This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller\Admin; |
||
26 | |||
27 | use Doctrine\ORM\NoResultException; |
||
28 | use Doctrine\ORM\Query\ResultSetMapping; |
||
29 | use Doctrine\ORM\QueryBuilder; |
||
30 | use Eccube\Application; |
||
31 | use Eccube\Common\Constant; |
||
32 | use Eccube\Controller\AbstractController; |
||
33 | use Eccube\Event\EccubeEvents; |
||
34 | use Eccube\Event\EventArgs; |
||
35 | use Symfony\Component\Form\Form; |
||
36 | use Symfony\Component\HttpFoundation\Request; |
||
37 | 2 | ||
38 | class AdminController extends AbstractController |
||
39 | { |
||
40 | public function login(Application $app, Request $request) |
||
41 | { |
||
42 | if ($app->isGranted('ROLE_ADMIN')) { |
||
43 | return $app->redirect($app->url('admin_homepage')); |
||
44 | } |
||
45 | |||
46 | /* @var $form \Symfony\Component\Form\FormInterface */ |
||
47 | $builder = $app['form.factory'] |
||
48 | 2 | ->createNamedBuilder('', 'admin_login'); |
|
49 | |||
50 | 2 | $event = new EventArgs( |
|
51 | array( |
||
52 | 2 | 'builder' => $builder, |
|
53 | ), |
||
54 | 1 | $request |
|
55 | ); |
||
56 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_LOGIN_INITIALIZE, $event); |
||
57 | |||
58 | $form = $builder->getForm(); |
||
59 | |||
60 | return $app->render('login.twig', array( |
||
61 | 'error' => $app['security.last_error']($request), |
||
62 | 'form' => $form->createView(), |
||
63 | )); |
||
64 | } |
||
65 | |||
66 | public function index(Application $app, Request $request) |
||
67 | { |
||
68 | // install.phpのチェック. |
||
69 | if (isset($app['config']['eccube_install']) && $app['config']['eccube_install'] == 1) { |
||
70 | $file = $app['config']['root_dir'] . '/html/install.php'; |
||
71 | View Code Duplication | if (file_exists($file)) { |
|
72 | $message = $app->trans('admin.install.warning', array('installphpPath' => 'html/install.php')); |
||
73 | $app->addWarning($message, 'admin'); |
||
74 | } |
||
75 | $fileOnRoot = $app['config']['root_dir'] . '/install.php'; |
||
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
76 | View Code Duplication | if (file_exists($fileOnRoot)) { |
|
77 | $message = $app->trans('admin.install.warning', array('installphpPath' => 'install.php')); |
||
78 | $app->addWarning($message, 'admin'); |
||
79 | } |
||
80 | 1 | } |
|
81 | |||
82 | // 受注マスター検索用フォーム |
||
83 | $searchOrderBuilder = $app['form.factory'] |
||
84 | ->createBuilder('admin_search_order'); |
||
85 | // 商品マスター検索用フォーム |
||
86 | $searchProductBuilder = $app['form.factory'] |
||
87 | ->createBuilder('admin_search_product'); |
||
88 | // 会員マスター検索用フォーム |
||
89 | $searchCustomerBuilder = $app['form.factory'] |
||
90 | ->createBuilder('admin_search_customer'); |
||
91 | |||
92 | $event = new EventArgs( |
||
93 | array( |
||
94 | 1 | 'searchOrderBuilder' => $searchOrderBuilder, |
|
95 | 'searchProductBuilder' => $searchProductBuilder, |
||
96 | 'searchCustomerBuilder' => $searchCustomerBuilder, |
||
97 | ), |
||
98 | $request |
||
99 | ); |
||
100 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_INITIALIZE, $event); |
||
101 | |||
102 | // 受注マスター検索用フォーム |
||
103 | $searchOrderForm = $searchOrderBuilder->getForm(); |
||
104 | |||
105 | // 商品マスター検索用フォーム |
||
106 | $searchProductForm = $searchProductBuilder->getForm(); |
||
107 | |||
108 | // 会員マスター検索用フォーム |
||
109 | $searchCustomerForm = $searchCustomerBuilder->getForm(); |
||
110 | |||
111 | /** |
||
112 | * 受注状況. |
||
113 | */ |
||
114 | 1 | $excludes = array(); |
|
115 | 1 | $excludes[] = $app['config']['order_pending']; |
|
116 | 1 | $excludes[] = $app['config']['order_processing']; |
|
117 | 1 | $excludes[] = $app['config']['order_cancel']; |
|
118 | $excludes[] = $app['config']['order_deliv']; |
||
119 | |||
120 | $event = new EventArgs( |
||
121 | array( |
||
122 | 'excludes' => $excludes, |
||
123 | ), |
||
124 | $request |
||
125 | ); |
||
126 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_ORDER, $event); |
|
127 | $excludes = $event->getArgument('excludes'); |
||
128 | |||
129 | // 受注ステータスごとの受注件数. |
||
130 | $Orders = $this->getOrderEachStatus($app['orm.em'], $excludes); |
||
131 | // 受注ステータスの一覧. |
||
132 | $OrderStatuses = $this->findOrderStatus($app['orm.em'], $excludes); |
||
133 | |||
134 | /** |
||
135 | 1 | * 売り上げ状況 |
|
136 | */ |
||
137 | $excludes = array(); |
||
138 | $excludes[] = $app['config']['order_processing']; |
||
139 | $excludes[] = $app['config']['order_cancel']; |
||
140 | $excludes[] = $app['config']['order_pending']; |
||
141 | |||
142 | $event = new EventArgs( |
||
143 | array( |
||
144 | 'excludes' => $excludes, |
||
145 | ), |
||
146 | $request |
||
147 | ); |
||
148 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_SALES, $event); |
||
149 | $excludes = $event->getArgument('excludes'); |
||
150 | |||
151 | // 今日の売上/件数 |
||
152 | $salesToday = $this->getSalesByDay($app['orm.em'], new \DateTime(), $excludes); |
||
153 | // 昨日の売上/件数 |
||
154 | $salesYesterday = $this->getSalesByDay($app['orm.em'], new \DateTime('-1 day'), $excludes); |
||
155 | // 今月の売上/件数 |
||
156 | $salesThisMonth = $this->getSalesByMonth($app['orm.em'], new \DateTime(), $excludes); |
||
157 | |||
158 | /** |
||
159 | 1 | * ショップ状況 |
|
160 | */ |
||
161 | 1 | // 在庫切れ商品数 |
|
162 | $countNonStockProducts = $this->countNonStockProducts($app['orm.em']); |
||
163 | // 本会員数 |
||
164 | 1 | $countCustomers = $this->countCustomers($app['orm.em']); |
|
165 | |||
166 | $event = new EventArgs( |
||
167 | array( |
||
168 | 'Orders' => $Orders, |
||
169 | 1 | 'OrderStatuses' => $OrderStatuses, |
|
170 | 'salesThisMonth' => $salesThisMonth, |
||
171 | 1 | 'salesToday' => $salesToday, |
|
172 | 'salesYesterday' => $salesYesterday, |
||
173 | 1 | 'countNonStockProducts' => $countNonStockProducts, |
|
174 | 'countCustomers' => $countCustomers, |
||
175 | ), |
||
176 | $request |
||
177 | ); |
||
178 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_INDEX_COMPLETE, $event); |
||
179 | |||
180 | return $app->render('index.twig', array( |
||
181 | 'searchOrderForm' => $searchOrderForm->createView(), |
||
182 | 'searchProductForm' => $searchProductForm->createView(), |
||
183 | 'searchCustomerForm' => $searchCustomerForm->createView(), |
||
184 | 'Orders' => $Orders, |
||
185 | 'OrderStatuses' => $OrderStatuses, |
||
186 | 1 | 'salesThisMonth' => $salesThisMonth, |
|
187 | 'salesToday' => $salesToday, |
||
188 | 'salesYesterday' => $salesYesterday, |
||
189 | 'countNonStockProducts' => $countNonStockProducts, |
||
190 | 'countCustomers' => $countCustomers, |
||
191 | )); |
||
192 | } |
||
193 | 1 | ||
194 | /** |
||
195 | * パスワード変更画面 |
||
196 | 1 | * |
|
197 | * @param Application $app |
||
198 | 1 | * @param Request $request |
|
199 | 1 | * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response |
|
200 | */ |
||
201 | 1 | public function changePassword(Application $app, Request $request) |
|
202 | { |
||
203 | $builder = $app['form.factory'] |
||
204 | ->createBuilder('admin_change_password'); |
||
205 | |||
206 | $event = new EventArgs( |
||
207 | array( |
||
208 | 'builder' => $builder, |
||
209 | ), |
||
210 | $request |
||
211 | ); |
||
212 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIM_CHANGE_PASSWORD_INITIALIZE, $event); |
||
213 | |||
214 | $form = $builder->getForm(); |
||
215 | $form->handleRequest($request); |
||
216 | 1 | ||
217 | if ($form->isSubmitted() && $form->isValid()) { |
||
218 | $password = $form->get('change_password')->getData(); |
||
219 | 1 | ||
220 | 1 | $Member = $app->user(); |
|
221 | |||
222 | $dummyMember = clone $Member; |
||
223 | 1 | $dummyMember->setPassword($password); |
|
224 | $salt = $dummyMember->getSalt(); |
||
225 | 1 | if (!isset($salt)) { |
|
226 | $salt = $app['eccube.repository.member']->createSalt(5); |
||
227 | $dummyMember->setSalt($salt); |
||
228 | 1 | } |
|
229 | 1 | ||
230 | 1 | $encryptPassword = $app['eccube.repository.member']->encryptPassword($dummyMember); |
|
231 | |||
232 | $Member |
||
233 | ->setPassword($encryptPassword) |
||
234 | ->setSalt($salt); |
||
235 | |||
236 | $status = $app['eccube.repository.member']->save($Member); |
||
237 | if ($status) { |
||
238 | $event = new EventArgs( |
||
239 | array( |
||
240 | 'form' => $form, |
||
241 | ), |
||
242 | $request |
||
243 | ); |
||
244 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_ADMIN_CHANGE_PASSWORD_COMPLETE, $event); |
||
245 | |||
246 | $app->addSuccess('admin.change_password.save.complete', 'admin'); |
||
247 | |||
248 | return $app->redirect($app->url('admin_change_password')); |
||
249 | } |
||
250 | |||
251 | $app->addError('admin.change_password.save.error', 'admin'); |
||
252 | } |
||
253 | |||
254 | return $app->render('change_password.twig', array( |
||
255 | 'form' => $form->createView(), |
||
256 | )); |
||
257 | } |
||
258 | |||
259 | /** |
||
260 | * 在庫なし商品の検索結果を表示する. |
||
261 | * |
||
262 | * @param Application $app |
||
263 | 1 | * @param Request $request |
|
264 | * @return \Symfony\Component\HttpFoundation\Response |
||
265 | */ |
||
266 | 1 | public function searchNonStockProducts(Application $app, Request $request) |
|
267 | 1 | { |
|
268 | 1 | // 商品マスター検索用フォーム |
|
269 | 1 | /* @var Form $form */ |
|
270 | 1 | $form = $app['form.factory'] |
|
271 | ->createBuilder('admin_search_product') |
||
272 | ->getForm(); |
||
273 | |||
274 | 1 | $form->handleRequest($request); |
|
275 | if ($form->isSubmitted() && $form->isValid()) { |
||
276 | // 在庫なし商品の検索条件をセッションに付与し, 商品マスタへリダイレクトする. |
||
277 | $searchData = array(); |
||
278 | 1 | $searchData['stock_status'] = Constant::DISABLED; |
|
279 | $session = $request->getSession(); |
||
280 | $session->set('eccube.admin.product.search', $searchData); |
||
281 | 1 | ||
282 | return $app->redirect($app->url('admin_product_page', array( |
||
283 | 'page_no' => 1, |
||
284 | 'status' => $app['config']['admin_product_stock_status']))); |
||
285 | 1 | } |
|
286 | 1 | ||
287 | 1 | return $app->redirect($app->url('admin_homepage')); |
|
288 | 1 | } |
|
289 | |||
290 | protected function findOrderStatus($em, array $excludes) |
||
291 | { |
||
292 | 1 | /* @var $qb QueryBuilder */ |
|
293 | $qb = $em |
||
294 | ->getRepository('Eccube\Entity\Master\OrderStatus') |
||
295 | ->createQueryBuilder('os'); |
||
296 | |||
297 | return $qb |
||
298 | ->where($qb->expr()->notIn('os.id', $excludes)) |
||
299 | ->orderBy('os.rank', 'ASC') |
||
300 | ->getQuery() |
||
301 | ->getResult(); |
||
302 | } |
||
303 | |||
304 | protected function getOrderEachStatus($em, array $excludes) |
||
305 | { |
||
306 | $sql = 'SELECT |
||
307 | t1.status as status, |
||
308 | COUNT(t1.order_id) as count |
||
309 | FROM |
||
310 | dtb_order t1 |
||
311 | WHERE |
||
312 | t1.del_flg = 0 |
||
313 | AND t1.status NOT IN (:excludes) |
||
314 | GROUP BY |
||
315 | t1.status |
||
316 | ORDER BY |
||
317 | t1.status'; |
||
318 | $rsm = new ResultSetMapping();; |
||
319 | $rsm->addScalarResult('status', 'status'); |
||
320 | $rsm->addScalarResult('count', 'count'); |
||
321 | $query = $em->createNativeQuery($sql, $rsm); |
||
322 | $query->setParameters(array(':excludes' => $excludes)); |
||
323 | $result = $query->getResult(); |
||
324 | $orderArray = array(); |
||
325 | foreach ($result as $row) { |
||
326 | $orderArray[$row['status']] = $row['count']; |
||
327 | } |
||
328 | |||
329 | return $orderArray; |
||
330 | } |
||
331 | |||
332 | View Code Duplication | protected function getSalesByMonth($em, $dateTime, array $excludes) |
|
333 | { |
||
334 | // concat... for pgsql |
||
335 | // http://stackoverflow.com/questions/1091924/substr-does-not-work-with-datatype-timestamp-in-postgres-8-3 |
||
336 | $dql = 'SELECT |
||
337 | SUBSTRING(CONCAT(o.order_date, \'\'), 1, 7) AS order_month, |
||
338 | SUM(o.payment_total) AS order_amount, |
||
339 | COUNT(o) AS order_count |
||
340 | FROM |
||
341 | Eccube\Entity\Order o |
||
342 | WHERE |
||
343 | o.del_flg = 0 |
||
344 | AND o.OrderStatus NOT IN (:excludes) |
||
345 | AND SUBSTRING(CONCAT(o.order_date, \'\'), 1, 7) = SUBSTRING(:targetDate, 1, 7) |
||
346 | GROUP BY |
||
347 | order_month'; |
||
348 | |||
349 | $q = $em |
||
350 | ->createQuery($dql) |
||
351 | ->setParameter(':excludes', $excludes) |
||
352 | ->setParameter(':targetDate', $dateTime); |
||
353 | |||
354 | $result = array(); |
||
355 | try { |
||
356 | $result = $q->getSingleResult(); |
||
357 | } catch (NoResultException $e) { |
||
358 | // 結果がない場合は空の配列を返す. |
||
359 | } |
||
360 | return $result; |
||
361 | } |
||
362 | |||
363 | View Code Duplication | protected function getSalesByDay($em, $dateTime, array $excludes) |
|
364 | { |
||
365 | // concat... for pgsql |
||
366 | // http://stackoverflow.com/questions/1091924/substr-does-not-work-with-datatype-timestamp-in-postgres-8-3 |
||
367 | $dql = 'SELECT |
||
368 | SUBSTRING(CONCAT(o.order_date, \'\'), 1, 10) AS order_day, |
||
369 | SUM(o.payment_total) AS order_amount, |
||
370 | COUNT(o) AS order_count |
||
371 | FROM |
||
372 | Eccube\Entity\Order o |
||
373 | WHERE |
||
374 | o.del_flg = 0 |
||
375 | AND o.OrderStatus NOT IN (:excludes) |
||
376 | AND SUBSTRING(CONCAT(o.order_date, \'\'), 1, 10) = SUBSTRING(:targetDate, 1, 10) |
||
377 | GROUP BY |
||
378 | order_day'; |
||
379 | |||
380 | $q = $em |
||
381 | ->createQuery($dql) |
||
382 | ->setParameter(':excludes', $excludes) |
||
383 | ->setParameter(':targetDate', $dateTime); |
||
384 | |||
385 | $result = array(); |
||
386 | try { |
||
387 | $result = $q->getSingleResult(); |
||
388 | } catch (NoResultException $e) { |
||
389 | // 結果がない場合は空の配列を返す. |
||
390 | } |
||
391 | return $result; |
||
392 | } |
||
393 | |||
394 | protected function countNonStockProducts($em) |
||
395 | { |
||
396 | /** @var $qb \Doctrine\ORM\QueryBuilder */ |
||
397 | $qb = $em->getRepository('Eccube\Entity\Product') |
||
398 | ->createQueryBuilder('p') |
||
399 | ->select('count(DISTINCT p.id)') |
||
400 | ->innerJoin('p.ProductClasses', 'pc') |
||
401 | ->where('pc.stock_unlimited = :StockUnlimited AND pc.stock = 0') |
||
402 | ->setParameter('StockUnlimited', Constant::DISABLED); |
||
403 | |||
404 | return $qb |
||
405 | ->getQuery() |
||
406 | ->getSingleScalarResult(); |
||
407 | } |
||
408 | |||
409 | protected function countCustomers($em) |
||
410 | { |
||
411 | $Status = $em |
||
412 | ->getRepository('Eccube\Entity\Master\CustomerStatus') |
||
413 | ->find(2); |
||
414 | |||
415 | /** @var $qb \Doctrine\ORM\QueryBuilder */ |
||
416 | $qb = $em->getRepository('Eccube\Entity\Customer') |
||
417 | ->createQueryBuilder('c') |
||
418 | ->select('count(c.id)') |
||
419 | ->where('c.Status = :Status') |
||
420 | ->setParameter('Status', $Status); |
||
421 | |||
422 | return $qb |
||
423 | ->getQuery() |
||
424 | ->getSingleScalarResult(); |
||
425 | } |
||
426 | } |