These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @author Pierre-Henry Soria <[email protected]> |
||
4 | * @copyright (c) 2012-2018, Pierre-Henry Soria. All Rights Reserved. |
||
5 | * @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. |
||
6 | * @package PH7 / App / System / Module / Admin / Controller |
||
7 | */ |
||
8 | |||
9 | namespace PH7; |
||
10 | |||
11 | use PH7\Framework\Ip\Ip; |
||
12 | use PH7\Framework\Layout\Html\Design; |
||
13 | use PH7\Framework\Layout\Html\Security as HtmlSecurity; |
||
14 | use PH7\Framework\Mail\Mail; |
||
15 | use PH7\Framework\Mvc\Router\Uri; |
||
16 | use PH7\Framework\Navigation\Page; |
||
17 | use PH7\Framework\Security\CSRF\Token as SecurityToken; |
||
18 | use PH7\Framework\Url\Header; |
||
19 | use PH7\Framework\Util\Various; |
||
20 | |||
21 | class UserController extends Controller |
||
22 | { |
||
23 | const PROFILES_PER_PAGE = 15; |
||
24 | |||
25 | /** @var AdminCore */ |
||
26 | private $oAdmin; |
||
27 | |||
28 | /** @var AdminModel */ |
||
29 | private $oAdminModel; |
||
30 | |||
31 | /** @var string */ |
||
32 | private $sMsg; |
||
33 | |||
34 | /** @var int */ |
||
35 | private $iTotalUsers; |
||
36 | |||
37 | public function __construct() |
||
38 | { |
||
39 | parent::__construct(); |
||
40 | |||
41 | $this->oAdmin = new AdminCore; |
||
42 | $this->oAdminModel = new AdminModel; |
||
43 | |||
44 | // Assigns variables for views |
||
45 | $this->view->designSecurity = new HtmlSecurity; // Security Design Class |
||
46 | $this->view->dateTime = $this->dateTime; // Date Time Class |
||
47 | $this->view->avatarDesign = new AvatarDesignCore; // For Avatar User |
||
48 | } |
||
49 | |||
50 | public function index() |
||
51 | { |
||
52 | Header::redirect( |
||
53 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse') |
||
54 | ); |
||
55 | } |
||
56 | |||
57 | public function browse() |
||
58 | { |
||
59 | $this->iTotalUsers = $this->oAdminModel->total(); |
||
60 | |||
61 | $oPage = new Page; |
||
62 | $this->view->total_pages = $oPage->getTotalPages($this->iTotalUsers, self::PROFILES_PER_PAGE); |
||
63 | $this->view->current_page = $oPage->getCurrentPage(); |
||
64 | $oBrowse = $this->oAdminModel->browse($oPage->getFirstItem(), $oPage->getNbItemsPerPage()); |
||
65 | unset($oPage); |
||
66 | |||
67 | if (empty($oBrowse)) { |
||
68 | $this->design->setRedirect(Uri::get(PH7_ADMIN_MOD, 'user', 'browse')); |
||
69 | $this->displayPageNotFound(t('No user were found.')); |
||
70 | } else { |
||
71 | // Add the JS file for the browse form |
||
72 | $this->design->addJs(PH7_STATIC . PH7_JS, 'form.js'); |
||
73 | |||
74 | $this->view->page_title = $this->view->h1_title = t('Browse Users'); |
||
75 | $this->view->h3_title = t('Total Users: %0%', $this->iTotalUsers); |
||
76 | |||
77 | $this->view->browse = $oBrowse; |
||
78 | $this->output(); |
||
79 | } |
||
80 | } |
||
81 | |||
82 | public function add() |
||
83 | { |
||
84 | $this->view->page_title = $this->view->h1_title = t('Add a User'); |
||
85 | $this->output(); |
||
86 | } |
||
87 | |||
88 | public function import() |
||
89 | { |
||
90 | $this->view->page_title = $this->view->h1_title = t('Import Users'); |
||
91 | $this->output(); |
||
92 | } |
||
93 | |||
94 | public function addFakeProfiles() |
||
95 | { |
||
96 | $this->view->page_title = $this->view->h1_title = t('Add Fake Profiles'); |
||
97 | $this->output(); |
||
98 | } |
||
99 | |||
100 | public function search() |
||
101 | { |
||
102 | $this->view->page_title = $this->view->h1_title = t('User Search'); |
||
103 | $this->output(); |
||
104 | } |
||
105 | |||
106 | public function result() |
||
107 | { |
||
108 | error_reporting(0); |
||
109 | |||
110 | $iGroupId = $this->httpRequest->get('group_id', 'int'); |
||
111 | $iBan = $this->httpRequest->get('ban', 'int'); |
||
112 | $sWhere = $this->httpRequest->get('where'); |
||
113 | $sWhat = $this->httpRequest->get('what'); |
||
114 | |||
115 | if (!$this->areSearchArgsValid($sWhere)) { |
||
116 | \PFBC\Form::setError('form_user_search', 'Invalid argument.'); |
||
117 | Header::redirect(Uri::get(PH7_ADMIN_MOD, 'user', 'search')); |
||
118 | } else { |
||
119 | $this->iTotalUsers = $this->oAdminModel->searchUser( |
||
0 ignored issues
–
show
|
|||
120 | $sWhat, |
||
121 | $sWhere, |
||
122 | $iGroupId, |
||
123 | $iBan, |
||
124 | true, |
||
125 | $this->httpRequest->get('order'), |
||
126 | $this->httpRequest->get('sort'), |
||
127 | null, |
||
128 | null |
||
129 | ); |
||
130 | |||
131 | $oPage = new Page; |
||
132 | $this->view->total_pages = $oPage->getTotalPages($this->iTotalUsers, self::PROFILES_PER_PAGE); |
||
133 | $this->view->current_page = $oPage->getCurrentPage(); |
||
134 | $oSearch = $this->oAdminModel->searchUser( |
||
135 | $sWhat, |
||
136 | $sWhere, |
||
137 | $iGroupId, |
||
138 | $iBan, |
||
139 | false, |
||
140 | $this->httpRequest->get('order'), |
||
141 | $this->httpRequest->get('sort'), |
||
142 | $oPage->getFirstItem(), |
||
143 | $oPage->getNbItemsPerPage() |
||
144 | ); |
||
145 | unset($oPage); |
||
146 | |||
147 | if (empty($oSearch)) { |
||
148 | $this->design->setRedirect( |
||
149 | Uri::get(PH7_ADMIN_MOD, 'user', 'search'), |
||
150 | null, |
||
151 | null, |
||
152 | 2 |
||
153 | ); |
||
154 | |||
155 | $this->displayPageNotFound('No results found. Please try again with wider/new search criteria'); |
||
156 | } else { |
||
157 | // Add the JS file for the browse form |
||
158 | $this->design->addJs(PH7_STATIC . PH7_JS, 'form.js'); |
||
159 | |||
160 | $this->view->page_title = $this->view->h1_title = t('Users - Your search returned'); |
||
161 | $this->view->h3_title = nt('%n% user found!', '%n% users found!', $this->iTotalUsers); |
||
162 | $this->view->browse = $oSearch; |
||
163 | } |
||
164 | |||
165 | $this->manualTplInclude('browse.tpl'); |
||
166 | $this->output(); |
||
167 | } |
||
168 | } |
||
169 | |||
170 | public function loginUserAs($iId = null) |
||
171 | { |
||
172 | if ($oUser = $this->oAdminModel->readProfile($iId)) { |
||
173 | $aSessionData = [ |
||
174 | 'login_user_as' => 1, |
||
175 | 'member_id' => $oUser->profileId, |
||
176 | 'member_email' => $oUser->email, |
||
177 | 'member_username' => $oUser->username, |
||
178 | 'member_first_name' => $oUser->firstName, |
||
179 | 'member_sex' => $oUser->sex, |
||
180 | 'member_group_id' => $oUser->groupId, |
||
181 | 'member_ip' => Ip::get(), |
||
182 | 'member_http_user_agent' => $this->browser->getUserAgent(), |
||
183 | 'member_token' => Various::genRnd($oUser->email) |
||
184 | ]; |
||
185 | $this->session->set($aSessionData); |
||
186 | $this->sMsg = t('You are now logged in as member: %0%!', $oUser->username); |
||
187 | unset($oUser, $aSessionData); |
||
188 | |||
189 | Header::redirect($this->registry->site_url, $this->sMsg); |
||
190 | } else { |
||
191 | Header::redirect( |
||
192 | $this->httpRequest->previousPage(), |
||
193 | t("This user doesn't exist."), |
||
194 | Design::ERROR_TYPE |
||
195 | ); |
||
196 | } |
||
197 | } |
||
198 | |||
199 | public function logoutUserAs() |
||
200 | { |
||
201 | $this->sMsg = t('You are now logged out as member: %0%!', $this->session->get('member_username')); |
||
202 | |||
203 | $aSessionData = [ |
||
204 | 'login_user_as', |
||
205 | 'member_id', |
||
206 | 'member_email', |
||
207 | 'member_username', |
||
208 | 'member_first_name', |
||
209 | 'member_sex', |
||
210 | 'member_group_id', |
||
211 | 'member_ip', |
||
212 | 'member_http_user_agent', |
||
213 | 'member_token' |
||
214 | ]; |
||
215 | |||
216 | $this->session->remove($aSessionData); |
||
217 | |||
218 | Header::redirect( |
||
219 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
220 | $this->sMsg |
||
221 | ); |
||
222 | } |
||
223 | |||
224 | public function approve() |
||
225 | { |
||
226 | Header::redirect( |
||
227 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
228 | $this->moderateRegistration($this->httpRequest->post('id'), 1) |
||
229 | ); |
||
230 | } |
||
231 | |||
232 | public function disapprove() |
||
233 | { |
||
234 | Header::redirect( |
||
235 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
236 | $this->moderateRegistration($this->httpRequest->post('id'), 0) |
||
237 | ); |
||
238 | } |
||
239 | |||
240 | public function approveAll($iId) |
||
241 | { |
||
242 | if (!(new SecurityToken)->check('user_action')) { |
||
243 | $this->sMsg = Form::errorTokenMsg(); |
||
244 | } elseif (count($this->httpRequest->post('action')) > 0) { |
||
245 | foreach ($this->httpRequest->post('action') as $sAction) { |
||
246 | $iId = (int)explode('_', $sAction)[0]; |
||
247 | $this->sMsg = $this->moderateRegistration($iId, 1); |
||
248 | } |
||
249 | } |
||
250 | |||
251 | Header::redirect( |
||
252 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
253 | $this->sMsg |
||
254 | ); |
||
255 | } |
||
256 | |||
257 | public function disapproveAll($iId) |
||
258 | { |
||
259 | if (!(new SecurityToken)->check('user_action')) { |
||
260 | $this->sMsg = Form::errorTokenMsg(); |
||
261 | } elseif (count($this->httpRequest->post('action')) > 0) { |
||
262 | foreach ($this->httpRequest->post('action') as $sAction) { |
||
263 | $iId = (int)explode('_', $sAction)[0]; |
||
264 | $this->sMsg = $this->moderateRegistration($iId, 0); |
||
265 | } |
||
266 | } |
||
267 | |||
268 | Header::redirect( |
||
269 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
270 | $this->sMsg |
||
271 | ); |
||
272 | } |
||
273 | |||
274 | public function ban() |
||
275 | { |
||
276 | $iId = $this->httpRequest->post('id'); |
||
277 | |||
278 | if ($this->oAdminModel->ban($iId, 1)) { |
||
279 | $this->oAdmin->clearReadProfileCache($iId); |
||
280 | $this->sMsg = t('The profile has been banned.'); |
||
281 | } else { |
||
282 | $this->sMsg = t('Oops! An error has occurred while banishment the profile.'); |
||
283 | } |
||
284 | |||
285 | Header::redirect( |
||
286 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
287 | $this->sMsg |
||
288 | ); |
||
289 | } |
||
290 | |||
291 | public function unBan() |
||
292 | { |
||
293 | $iId = $this->httpRequest->post('id'); |
||
294 | |||
295 | if ($this->oAdminModel->ban($iId, 0)) { |
||
296 | $this->oAdmin->clearReadProfileCache($iId); |
||
297 | $this->sMsg = t('The profile has been unbanned.'); |
||
298 | } else { |
||
299 | $this->sMsg = t('Oops! An error has occurred while unban the profile.'); |
||
300 | } |
||
301 | |||
302 | Header::redirect( |
||
303 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
304 | $this->sMsg |
||
305 | ); |
||
306 | } |
||
307 | |||
308 | public function delete() |
||
309 | { |
||
310 | $aData = explode('_', $this->httpRequest->post('id')); |
||
311 | $iId = (int)$aData[0]; |
||
312 | $sUsername = (string)$aData[1]; |
||
313 | |||
314 | $this->oAdmin->delete($iId, $sUsername); |
||
315 | |||
316 | Header::redirect( |
||
317 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
318 | t('The profile has been deleted.') |
||
319 | ); |
||
320 | } |
||
321 | |||
322 | public function banAll() |
||
323 | { |
||
324 | if (!(new SecurityToken)->check('user_action')) { |
||
325 | $this->sMsg = Form::errorTokenMsg(); |
||
326 | } elseif (count($this->httpRequest->post('action')) > 0) { |
||
327 | foreach ($this->httpRequest->post('action') as $sAction) { |
||
328 | $iId = (int)explode('_', $sAction)[0]; |
||
329 | |||
330 | $this->oAdminModel->ban($iId, 1); |
||
331 | |||
332 | $this->oAdmin->clearReadProfileCache($iId); |
||
333 | } |
||
334 | $this->sMsg = t('The profile(s) has/have been banned.'); |
||
335 | } |
||
336 | |||
337 | Header::redirect( |
||
338 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
339 | $this->sMsg |
||
340 | ); |
||
341 | } |
||
342 | |||
343 | public function unBanAll() |
||
344 | { |
||
345 | if (!(new SecurityToken)->check('user_action')) { |
||
346 | $this->sMsg = Form::errorTokenMsg(); |
||
347 | } elseif (count($this->httpRequest->post('action')) > 0) { |
||
348 | foreach ($this->httpRequest->post('action') as $sAction) { |
||
349 | $iId = (int)explode('_', $sAction)[0]; |
||
350 | |||
351 | $this->oAdminModel->ban($iId, 0); |
||
352 | $this->oAdmin->clearReadProfileCache($iId); |
||
353 | } |
||
354 | $this->sMsg = t('The profile(s) has/have been unbanned.'); |
||
355 | } |
||
356 | |||
357 | Header::redirect( |
||
358 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
359 | $this->sMsg |
||
360 | ); |
||
361 | } |
||
362 | |||
363 | public function deleteAll() |
||
364 | { |
||
365 | if (!(new SecurityToken)->check('user_action')) { |
||
366 | $this->sMsg = Form::errorTokenMsg(); |
||
367 | } elseif (count($this->httpRequest->post('action')) > 0) { |
||
368 | foreach ($this->httpRequest->post('action') as $sAction) { |
||
369 | $aData = explode('_', $sAction); |
||
370 | $iId = (int)$aData[0]; |
||
371 | $sUsername = (string)$aData[1]; |
||
372 | |||
373 | $this->oAdmin->delete($iId, $sUsername); |
||
374 | } |
||
375 | $this->sMsg = t('The profile(s) has/have been deleted.'); |
||
376 | } |
||
377 | |||
378 | Header::redirect( |
||
379 | Uri::get(PH7_ADMIN_MOD, 'user', 'browse'), |
||
380 | $this->sMsg |
||
381 | ); |
||
382 | } |
||
383 | |||
384 | private function moderateRegistration($iId, $iStatus) |
||
385 | { |
||
386 | if (isset($iId, $iStatus)) { |
||
387 | if ($oUser = $this->oAdminModel->readProfile($iId)) { |
||
388 | if ($iStatus === 0) { |
||
389 | // Set user not active |
||
390 | $this->oAdminModel->approve($oUser->profileId, 0); |
||
391 | |||
392 | // We leave the user in disapproval (but send an email). After we can ban or delete it |
||
393 | $sSubject = t('Your membership account has been declined'); |
||
394 | $this->sMsg = t('Sorry, Your membership account has been declined.'); |
||
395 | } elseif ($iStatus === 1) { |
||
396 | // Approve user |
||
397 | $this->oAdminModel->approve($oUser->profileId, 1); |
||
398 | |||
399 | /** Update the Affiliate Commission **/ |
||
400 | AffiliateCore::updateJoinCom($oUser->affiliatedId, $this->config, $this->registry); |
||
401 | |||
402 | $sSubject = t('Your membership account has been activated'); |
||
403 | $this->sMsg = t('Congratulations! Your account has been approved by our team of administrators.<br />You can now %0% to meeting new people!', |
||
404 | '<a href="' . Uri::get('user', 'main', 'login') . '"><b>' . t('log in') . '</b></a>'); |
||
405 | } else { |
||
406 | // Error... |
||
407 | $this->sMsg = null; |
||
408 | } |
||
409 | |||
410 | if (!empty($this->sMsg)) { |
||
411 | // Set message |
||
412 | $this->view->content = t('Dear %0%,', $oUser->firstName) . '<br />' . $this->sMsg; |
||
413 | $this->view->footer = t('You are receiving this email because we received a registration application with "%0%" email address for %site_name% (%site_url%).', $oUser->email) . '<br />' . |
||
414 | t('If you think someone has used your email address without your knowledge to create an account on %site_name%, please contact us using our contact form available on our website.'); |
||
415 | |||
416 | // Send email |
||
417 | $sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_MAIL_NAME . '/tpl/mail/sys/core/moderate_registration.tpl', $oUser->email); |
||
418 | $aInfo = ['to' => $oUser->email, 'subject' => $sSubject]; |
||
419 | (new Mail)->send($aInfo, $sMessageHtml); |
||
420 | |||
421 | $this->oAdmin->clearReadProfileCache($oUser->profileId); |
||
422 | |||
423 | $sOutputMsg = t('Done!'); |
||
424 | } else { |
||
425 | $sOutputMsg = t('Error! Bad argument in the URL.'); |
||
426 | } |
||
427 | } else { |
||
428 | $sOutputMsg = t('The user is not found!'); |
||
429 | } |
||
430 | } else { |
||
431 | $sOutputMsg = t('Error! Missing argument in the URL.'); |
||
432 | } |
||
433 | |||
434 | return $sOutputMsg; |
||
435 | } |
||
436 | |||
437 | /** |
||
438 | * @param string $sWhere |
||
439 | * |
||
440 | * @return bool |
||
441 | */ |
||
442 | private function areSearchArgsValid($sWhere) |
||
443 | { |
||
444 | $aWhereOptions = [ |
||
445 | 'all', |
||
446 | SearchCoreModel::USERNAME, |
||
447 | SearchCoreModel::EMAIL, |
||
448 | SearchCoreModel::FIRST_NAME, |
||
449 | SearchCoreModel::LAST_NAME, |
||
450 | SearchCoreModel::IP |
||
451 | ]; |
||
452 | |||
453 | return in_array($sWhere, $aWhereOptions, true); |
||
454 | } |
||
455 | } |
||
456 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountId
that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theid
property of an instance of theAccount
class. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.