Issues in routes.php (master) - Issues in master - nyacide/amma - Measure and Improve Code Quality continuously with Scrutinizer

Issues (415)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Http/routes.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/

use App\Repositories\CategoryRepository;
use App\Repositories\InvolvedRepository;
use App\Repositories\LotRepository;
use App\Repositories\PagesRepository;
use App\Repositories\PostsRepository;
use App\Repositories\ProductsRepository;
use App\Repositories\RecoverPasswordRepository;
use App\Repositories\SocialiteRepository;
use App\Repositories\SubCategoriesRepository;
use App\Repositories\VendorRepository;
use App\Repositories\SubscribeRepository;

/* ----------------------------------------------
 *  Route bindings.
 * ----------------------------------------------
 */

Route::bind('category', function ($slug) {
    return (new CategoryRepository)->findBySlug($slug);
});

Route::bind('sub_category', function ($slug) {
    return (new SubCategoriesRepository())->findBySlug($slug);
});

Route::bind('post', function ($slug) {
    return (new PostsRepository)->findBySlug($slug);
});

Route::bind('product', function ($id) {
    return ((new ProductsRepository)->find($id)) ? (new ProductsRepository)->find($id) : abort(404);
});

Route::bind('lot', function ($id) {
    return (new LotRepository())->find($id);
});

Route::bind('vendor', function ($slug) {
    return (new VendorRepository)->find($slug);
});

Route::bind('static_page', function ($slug) {
    return (new PagesRepository())->find($slug);
});

Route::bind('involved', function ($id) {
    return (new InvolvedRepository())->find($id);
});

Route::bind('token', function ($token){

    return (new RecoverPasswordRepository())->getByToken($token);
});

Route::bind('unscribe', function ($token){
    return (new SubscribeRepository())->getByToken($token);
});

Route::bind('social', function ($provider, $router) {
    return (new SocialiteRepository())->getUserByProvider(
        $router->getParameter('provider'), $provider
    );
});

Route::bind('provider', function($provider){
    if(config("services.$provider"))
        return $provider;

    abort('404');
});

Route::multilingual(function () {
    Route::get('lot', function(){
        return view('html.lot');
    });
    Route::get('lot_show', function(){
        return view('html.lot_show');
    });
    Route::get('lot_listing', function(){
        return view('html.lot_listing');
    });
    Route::get('/', [
        'as' => 'home',
        'uses' => 'HomeController@index'
    ]);

    Route::get('expire-lots', [
        'as' => 'expire_soon_products',
        'uses' => 'PagesController@expireSoonLots'
    ]);

    Route::get('last-lots', [
        'as' => 'last_added_products',
        'uses' => 'PagesController@lastAddedLots'
    ]);

    Route::get('support.html', [
        'as' => 'support',
        'uses' => 'PagesController@support'
    ]);

    /** Don't use `page` instead `static_page`, is reserved by Keyhunter\Administrator package. */
    Route::get('page/{static_page}.html', [
        'as' => 'show_page',
        'uses' => 'PagesController@show'
    ]);
    Route::get('help', [
        'as' => 'show_help',
        'uses' => 'PagesController@help'
    ]);

    Route::any('category/{category}', [
        'as' => 'view_category',
        'uses' => 'CategoriesController@show'
    ]);

    Route::any('category/{category}/{sub_category}', [
        'as' => 'view_sub_category',
        'uses' => 'CategoriesController@show'
    ]);

    Route::get('product/{product}', [
        'as' => 'view_product',
        'uses' => 'ProductsController@show'
    ]);
    Route::post('product/specification', [
        'as' => 'product_specification',
        'middleware' => 'accept-ajax',
        'uses' => 'ProductsController@getSpecifications'
    ]);

    Route::post('product/specification/color', [
        'as' => 'product_specification_color',
        'middleware' => 'accept-ajax',
        'uses' => 'ProductsController@getSpecificationsColor'
    ]);

    Route::get('blog', [
        'as' => 'view_blog',
        'uses' => 'PostController@index'
    ]);

    Route::get('blog/{post}', [
        'as' => 'view_post',
        'uses' => 'PostController@show'
    ]);

    Route::get('vendors', [
        'as' => 'vendors',
        'uses' => 'VendorController@index'
    ]);


    Route::get('contacts', [
        'as' => 'contacts',
        'uses' => 'PagesController@contacts'
    ]);

    Route::post('send_contact', [
        'as' => 'send_contact',
        'uses' => 'PagesController@send_contact'
    ]);

    Route::post('subscribe', [
        'as' => 'subscribe',
        'uses' => 'SubscribeController@index'
    ]);

    Route::get('unscribe/{unscribe}', [
        'as' => 'get_unscribe',
        'middleware' => 'unscribe',
        'uses' => 'SubscribeController@unscribe'
    ]);

    Route::get('lots/{lot}', [
        'as' => 'view_lot',
        'uses' => 'LotsController@show'
    ]);

    /* ----------------------------------------------
     *  Auth routes.
     * ----------------------------------------------
     */
    Route::group(['middleware' => 'auth'], function () {
        /* ----------------------------------------------
         *  Vendor routes.
         * ----------------------------------------------
         */
        Route::get('vendor/create', [
            'as' => 'create_vendor',
            'uses' => 'VendorController@getCreate'
        ]);

        Route::post('vendor/create', [
            'as' => 'post_create_vendor',
            'uses' => 'VendorController@postCreate'
        ]);

        Route::get('my-vendors', [
            'as' => 'my_vendors',
            'uses' => 'DashboardController@myVendors'
        ]);

        /* ----------------------------------------------
         *  Lots routes.
         * ----------------------------------------------
         */
        Route::get('lots', [
            'as' => 'lots',
            'uses' => 'LotsController@index'
        ]);

        Route::get('my-lots', [
            'as' => 'my_lots',
            'uses' => 'LotsController@myLots'
        ]);

        Route::get('lots/create/{vendor}', [
            'as' => 'add_lot',
            'uses' => 'LotsController@create'
        ]);

        Route::post('remove_product_improved_spec_price', [
            'as'         => 'remove_product_improved_spec_price',
            'middleware' => 'accept-ajax',
            'uses'       => 'SpecPriceController@removeImproveSpecPrice'
        ]);
        Route::post('remove-improved-spec', [
            'as'         => 'remove-improved-spec',
            'middleware' => 'accept-ajax',
            'uses'       => 'SpecPriceController@removeImproveSpec'
        ]);


        Route::group(['middleware' => 'can_handle_action:lot'], function () // For product only
        {

            Route::post('lots/{lot}/product/load-spec-price', [
                'as' => 'load_spec_price',
                'uses' => 'ProductsController@loadSpecPrice'
            ]);

            Route::post('lots/{lot}/product/load_spec_price_description', [
                'as'         => 'load_spec_price_description',
                'uses'       => 'ProductsController@loadSpecPriceDescription'
            ]);

            Route::post('lots/{lot}/product/load_improved_spec_price', [
                'as'         => 'load_improved_spec_price',
                'uses'       => 'ProductsController@loadImprovedSpecPrice'
            ]);
            Route::post('lots/{lot}/product/load_spec_price_color', [
                'as'         => 'load_spec_price_color',
                'uses'       => 'ProductsController@loadSpecPriceColor'
            ]);
            Route::post('lots/{lot}/product/delete_group_price', [
                'as'         => 'delete_group_price',
                'uses'       => 'ProductsController@removeGroupPrice'
            ]);
            Route::post('lots/{lot}/product/remove-spec-price-desc', [
                'as'         => 'remove-spec-price-desc',
                'uses'       => 'ProductsController@removeSpecPriceDescription'
            ]);

            Route::post('lots/{lot}/product/remove-group-size-color', [
                'as'         => 'remove-group-size-color',
                'uses'       => 'ProductsController@removeGroupSizeColor'
            ]);

            Route::post('lots/{lot}/product/remove_spec_price_color', [
                'as'         => 'remove_spec_price_color',
                'uses'       => 'ProductsController@removeSpecPriceColor'
            ]);

            Route::post('lots/{lot}/product/load-spec', [
                'as' => 'load_spec',
                'uses' => 'ProductsController@loadSpec'
            ]);
            
            Route::post('lots/{lot}/product/remove-spec', [
                'as'         => 'remove-spec',
                'uses'       => 'ProductsController@removeSpec'
            ]);


            Route::get('lots/{lot}/edit', [
                'as' => 'edit_lot',
                'uses' => 'LotsController@edit'
            ]);

            // todo: check for user .. if he can perform actions..

            Route::post('lots/{lot}/create/{product}/save', [
                'as' => 'save_product',
                'uses' => 'ProductsController@save'
            ]);

            Route::post('lots/{lot}/product/remove-image', [
                'as' => 'remove_product_image',
                'uses' => 'ProductsController@removeImage'
            ]);

            Route::post('lots/{lot}/delete-product', [
                'as' => 'delete_product',
                'uses' => 'ProductsController@remove'
            ]);

            Route::post('lots/create/{lot}/select-category', [
                'as' => 'lot_select_category',
                'middleware' => 'accept-ajax',
                'uses' => 'LotsController@selectCategory'
            ]);

            Route::post('lots/create/{lot}', [
                'as' => 'create_lot',
                'middleware' => 'add_lot_filter',
                'uses' => 'LotsController@saveLot'
            ]);

            Route::post('lots/update/{lot}', [
                'as' => 'update_lot',
                'uses' => 'LotsController@updateLot'
            ]);
            Route::post('lots/published/{lot}', [
                'as' => 'published_lot',
                'middleware' => 'add_lot_filter',
                'uses' => 'LotsController@publishedLot'
            ]);
            Route::group(['middleware' => 'accept-ajax'], function () {

                Route::post('product/{product}/add-image', [
                    'as' => 'add_product_image',
                    'uses' => 'ProductsController@addImage'
                ]);

//                Route::post('product/{product}/remove-image', [

//                    'as' => 'remove_product_image',
//                    'uses' => 'ProductsController@removeImage'
//                ]);

                Route::post('product/{product}/image-sort', [
                    'as' => 'sort_product_image',
                    'uses' => 'ProductsController@saveImagesOrder'
                ]);
            });
/*            Route::post('lots/update/{lot}', [

                'as' => 'update_lot',
                'middleware' => 'update_lot_filter',
                'uses' => 'LotsController@updateLot'
            ]);*/

            Route::post('lots/{lot}/product/load-improved-spec', [
                'as' => 'load_improved_spec',
                'uses' => 'LotsController@loadImprovedSpec'
            ]);

            /*Route::post('lots/{lot}/product/remove-spec', [

                'as' => 'remove_product_spec',
                'uses' => 'ProductsController@removeSpec'
            ]);*/
            Route::post('lots/{lot}/product/remove-spec-price', [
                'as' => 'remove_product_spec_price',
                'uses' => 'ProductsController@removeSpecPrice'
            ]);
            Route::post('lots/{lot}/product/remove-improved-spec', [
                'as' => 'remove_product_improved_spec',
                'uses' => 'ProductsController@removeImproveSpec'
            ]);
        });



        Route::post('lots/create/{lot}/load-product-form-block', [
            'as' => 'load_product_block_form',
            'uses' => 'LotsController@loadProductBlock'
        ]);

        // Add middleware if current user can perform this action.
        Route::get('lots/{lot}/delete', [
            'as' => 'delete_lot',
            'uses' => 'LotsController@delete'
        ]);

        /* ----------------------------------------------
         *  Product routes.
         * ----------------------------------------------
         */
        Route::get('my-products', [
            'as' => 'my_products',
            'uses' => 'DashboardController@myProducts'
        ]);

        Route::get('my-involved', [
            'as' => 'my_involved',
            'uses' => 'DashboardController@myInvolved'
        ]);

        Route::get('settings', [
            'as' => 'settings',
            'uses' => 'DashboardController@accountSettings'
        ]);

        Route::get('how-amma-work',[
            'as'=>'how_work',
            'uses'=> 'DashboardController@howWork'
        ]);

        Route::get('user-password', [
            'as' => 'user_password',
            'uses' => 'DashboardController@userPassword'
        ]);

        Route::post('settings/update_settings', [
            'as' => 'update_settings',
            'uses' => 'DashboardController@update'
        ]);

        Route::post('settings/update_password', [
            'as' => 'update_password',
            'uses' => 'DashboardController@updatePassword'
        ]);
       
        Route::post('vote_vendor/{vendor}',[
            'as' => 'vote_vendor',
            'middleware' => 'accept-ajax',
            'uses' => 'VendorController@vote_vendor'
        ]);
    
        Route::group(['middleware' => 'can_handle_action:vendor'], function () {
            Route::get('vendor/{vendor}/edit', [
                'as' => 'edit_vendor',
                'uses' => 'VendorController@edit'
            ]);

            Route::post('vendor/{vendor}/edit', [
                'as' => 'update_vendor',
                'uses' => 'VendorController@update'
            ]);
        });

        Route::group(['middleware' => 'can_handle_action:product'], function () // For product only

        {
            Route::group(['middleware' => 'accept-ajax'], function () {
                Route::post('product/{product}/add-image', [
                    'as' => 'add_product_image',
                    'uses' => 'ProductsController@addImage'
                ]);

//                Route::post('product/{product}/remove-image', [

//                    'as' => 'remove_product_image',
//                    'uses' => 'ProductsController@removeImage'
//                ]);

                Route::post('product/{product}/image-sort', [
                    'as' => 'sort_product_image',
                    'uses' => 'ProductsController@saveImagesOrder'
                ]);
            });
        });

        Route::post('involve/product/{product}', [
            'as' => 'involve_product',
            'middleware' => 'can_involve_product',
            'uses' => 'UsersController@involveProductOffer'
        ]);

        Route::post('involve/exit/{involved}/{product}', [
            'as' => 'involve_product_cancel',
            'uses' => 'UsersController@exitProductOffer'
        ]);
    });

    Route::get('vendors/view/{vendor}', [
        'as' => 'view_vendor',
        'uses' => 'VendorController@show'
    ]);

    /* ----------------------------------------------
     *  Auth routes.
     * ----------------------------------------------
     */
    Route::get('login', [
        'as' => 'get_login',
        'uses' => 'Auth\AuthController@getLogin'
    ]);

    Route::post('modal_login', [
        'as' => 'auth_modal_login',
        'uses' => 'Auth\AuthController@modalLogin'
    ]);

    Route::post('modal_register', [
        'as' => 'auth_modal_register',
        'uses' => 'Auth\AuthController@modalRegister'
    ]);

    Route::get('password/email', [
        'as'   => 'password_recover_send_email',
        'uses' => 'Auth\PasswordController@getEmail'
    ]);

    Route::post('password/email', [
        'as'   => 'recover_password_email',
        'uses' => 'Auth\PasswordController@postEmail'
    ]);

    Route::get('password/reset/{token}',[
        'as' => 'reset_password_token',
        'uses' => 'Auth\PasswordController@getReset'
    ]);

    Route::post('password/reset',[
        'as' => 'reset_password',
        'uses' => 'Auth\PasswordController@postReset'
    ]);

    //Social Login

    Route::get('/social/login/{provider?}',[
        'as'   => 'social_auth',
        'uses' => 'Auth\SocialiteController@getSocialAuth'
    ]);

    Route::get('/social/login/callback/{provider?}',[
        'as'   => 'social_callback',
        'uses' => 'Auth\SocialiteController@getSocialAuthCallback'
    ]);

    Route::get('/social/login/{provider}/{social}/edit-email',[
        'as'   => 'social_auth_email',
        'uses' => 'Auth\SocialiteController@getEmailForm'
    ]);

    Route::post('/social/login/{provider}/{social}/require-email',[
        'as' => 'post_social_auth_email',
        'uses' => 'Auth\SocialiteController@postEmailForm'
    ]);

    Route::get('register', [
        'as' => 'get_register',
        'uses' => 'Auth\AuthController@getRegister'
    ]);

    Route::get('recover', [
        'as' => 'get_recover',
        'uses' => 'Auth\AuthController@getRecover'
    ]);

    Route::post('register', [
        'as' => 'post_register',
        'uses' => 'Auth\AuthController@postRegister'
    ]);

    Route::post('login', [
        'as' => 'post_login',
        'uses' => 'Auth\AuthController@postLogin'
    ]);

    Route::get('logout', [
        'as' => 'logout',
        'uses' => 'Auth\AuthController@logout'
    ]);

    Route::get('verified/{confirmationCode}', [
        'as' => 'verify_email',
        'uses' => 'Auth\VerifyUserController@confirm'
    ]);

    Route::group(['middleware' => 'auth'], function () {
        Route::get('confirmation-code/resend', [
            'as' => 'resend_verify_email_form',
            'uses' => 'Auth\VerifyUserController@resendVerify'
        ]);

        Route::post('confirmation-code/resend', [
            'as' => 'resend_verify_email',
            'uses' => 'Auth\VerifyUserController@resendConfirmationCode'
        ]);
    });
});

1		<?php
2		/*
3		\|--------------------------------------------------------------------------
4		\| Application Routes
5		\|--------------------------------------------------------------------------
6		\|
7		\| Here is where you can register all of the routes for an application.
8		\| It's a breeze. Simply tell Laravel the URIs it should respond to
9		\| and give it the controller to call when that URI is requested.
10		\|
11		*/
12
13		use App\Repositories\CategoryRepository;
14		use App\Repositories\InvolvedRepository;
15		use App\Repositories\LotRepository;
16		use App\Repositories\PagesRepository;
17		use App\Repositories\PostsRepository;
18		use App\Repositories\ProductsRepository;
19		use App\Repositories\RecoverPasswordRepository;
20		use App\Repositories\SocialiteRepository;
21		use App\Repositories\SubCategoriesRepository;
22		use App\Repositories\VendorRepository;
23		use App\Repositories\SubscribeRepository;
24
25		/* ----------------------------------------------
26		* Route bindings.
27		* ----------------------------------------------
28		*/
29
30		Route::bind('category', function ($slug) {
31		return (new CategoryRepository)->findBySlug($slug);
32		});
33
34		Route::bind('sub_category', function ($slug) {
35		return (new SubCategoriesRepository())->findBySlug($slug);
36		});
37
38		Route::bind('post', function ($slug) {
39		return (new PostsRepository)->findBySlug($slug);
40		});
41
42		Route::bind('product', function ($id) {
43		return ((new ProductsRepository)->find($id)) ? (new ProductsRepository)->find($id) : abort(404);
44		});
45
46		Route::bind('lot', function ($id) {
47		return (new LotRepository())->find($id);
48		});
49
50		Route::bind('vendor', function ($slug) {
51		return (new VendorRepository)->find($slug);
52		});
53
54		Route::bind('static_page', function ($slug) {
55		return (new PagesRepository())->find($slug);
56		});
57
58		Route::bind('involved', function ($id) {
59		return (new InvolvedRepository())->find($id);
60		});
61
62		Route::bind('token', function ($token){
63
64		return (new RecoverPasswordRepository())->getByToken($token);
65		});
66
67		Route::bind('unscribe', function ($token){
68		return (new SubscribeRepository())->getByToken($token);
69		});
70
71		Route::bind('social', function ($provider, $router) {
72		return (new SocialiteRepository())->getUserByProvider(
73		$router->getParameter('provider'), $provider
74		);
75		});
76
77		Route::bind('provider', function($provider){
78		if(config("services.$provider"))
79		return $provider;
80
81		abort('404');
82		});
83
84		Route::multilingual(function () {
85		Route::get('lot', function(){
86		return view('html.lot');
87		});
88		Route::get('lot_show', function(){
89		return view('html.lot_show');
90		});
91		Route::get('lot_listing', function(){
92		return view('html.lot_listing');
93		});
94		Route::get('/', [
95		'as' => 'home',
96		'uses' => 'HomeController@index'
97		]);
98
99		Route::get('expire-lots', [
100		'as' => 'expire_soon_products',
101		'uses' => 'PagesController@expireSoonLots'
102		]);
103
104		Route::get('last-lots', [
105		'as' => 'last_added_products',
106		'uses' => 'PagesController@lastAddedLots'
107		]);
108
109		Route::get('support.html', [
110		'as' => 'support',
111		'uses' => 'PagesController@support'
112		]);
113
114		/** Don't use `page` instead `static_page`, is reserved by Keyhunter\Administrator package. */
115		Route::get('page/{static_page}.html', [
116		'as' => 'show_page',
117		'uses' => 'PagesController@show'
118		]);
119		Route::get('help', [
120		'as' => 'show_help',
121		'uses' => 'PagesController@help'
122		]);
123
124		Route::any('category/{category}', [
125		'as' => 'view_category',
126		'uses' => 'CategoriesController@show'
127		]);
128
129		Route::any('category/{category}/{sub_category}', [
130		'as' => 'view_sub_category',
131		'uses' => 'CategoriesController@show'
132		]);
133
134		Route::get('product/{product}', [
135		'as' => 'view_product',
136		'uses' => 'ProductsController@show'
137		]);
138		Route::post('product/specification', [
139		'as' => 'product_specification',
140		'middleware' => 'accept-ajax',
141		'uses' => 'ProductsController@getSpecifications'
142		]);
143
144		Route::post('product/specification/color', [
145		'as' => 'product_specification_color',
146		'middleware' => 'accept-ajax',
147		'uses' => 'ProductsController@getSpecificationsColor'
148		]);
149
150		Route::get('blog', [
151		'as' => 'view_blog',
152		'uses' => 'PostController@index'
153		]);
154
155		Route::get('blog/{post}', [
156		'as' => 'view_post',
157		'uses' => 'PostController@show'
158		]);
159
160		Route::get('vendors', [
161		'as' => 'vendors',
162		'uses' => 'VendorController@index'
163		]);
164
165
166		Route::get('contacts', [
167		'as' => 'contacts',
168		'uses' => 'PagesController@contacts'
169		]);
170
171		Route::post('send_contact', [
172		'as' => 'send_contact',
173		'uses' => 'PagesController@send_contact'
174		]);
175
176		Route::post('subscribe', [
177		'as' => 'subscribe',
178		'uses' => 'SubscribeController@index'
179		]);
180
181		Route::get('unscribe/{unscribe}', [
182		'as' => 'get_unscribe',
183		'middleware' => 'unscribe',
184		'uses' => 'SubscribeController@unscribe'
185		]);
186
187		Route::get('lots/{lot}', [
188		'as' => 'view_lot',
189		'uses' => 'LotsController@show'
190		]);
191
192		/* ----------------------------------------------
193		* Auth routes.
194		* ----------------------------------------------
195		*/
196		Route::group(['middleware' => 'auth'], function () {
197		/* ----------------------------------------------
198		* Vendor routes.
199		* ----------------------------------------------
200		*/
201		Route::get('vendor/create', [
202		'as' => 'create_vendor',
203		'uses' => 'VendorController@getCreate'
204		]);
205
206		Route::post('vendor/create', [
207		'as' => 'post_create_vendor',
208		'uses' => 'VendorController@postCreate'
209		]);
210
211		Route::get('my-vendors', [
212		'as' => 'my_vendors',
213		'uses' => 'DashboardController@myVendors'
214		]);
215
216		/* ----------------------------------------------
217		* Lots routes.
218		* ----------------------------------------------
219		*/
220		Route::get('lots', [
221		'as' => 'lots',
222		'uses' => 'LotsController@index'
223		]);
224
225		Route::get('my-lots', [
226		'as' => 'my_lots',
227		'uses' => 'LotsController@myLots'
228		]);
229
230		Route::get('lots/create/{vendor}', [
231		'as' => 'add_lot',
232		'uses' => 'LotsController@create'
233		]);
234
235		Route::post('remove_product_improved_spec_price', [
236		'as' => 'remove_product_improved_spec_price',
237		'middleware' => 'accept-ajax',
238		'uses' => 'SpecPriceController@removeImproveSpecPrice'
239		]);
240		Route::post('remove-improved-spec', [
241		'as' => 'remove-improved-spec',
242		'middleware' => 'accept-ajax',
243		'uses' => 'SpecPriceController@removeImproveSpec'
244		]);
245
246
247		Route::group(['middleware' => 'can_handle_action:lot'], function () // For product only
248		{
249
250		Route::post('lots/{lot}/product/load-spec-price', [
251		'as' => 'load_spec_price',
252		'uses' => 'ProductsController@loadSpecPrice'
253		]);
254
255		Route::post('lots/{lot}/product/load_spec_price_description', [
256		'as' => 'load_spec_price_description',
257		'uses' => 'ProductsController@loadSpecPriceDescription'
258		]);
259
260		Route::post('lots/{lot}/product/load_improved_spec_price', [
261		'as' => 'load_improved_spec_price',
262		'uses' => 'ProductsController@loadImprovedSpecPrice'
263		]);
264		Route::post('lots/{lot}/product/load_spec_price_color', [
265		'as' => 'load_spec_price_color',
266		'uses' => 'ProductsController@loadSpecPriceColor'
267		]);
268		Route::post('lots/{lot}/product/delete_group_price', [
269		'as' => 'delete_group_price',
270		'uses' => 'ProductsController@removeGroupPrice'
271		]);
272		Route::post('lots/{lot}/product/remove-spec-price-desc', [
273		'as' => 'remove-spec-price-desc',
274		'uses' => 'ProductsController@removeSpecPriceDescription'
275		]);
276
277		Route::post('lots/{lot}/product/remove-group-size-color', [
278		'as' => 'remove-group-size-color',
279		'uses' => 'ProductsController@removeGroupSizeColor'
280		]);
281
282		Route::post('lots/{lot}/product/remove_spec_price_color', [
283		'as' => 'remove_spec_price_color',
284		'uses' => 'ProductsController@removeSpecPriceColor'
285		]);
286
287		Route::post('lots/{lot}/product/load-spec', [
288		'as' => 'load_spec',
289		'uses' => 'ProductsController@loadSpec'
290		]);
291
292		Route::post('lots/{lot}/product/remove-spec', [
293		'as' => 'remove-spec',
294		'uses' => 'ProductsController@removeSpec'
295		]);
296
297
298		Route::get('lots/{lot}/edit', [
299		'as' => 'edit_lot',
300		'uses' => 'LotsController@edit'
301		]);
302
303		// todo: check for user .. if he can perform actions..
304
305		Route::post('lots/{lot}/create/{product}/save', [
306		'as' => 'save_product',
307		'uses' => 'ProductsController@save'
308		]);
309
310		Route::post('lots/{lot}/product/remove-image', [
311		'as' => 'remove_product_image',
312		'uses' => 'ProductsController@removeImage'
313		]);
314
315		Route::post('lots/{lot}/delete-product', [
316		'as' => 'delete_product',
317		'uses' => 'ProductsController@remove'
318		]);
319
320		Route::post('lots/create/{lot}/select-category', [
321		'as' => 'lot_select_category',
322		'middleware' => 'accept-ajax',
323		'uses' => 'LotsController@selectCategory'
324		]);
325
326		Route::post('lots/create/{lot}', [
327		'as' => 'create_lot',
328		'middleware' => 'add_lot_filter',
329		'uses' => 'LotsController@saveLot'
330		]);
331
332		Route::post('lots/update/{lot}', [
333		'as' => 'update_lot',
334		'uses' => 'LotsController@updateLot'
335		]);
336		Route::post('lots/published/{lot}', [
337		'as' => 'published_lot',
338		'middleware' => 'add_lot_filter',
339		'uses' => 'LotsController@publishedLot'
340		]);
341	View Code Duplication	Route::group(['middleware' => 'accept-ajax'], function () {
		0 ignored issues – show Duplication introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
342		Route::post('product/{product}/add-image', [
343		'as' => 'add_product_image',
344		'uses' => 'ProductsController@addImage'
345		]);
346
347		// Route::post('product/{product}/remove-image', [
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this `52%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
348		// 'as' => 'remove_product_image',
349		// 'uses' => 'ProductsController@removeImage'
350		// ]);
351
352		Route::post('product/{product}/image-sort', [
353		'as' => 'sort_product_image',
354		'uses' => 'ProductsController@saveImagesOrder'
355		]);
356		});
357		/* Route::post('lots/update/{lot}', [
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
358		'as' => 'update_lot',
359		'middleware' => 'update_lot_filter',
360		'uses' => 'LotsController@updateLot'
361		]);*/
362
363		Route::post('lots/{lot}/product/load-improved-spec', [
364		'as' => 'load_improved_spec',
365		'uses' => 'LotsController@loadImprovedSpec'
366		]);
367
368		/*Route::post('lots/{lot}/product/remove-spec', [
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this `60%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
369		'as' => 'remove_product_spec',
370		'uses' => 'ProductsController@removeSpec'
371		]);*/
372		Route::post('lots/{lot}/product/remove-spec-price', [
373		'as' => 'remove_product_spec_price',
374		'uses' => 'ProductsController@removeSpecPrice'
375		]);
376		Route::post('lots/{lot}/product/remove-improved-spec', [
377		'as' => 'remove_product_improved_spec',
378		'uses' => 'ProductsController@removeImproveSpec'
379		]);
380		});
381
382
383
384		Route::post('lots/create/{lot}/load-product-form-block', [
385		'as' => 'load_product_block_form',
386		'uses' => 'LotsController@loadProductBlock'
387		]);
388
389		// Add middleware if current user can perform this action.
390		Route::get('lots/{lot}/delete', [
391		'as' => 'delete_lot',
392		'uses' => 'LotsController@delete'
393		]);
394
395		/* ----------------------------------------------
396		* Product routes.
397		* ----------------------------------------------
398		*/
399		Route::get('my-products', [
400		'as' => 'my_products',
401		'uses' => 'DashboardController@myProducts'
402		]);
403
404		Route::get('my-involved', [
405		'as' => 'my_involved',
406		'uses' => 'DashboardController@myInvolved'
407		]);
408
409		Route::get('settings', [
410		'as' => 'settings',
411		'uses' => 'DashboardController@accountSettings'
412		]);
413
414		Route::get('how-amma-work',[
415		'as'=>'how_work',
416		'uses'=> 'DashboardController@howWork'
417		]);
418
419		Route::get('user-password', [
420		'as' => 'user_password',
421		'uses' => 'DashboardController@userPassword'
422		]);
423
424		Route::post('settings/update_settings', [
425		'as' => 'update_settings',
426		'uses' => 'DashboardController@update'
427		]);
428
429		Route::post('settings/update_password', [
430		'as' => 'update_password',
431		'uses' => 'DashboardController@updatePassword'
432		]);
433
434		Route::post('vote_vendor/{vendor}',[
435		'as' => 'vote_vendor',
436		'middleware' => 'accept-ajax',
437		'uses' => 'VendorController@vote_vendor'
438		]);
439
440		Route::group(['middleware' => 'can_handle_action:vendor'], function () {
441		Route::get('vendor/{vendor}/edit', [
442		'as' => 'edit_vendor',
443		'uses' => 'VendorController@edit'
444		]);
445
446		Route::post('vendor/{vendor}/edit', [
447		'as' => 'update_vendor',
448		'uses' => 'VendorController@update'
449		]);
450		});
451
452	View Code Duplication	Route::group(['middleware' => 'can_handle_action:product'], function () // For product only
		0 ignored issues – show Duplication introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
453		{
454		Route::group(['middleware' => 'accept-ajax'], function () {
455		Route::post('product/{product}/add-image', [
456		'as' => 'add_product_image',
457		'uses' => 'ProductsController@addImage'
458		]);
459
460		// Route::post('product/{product}/remove-image', [
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-12-28 08:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this `52%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
461		// 'as' => 'remove_product_image',
462		// 'uses' => 'ProductsController@removeImage'
463		// ]);
464
465		Route::post('product/{product}/image-sort', [
466		'as' => 'sort_product_image',
467		'uses' => 'ProductsController@saveImagesOrder'
468		]);
469		});
470		});
471
472		Route::post('involve/product/{product}', [
473		'as' => 'involve_product',
474		'middleware' => 'can_involve_product',
475		'uses' => 'UsersController@involveProductOffer'
476		]);
477
478		Route::post('involve/exit/{involved}/{product}', [
479		'as' => 'involve_product_cancel',
480		'uses' => 'UsersController@exitProductOffer'
481		]);
482		});
483
484		Route::get('vendors/view/{vendor}', [
485		'as' => 'view_vendor',
486		'uses' => 'VendorController@show'
487		]);
488
489		/* ----------------------------------------------
490		* Auth routes.
491		* ----------------------------------------------
492		*/
493		Route::get('login', [
494		'as' => 'get_login',
495		'uses' => 'Auth\AuthController@getLogin'
496		]);
497
498		Route::post('modal_login', [
499		'as' => 'auth_modal_login',
500		'uses' => 'Auth\AuthController@modalLogin'
501		]);
502
503		Route::post('modal_register', [
504		'as' => 'auth_modal_register',
505		'uses' => 'Auth\AuthController@modalRegister'
506		]);
507
508		Route::get('password/email', [
509		'as' => 'password_recover_send_email',
510		'uses' => 'Auth\PasswordController@getEmail'
511		]);
512
513		Route::post('password/email', [
514		'as' => 'recover_password_email',
515		'uses' => 'Auth\PasswordController@postEmail'
516		]);
517
518		Route::get('password/reset/{token}',[
519		'as' => 'reset_password_token',
520		'uses' => 'Auth\PasswordController@getReset'
521		]);
522
523		Route::post('password/reset',[
524		'as' => 'reset_password',
525		'uses' => 'Auth\PasswordController@postReset'
526		]);
527
528		//Social Login
529
530		Route::get('/social/login/{provider?}',[
531		'as' => 'social_auth',
532		'uses' => 'Auth\SocialiteController@getSocialAuth'
533		]);
534
535		Route::get('/social/login/callback/{provider?}',[
536		'as' => 'social_callback',
537		'uses' => 'Auth\SocialiteController@getSocialAuthCallback'
538		]);
539
540		Route::get('/social/login/{provider}/{social}/edit-email',[
541		'as' => 'social_auth_email',
542		'uses' => 'Auth\SocialiteController@getEmailForm'
543		]);
544
545		Route::post('/social/login/{provider}/{social}/require-email',[
546		'as' => 'post_social_auth_email',
547		'uses' => 'Auth\SocialiteController@postEmailForm'
548		]);
549
550		Route::get('register', [
551		'as' => 'get_register',
552		'uses' => 'Auth\AuthController@getRegister'
553		]);
554
555		Route::get('recover', [
556		'as' => 'get_recover',
557		'uses' => 'Auth\AuthController@getRecover'
558		]);
559
560		Route::post('register', [
561		'as' => 'post_register',
562		'uses' => 'Auth\AuthController@postRegister'
563		]);
564
565		Route::post('login', [
566		'as' => 'post_login',
567		'uses' => 'Auth\AuthController@postLogin'
568		]);
569
570		Route::get('logout', [
571		'as' => 'logout',
572		'uses' => 'Auth\AuthController@logout'
573		]);
574
575		Route::get('verified/{confirmationCode}', [
576		'as' => 'verify_email',
577		'uses' => 'Auth\VerifyUserController@confirm'
578		]);
579
580		Route::group(['middleware' => 'auth'], function () {
581		Route::get('confirmation-code/resend', [
582		'as' => 'resend_verify_email_form',
583		'uses' => 'Auth\VerifyUserController@resendVerify'
584		]);
585
586		Route::post('confirmation-code/resend', [
587		'as' => 'resend_verify_email',
588		'uses' => 'Auth\VerifyUserController@resendConfirmationCode'
589		]);
590		});
591		});

nyacide / amma

Issues (415)

Security Analysis not enabled

app/Http/routes.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like