>
</html>

1			<?php
2
3			include 'php/jodel-web.php';
4
5			if((!isset($_GET['pw']) \|\| $config['pw'] != $_GET['pw']) && !isUserAdmin())
6			{
7			error_log($_SERVER['REMOTE_ADDR'] . ' used a wrong password on admin.php');
8			die();
9			}
10			else if (isset($_GET['pw']))
11			{
12			setcookie('JodelAdminPassword', $_GET['pw'], time()+60602436510);
13			error_log('admin password saved for [' . $_SERVER ['HTTP_USER_AGENT'] . ']');
14			}
15
16
17
18			if(isset($_POST['createAccount']) && $_POST['createAccount'])
19			{
20			$newJodelAccount = new JodelAccount();
21			}
22
23
24			//Vote
25			if(isset($_POST['vote']) && isset($_POST['postId']) && isset($_POST['quantity']))
26			{
27			$i = 0;
			0 ignored issues – show Coding Style introduced 2016-12-07 20:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this Equals sign not aligned with surrounding assignments; expected 6 spaces but found 1 space This check looks for multiple assignments in successive lines of code. It will report an issue if the operators are not in a straight line. To visualize $a = "a"; $ab = "ab"; $abc = "abc"; will produce issues in the first and second line, while this second example $a = "a"; $ab = "ab"; $abc = "abc"; will produce no issues. Loading history...
28			$result = $db->query("SELECT access_token, device_uid FROM accounts WHERE device_uid NOT IN (SELECT device_uid FROM votes WHERE postId = '" . $_POST['postId'] . "')");
			0 ignored issues – show Coding Style introduced 2017-02-03 14:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds maximum limit of 120 characters; contains 168 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
29
30			if($result->num_rows > 0)
31			{
32			// output data of each row
33			while(($row = $result->fetch_assoc()) && $i < $_POST['quantity'])
34			{
35			$jodelAccount = new JodelAccount($row['device_uid']);
36
37			if($jodelAccount->votePostId($_POST['postId'], $_POST['vote']))
38			{

mmainstreet / jodel-web

Push — master ( 710747...fb0372 )

admin.php (17 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like