These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
0 ignored issues
–
show
|
|||
2 | /** |
||
3 | * @title InstallController Class |
||
4 | * |
||
5 | * @author Pierre-Henry Soria <[email protected]> |
||
6 | * @copyright (c) 2012-2017, Pierre-Henry Soria. All Rights Reserved. |
||
7 | * @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. |
||
8 | * @package PH7 / Install / Controller |
||
9 | */ |
||
10 | |||
11 | namespace PH7; |
||
12 | defined('PH7') or exit('Restricted access'); |
||
13 | |||
14 | // Reset the time limit |
||
15 | @set_time_limit(0); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
16 | |||
17 | class InstallController extends Controller |
||
18 | { |
||
19 | /** |
||
20 | * Enable/Disable Modules according to the chosen niche |
||
21 | */ |
||
22 | const SOCIAL_MODS = [ |
||
23 | 'connect' => '0', |
||
24 | 'affiliate' => '0', |
||
25 | 'game' => '1', |
||
26 | 'chat' => '0', |
||
27 | 'chatroulette' => '0', |
||
28 | 'picture' => '1', |
||
29 | 'video' => '1', |
||
30 | 'hotornot' => '0', |
||
31 | 'forum' => '1', |
||
32 | 'note' => '1', |
||
33 | 'blog' => '1', |
||
34 | 'newsletter' => '0', |
||
35 | 'invite' => '1', |
||
36 | 'webcam' => '1', |
||
37 | 'love-calculator' => '0', |
||
38 | 'mail' => '1', |
||
39 | 'im' => '1', |
||
40 | 'user-dashboard' => '0', |
||
41 | 'related-profile' => '1', |
||
42 | 'friend' => '1' |
||
43 | ]; |
||
44 | |||
45 | const DATING_MODS = [ |
||
46 | 'connect' => '0', |
||
47 | 'affiliate' => '1', |
||
48 | 'game' => '0', |
||
49 | 'chat' => '1', |
||
50 | 'chatroulette' => '1', |
||
51 | 'picture' => '1', |
||
52 | 'video' => '0', |
||
53 | 'hotornot' => '1', |
||
54 | 'forum' => '0', |
||
55 | 'note' => '0', |
||
56 | 'blog' => '1', |
||
57 | 'newsletter' => '1', |
||
58 | 'invite' => '0', |
||
59 | 'webcam' => '0', |
||
60 | 'love-calculator' => '1', |
||
61 | 'mail' => '1', |
||
62 | 'im' => '1', |
||
63 | 'user-dashboard' => '1', |
||
64 | 'related-profile' => '1', |
||
65 | 'friend' => '0' |
||
66 | ]; |
||
67 | |||
68 | /** |
||
69 | * Enable/Disable Site Settings according to the chosen niche |
||
70 | */ |
||
71 | const SOCIAL_SETTINGS = [ |
||
72 | 'social_media_widgets' => '1' |
||
73 | ]; |
||
74 | |||
75 | const DATING_SETTINGS = [ |
||
76 | 'social_media_widgets' => '0' |
||
77 | ]; |
||
78 | |||
79 | |||
80 | /********************* STEP 1 *********************/ |
||
81 | public function index() |
||
82 | { |
||
83 | $aLangs = get_dir_list(PH7_ROOT_INSTALL . 'langs/'); |
||
84 | $aLangsList = include PH7_ROOT_INSTALL . 'inc/lang_list.inc.php'; |
||
85 | $sLangSelect = ''; |
||
86 | |||
87 | foreach ($aLangs as $sLang) |
||
88 | { |
||
89 | $sSel = (empty($_REQUEST['l']) ? $sLang == $this->sCurrentLang ? '" selected="selected' : '' : ($sLang == $_REQUEST['l']) ? '" selected="selected' : ''); |
||
90 | $sLangSelect .= '<option value="?l=' . $sLang . $sSel . '">' . $aLangsList[$sLang] . '</option>'; |
||
91 | } |
||
92 | |||
93 | $this->oView->assign('lang_select', $sLangSelect); |
||
94 | $this->oView->assign('sept_number', 1); |
||
95 | $this->oView->display('index.tpl'); |
||
96 | } |
||
97 | |||
98 | /********************* STEP 2 *********************/ |
||
99 | public function config_path() |
||
100 | { |
||
101 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
102 | |||
103 | if (empty($_SESSION['val']['path_protected'])) |
||
104 | $_SESSION['val']['path_protected'] = PH7_ROOT_PUBLIC . '_protected' . PH7_DS; |
||
105 | |||
106 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['path_protected'])) |
||
107 | { |
||
108 | $_SESSION['val']['path_protected'] = check_ext_start(check_ext_end(trim($_POST['path_protected']))); |
||
109 | |||
110 | if (is_dir($_SESSION['val']['path_protected'])) |
||
111 | { |
||
112 | if (is_readable($_SESSION['val']['path_protected'])) |
||
113 | { |
||
114 | $sConstantContent = file_get_contents(PH7_ROOT_INSTALL . 'data/configs/constants.php'); |
||
115 | |||
116 | $sConstantContent = str_replace('%path_protected%', addslashes($_SESSION['val']['path_protected']), $sConstantContent); |
||
117 | |||
118 | if (!@file_put_contents(PH7_ROOT_PUBLIC . '_constants.php', $sConstantContent)) |
||
119 | { |
||
120 | $aErrors[] = $LANG['no_public_writable']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
121 | } |
||
122 | else |
||
123 | { |
||
124 | $_SESSION['step2'] = 1; |
||
125 | unset($_SESSION['val']); |
||
126 | |||
127 | redirect(PH7_URL_SLUG_INSTALL . 'config_system'); |
||
128 | } |
||
129 | } |
||
130 | else |
||
131 | { |
||
132 | $aErrors[] = $LANG['no_protected_readable']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
133 | } |
||
134 | } |
||
135 | else |
||
136 | { |
||
137 | $aErrors[] = $LANG['no_protected_exist']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
138 | } |
||
139 | } |
||
140 | |||
141 | $this->oView->assign('sept_number', 2); |
||
142 | $this->oView->assign('errors', @$aErrors); |
||
0 ignored issues
–
show
The variable
$aErrors does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
143 | unset($aErrors); |
||
144 | $this->oView->display('config_path.tpl'); |
||
145 | } |
||
146 | |||
147 | /********************* STEP 3 *********************/ |
||
148 | public function config_system() |
||
149 | { |
||
150 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
151 | |||
152 | if (!empty($_SESSION['step2']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) |
||
153 | { |
||
154 | session_regenerate_id(true); |
||
155 | |||
156 | if (empty($_SESSION['val'])) |
||
157 | { |
||
158 | $_SESSION['db']['type_name'] = 'MySQL'; |
||
159 | $_SESSION['db']['type'] = 'mysql'; |
||
160 | $_SESSION['db']['hostname'] = 'localhost'; |
||
161 | $_SESSION['db']['username'] = 'root'; |
||
162 | $_SESSION['db']['name'] = 'ph7cms'; |
||
163 | $_SESSION['db']['prefix'] = 'PH7_'; |
||
164 | $_SESSION['db']['port'] = '3306'; |
||
165 | $_SESSION['db']['charset'] = 'UTF8'; |
||
166 | |||
167 | $_SESSION['val']['bug_report_email'] = ''; |
||
168 | $_SESSION['val']['ffmpeg_path'] = ffmpeg_path(); |
||
169 | } |
||
170 | |||
171 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_system_submit'])) |
||
172 | { |
||
173 | if (filled_out($_POST)) |
||
174 | { |
||
175 | foreach ($_POST as $sKey => $sVal) |
||
176 | $_SESSION['db'][str_replace('db_', '', $sKey)] = trim($sVal); |
||
177 | |||
178 | $_SESSION['val']['bug_report_email'] = trim($_POST['bug_report_email']); |
||
179 | $_SESSION['val']['ffmpeg_path'] = trim($_POST['ffmpeg_path']); |
||
180 | |||
181 | if (validate_email($_SESSION['val']['bug_report_email'])) |
||
182 | { |
||
183 | try |
||
184 | { |
||
185 | require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; |
||
186 | @require_once PH7_ROOT_PUBLIC . '_constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
187 | @require_once PH7_PATH_APP . 'configs/constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
188 | |||
189 | // Config File |
||
190 | @chmod(PH7_PATH_APP_CONFIG, 0777); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
191 | $sConfigContent = file_get_contents(PH7_ROOT_INSTALL . 'data/configs/config.ini'); |
||
192 | |||
193 | $sConfigContent = str_replace('%bug_report_email%', $_SESSION['val']['bug_report_email'], $sConfigContent); |
||
194 | $sConfigContent = str_replace('%ffmpeg_path%', clean_string($_SESSION['val']['ffmpeg_path']), $sConfigContent); |
||
195 | |||
196 | $sConfigContent = str_replace('%db_type_name%', $_SESSION['db']['type_name'], $sConfigContent); |
||
197 | $sConfigContent = str_replace('%db_type%', $_SESSION['db']['type'], $sConfigContent); |
||
198 | $sConfigContent = str_replace('%db_hostname%', $_SESSION['db']['hostname'], $sConfigContent); |
||
199 | $sConfigContent = str_replace('%db_username%', clean_string($_SESSION['db']['username']), $sConfigContent); |
||
200 | $sConfigContent = str_replace('%db_password%', clean_string($_SESSION['db']['password']), $sConfigContent); |
||
201 | $sConfigContent = str_replace('%db_name%', clean_string($_SESSION['db']['name']), $sConfigContent); |
||
202 | $sConfigContent = str_replace('%db_prefix%', clean_string($_SESSION['db']['prefix']), $sConfigContent); |
||
203 | $sConfigContent = str_replace('%db_charset%', $_SESSION['db']['charset'], $sConfigContent); |
||
204 | $sConfigContent = str_replace('%db_port%', $_SESSION['db']['port'], $sConfigContent); |
||
205 | |||
206 | $sConfigContent = str_replace('%private_key%', generate_hash(40), $sConfigContent); |
||
207 | $sConfigContent = str_replace('%rand_id%', generate_hash(5), $sConfigContent); |
||
208 | |||
209 | if (!@file_put_contents(PH7_PATH_APP_CONFIG . 'config.ini', $sConfigContent)) |
||
210 | { |
||
211 | $aErrors[] = $LANG['no_app_config_writable']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
212 | } |
||
213 | else |
||
214 | { |
||
215 | if (!($DB->getAttribute(\PDO::ATTR_DRIVER_NAME) == 'mysql' && version_compare($DB->getAttribute(\PDO::ATTR_SERVER_VERSION), PH7_REQUIRE_SQL_VERSION, '>='))) |
||
216 | { |
||
217 | $aErrors[] = $LANG['require_mysql_version']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
218 | } |
||
219 | else |
||
220 | { |
||
221 | $aDumps = [ |
||
222 | /*** Game ***/ |
||
223 | // We need to install the Game before the Core SQL for "foreign keys" that work are correct. |
||
224 | 'pH7_SchemaGame', |
||
225 | 'pH7_DataGame', |
||
226 | /*** Core ***/ |
||
227 | 'pH7_Core', |
||
228 | // --- GeoIp (exec_query_file() function executes these files only if they existens otherwise it does nothing) --- // |
||
229 | 'pH7_GeoCountry', |
||
230 | 'pH7_GeoCity', |
||
231 | 'pH7_GeoCity2', |
||
232 | 'pH7_GeoCity3', |
||
233 | 'pH7_GeoCity4', |
||
234 | 'pH7_GeoCity5', |
||
235 | 'pH7_GeoCity6', |
||
236 | 'pH7_GeoCity7', |
||
237 | 'pH7_GeoCity8', |
||
238 | 'pH7_GeoState', |
||
239 | // --- Execute this file if there is something --- // |
||
240 | 'pH7_SampleData' |
||
241 | ]; |
||
242 | |||
243 | for ($i = 0, $iCount = count($aDumps); $i < $iCount; $i++) |
||
244 | exec_query_file($DB, PH7_ROOT_INSTALL . 'data/sql/' . $_SESSION['db']['type_name'] . '/' . $aDumps[$i] . '.sql'); |
||
0 ignored issues
–
show
|
|||
245 | |||
246 | unset($DB); |
||
247 | |||
248 | $_SESSION['step3'] = 1; |
||
249 | unset($_SESSION['val']); |
||
250 | |||
251 | redirect(PH7_URL_SLUG_INSTALL . 'config_site'); |
||
252 | } |
||
253 | } |
||
254 | } |
||
255 | catch (\PDOException $oE) |
||
256 | { |
||
257 | $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); |
||
0 ignored issues
–
show
The variable
$aErrors does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
258 | } |
||
259 | } |
||
260 | else |
||
261 | { |
||
262 | $aErrors[] = $LANG['bad_email']; |
||
263 | } |
||
264 | } |
||
265 | else |
||
266 | { |
||
267 | $aErrors[] = $LANG['all_fields_mandatory']; |
||
268 | } |
||
269 | } |
||
270 | } |
||
271 | else |
||
272 | { |
||
273 | redirect(PH7_URL_SLUG_INSTALL . 'config_path'); |
||
274 | } |
||
275 | |||
276 | $this->oView->assign('sept_number', 3); |
||
277 | $this->oView->assign('errors', @$aErrors); |
||
278 | unset($aErrors); |
||
279 | $this->oView->display('config_system.tpl'); |
||
280 | } |
||
281 | |||
282 | /********************* STEP 4 *********************/ |
||
283 | public function config_site() |
||
284 | { |
||
285 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
286 | |||
287 | if (empty($_SESSION['step4'])) |
||
288 | { |
||
289 | if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) |
||
290 | { |
||
291 | session_regenerate_id(true); |
||
292 | |||
293 | if (empty($_SESSION['val'])) |
||
294 | { |
||
295 | $_SESSION['val']['site_name'] = 'My Social Dating Site'; |
||
296 | $_SESSION['val']['admin_login_email'] = ''; |
||
297 | $_SESSION['val']['admin_email'] = ''; |
||
298 | $_SESSION['val']['admin_feedback_email'] = ''; |
||
299 | $_SESSION['val']['admin_return_email'] = ''; |
||
300 | $_SESSION['val']['admin_username'] = 'administrator'; |
||
301 | $_SESSION['val']['admin_first_name'] = ''; |
||
302 | $_SESSION['val']['admin_last_name'] = ''; |
||
303 | } |
||
304 | |||
305 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) |
||
306 | { |
||
307 | if (filled_out($_POST)) |
||
308 | { |
||
309 | foreach ($_POST as $sKey => $sVal) |
||
310 | $_SESSION['val'][$sKey] = trim($sVal); |
||
311 | |||
312 | if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) |
||
313 | { |
||
314 | if (validate_username($_SESSION['val']['admin_username']) == 0) |
||
315 | { |
||
316 | if (validate_password($_SESSION['val']['admin_password']) == 0) |
||
317 | { |
||
318 | if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) |
||
319 | { |
||
320 | if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) |
||
321 | { |
||
322 | if (validate_name($_SESSION['val']['admin_first_name'])) |
||
323 | { |
||
324 | if (validate_name($_SESSION['val']['admin_last_name'])) |
||
325 | { |
||
326 | @require_once PH7_ROOT_PUBLIC . '_constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
327 | @require_once PH7_PATH_APP . 'configs/constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
328 | |||
329 | require PH7_PATH_APP . 'includes/helpers/misc.php'; |
||
330 | require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php'; |
||
331 | // To load "\PH7\Framework\Security\Security" class |
||
332 | Framework\Loader\Autoloader::getInstance()->init(); |
||
333 | |||
334 | try |
||
335 | { |
||
336 | require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; |
||
337 | |||
338 | // SQL EXECUTE |
||
339 | $rStmt = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins |
||
0 ignored issues
–
show
|
|||
340 | (profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip) |
||
341 | VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)'); |
||
342 | |||
343 | $sCurrentDate = date('Y-m-d H:i:s'); |
||
344 | $rStmt->execute([ |
||
345 | 'username' => $_SESSION['val']['admin_username'], |
||
346 | 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), |
||
347 | 'email' => $_SESSION['val']['admin_login_email'], |
||
348 | 'firstName'=> $_SESSION['val']['admin_first_name'], |
||
349 | 'lastName'=> $_SESSION['val']['admin_last_name'], |
||
350 | 'joinDate'=> $sCurrentDate, |
||
351 | 'lastActivity' => $sCurrentDate, |
||
352 | 'ip' => client_ip() |
||
353 | ]); |
||
354 | |||
355 | $rStmt = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\' LIMIT 1'); |
||
356 | $rStmt->execute(['siteName' => $_SESSION['val']['site_name']]); |
||
357 | |||
358 | $rStmt = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\' LIMIT 1'); |
||
359 | $rStmt->execute(['adminEmail' => $_SESSION['val']['admin_email']]); |
||
360 | |||
361 | $rStmt = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\' LIMIT 1'); |
||
362 | $rStmt->execute(['feedbackEmail' => $_SESSION['val']['admin_feedback_email']]); |
||
363 | |||
364 | $rStmt = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\' LIMIT 1'); |
||
365 | $rStmt->execute(['returnEmail' => $_SESSION['val']['admin_return_email']]); |
||
366 | |||
367 | // We finalise by putting the correct permission to the config files |
||
368 | $this->_chmodConfigFiles(); |
||
369 | |||
370 | $_SESSION['step4'] = 1; |
||
371 | |||
372 | redirect(PH7_URL_SLUG_INSTALL . 'niche'); |
||
373 | } |
||
374 | catch (\PDOException $oE) |
||
375 | { |
||
376 | $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
377 | } |
||
378 | } |
||
379 | else |
||
380 | { |
||
381 | $aErrors[] = $LANG['bad_last_name']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
382 | } |
||
383 | } |
||
384 | else |
||
385 | { |
||
386 | $aErrors[] = $LANG['bad_first_name']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
387 | } |
||
388 | } |
||
389 | else |
||
390 | { |
||
391 | $aErrors[] = $LANG['insecure_password']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
392 | } |
||
393 | } |
||
394 | else |
||
395 | { |
||
396 | $aErrors[] = $LANG['passwords_different']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
397 | } |
||
398 | } |
||
399 | elseif (validate_password($_SESSION['val']['admin_password']) == 1) |
||
400 | { |
||
401 | $aErrors[] = $LANG['password_too_short']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
402 | } |
||
403 | elseif (validate_password($_SESSION['val']['admin_password']) == 2) |
||
404 | { |
||
405 | $aErrors[] = $LANG['password_too_long']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
406 | } |
||
407 | elseif (validate_password($_SESSION['val']['admin_password']) == 3) |
||
408 | { |
||
409 | $aErrors[] = $LANG['password_no_number']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
410 | } |
||
411 | elseif (validate_password($_SESSION['val']['admin_password']) == 4) |
||
412 | { |
||
413 | $aErrors[] = $LANG['password_no_upper']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
414 | } |
||
415 | } |
||
416 | elseif (validate_username($_SESSION['val']['admin_username']) == 1) |
||
417 | { |
||
418 | $aErrors[] = $LANG['username_too_short']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
419 | } |
||
420 | elseif (validate_username($_SESSION['val']['admin_username']) == 2) |
||
421 | { |
||
422 | $aErrors[] = $LANG['username_too_long']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
423 | } |
||
424 | elseif (validate_username($_SESSION['val']['admin_username']) == 3) |
||
425 | { |
||
426 | $aErrors[] = $LANG['bad_username']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
427 | } |
||
428 | } |
||
429 | else |
||
430 | { |
||
431 | $aErrors[] = $LANG['bad_email']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
432 | } |
||
433 | } |
||
434 | else |
||
435 | { |
||
436 | $aErrors[] = $LANG['all_fields_mandatory']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
437 | } |
||
438 | } |
||
439 | } |
||
440 | else |
||
441 | { |
||
442 | redirect(PH7_URL_SLUG_INSTALL . 'config_system'); |
||
443 | } |
||
444 | } |
||
445 | else |
||
446 | { |
||
447 | redirect(PH7_URL_SLUG_INSTALL . 'niche'); |
||
448 | } |
||
449 | |||
450 | $this->oView->assign('sept_number', 4); |
||
451 | $this->oView->assign('errors', @$aErrors); |
||
0 ignored issues
–
show
The variable
$aErrors does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
452 | unset($aErrors); |
||
453 | $this->oView->display('config_site.tpl'); |
||
454 | } |
||
455 | |||
456 | /********************* STEP 5 *********************/ |
||
457 | public function niche() |
||
458 | { |
||
459 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
460 | |||
461 | if (empty($_SESSION['step5'])) |
||
462 | { |
||
463 | if (!empty($_SESSION['step4']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) |
||
464 | { |
||
465 | session_regenerate_id(true); |
||
466 | |||
467 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['niche_submit'])) |
||
468 | { |
||
469 | $bUpdateNeeded = false; // Value by default. Don't need to update the DB for the Social/Dating Niche |
||
470 | |||
471 | switch ($_POST['niche_submit']) |
||
472 | { |
||
473 | case 'zendate': |
||
474 | $bUpdateNeeded = true; |
||
475 | $sTheme = 'zendate'; |
||
476 | $aModUpdate = self::SOCIAL_MODS; |
||
477 | $aSettingUpdate = self::SOCIAL_SETTINGS; |
||
478 | break; |
||
479 | |||
480 | case 'datelove': |
||
481 | $bUpdateNeeded = true; |
||
482 | $sTheme = 'datelove'; |
||
483 | $aModUpdate = self::DATING_MODS; |
||
484 | $aSettingUpdate = self::DATING_SETTINGS; |
||
485 | break; |
||
486 | |||
487 | // Or for 'base', don't do anything. Just use the default settings already setup in the database |
||
488 | } |
||
489 | |||
490 | if ($bUpdateNeeded) |
||
491 | { |
||
492 | @require_once PH7_ROOT_PUBLIC . '_constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
493 | @require_once PH7_PATH_APP . 'configs/constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
494 | |||
495 | require PH7_PATH_APP . 'includes/helpers/misc.php'; |
||
496 | require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php'; |
||
497 | // To load "PH7\Framework\Mvc\Model\DbConfig" class |
||
498 | Framework\Loader\Autoloader::getInstance()->init(); |
||
499 | |||
500 | try |
||
501 | { |
||
502 | require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; |
||
503 | |||
504 | // Enable/Disable the modules according to the chosen niche |
||
505 | foreach ($aModUpdate as $sModName => $sStatus) |
||
0 ignored issues
–
show
The variable
$aModUpdate does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
506 | $this->_updateMods($DB, $sModName, $sStatus); |
||
0 ignored issues
–
show
|
|||
507 | |||
508 | $this->_updateSettings($aSettingUpdate); |
||
0 ignored issues
–
show
The variable
$aSettingUpdate does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
509 | |||
510 | // Set the theme for the chosen niche |
||
511 | $sSql = 'UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :theme WHERE name = \'defaultTemplate\' LIMIT 1'; |
||
512 | $rStmt = $DB->prepare($sSql); |
||
513 | $rStmt->execute(['theme' => $sTheme]); |
||
0 ignored issues
–
show
The variable
$sTheme does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
514 | } |
||
515 | catch (\PDOException $oE) |
||
516 | { |
||
517 | $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
518 | } |
||
519 | } |
||
520 | $_SESSION['step5'] = 1; |
||
521 | |||
522 | redirect(PH7_URL_SLUG_INSTALL . 'service'); |
||
523 | } |
||
524 | } |
||
525 | else |
||
526 | { |
||
527 | redirect(PH7_URL_SLUG_INSTALL . 'config_site'); |
||
528 | } |
||
529 | } |
||
530 | else |
||
531 | { |
||
532 | redirect(PH7_URL_SLUG_INSTALL . 'service'); |
||
533 | } |
||
534 | |||
535 | $this->oView->assign('sept_number', 5); |
||
536 | $this->oView->assign('errors', @$aErrors); |
||
0 ignored issues
–
show
The variable
$aErrors does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
537 | unset($aErrors); |
||
538 | $this->oView->display('niche.tpl'); |
||
539 | } |
||
540 | |||
541 | /********************* STEP 6 *********************/ |
||
542 | public function service() |
||
543 | { |
||
544 | $this->oView->assign('sept_number', 6); |
||
545 | $this->oView->display('service.tpl'); |
||
546 | } |
||
547 | |||
548 | /********************* STEP 7 *********************/ |
||
549 | public function license() |
||
550 | { |
||
551 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
552 | |||
553 | if (!empty($_SESSION['step5']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) |
||
554 | { |
||
555 | if (empty($_SESSION['val']['license'])) |
||
556 | $_SESSION['val']['license'] = ''; |
||
557 | |||
558 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['license'])) |
||
559 | { |
||
560 | $sKey = trim($_POST['license']); |
||
561 | if (check_license($sKey)) |
||
562 | { |
||
563 | @require_once PH7_ROOT_PUBLIC . '_constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
564 | @require_once PH7_PATH_APP . 'configs/constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
565 | |||
566 | try |
||
567 | { |
||
568 | require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; |
||
569 | |||
570 | $rStmt = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'License SET licenseKey = :key WHERE licenseId = 1'); |
||
0 ignored issues
–
show
|
|||
571 | $rStmt->execute(['key' => $sKey]); |
||
572 | |||
573 | redirect(PH7_URL_SLUG_INSTALL . 'finish'); |
||
574 | } |
||
575 | catch (\PDOException $oE) |
||
576 | { |
||
577 | $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
578 | } |
||
579 | } |
||
580 | else |
||
581 | { |
||
582 | $aErrors[] = $LANG['failure_license']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$aErrors was never initialized. Although not strictly required by PHP, it is generally a good practice to add $aErrors = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
583 | } |
||
584 | } |
||
585 | } |
||
586 | else |
||
587 | { |
||
588 | redirect(PH7_URL_SLUG_INSTALL . 'niche'); |
||
589 | } |
||
590 | |||
591 | $this->oView->assign('sept_number', 7); |
||
592 | $this->oView->assign('errors', @$aErrors); |
||
0 ignored issues
–
show
The variable
$aErrors does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
593 | unset($aErrors); |
||
594 | $this->oView->display('license.tpl'); |
||
595 | } |
||
596 | |||
597 | /********************* STEP 8 *********************/ |
||
598 | public function finish() |
||
599 | { |
||
600 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
601 | |||
602 | @require_once PH7_ROOT_PUBLIC . '_constants.php'; |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
603 | |||
604 | if (!empty($_SESSION['val']['admin_login_email'])) |
||
605 | { |
||
606 | // Send an email to say the installation is now done, and give some information... |
||
607 | $aParams = [ |
||
608 | 'to' => $_SESSION['val']['admin_login_email'], |
||
609 | 'subject' => $LANG['title_email_finish_install'], |
||
610 | 'body' => $LANG['content_email_finish_install'] |
||
611 | ]; |
||
612 | send_mail($aParams); |
||
613 | } |
||
614 | |||
615 | $this->_removeSessions(); |
||
616 | $this->_removeCookies(); |
||
617 | |||
618 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['confirm_remove_install'])) |
||
619 | { |
||
620 | remove_install_dir(); |
||
621 | clearstatcache(); // We remove the files status cache as the "_install" folder doesn't exist anymore by now. |
||
622 | exit(header('Location: ' . PH7_URL_ROOT)); |
||
623 | } |
||
624 | |||
625 | $this->oView->assign('sept_number', 8); |
||
626 | $this->oView->display('finish.tpl'); |
||
627 | } |
||
628 | |||
629 | /** |
||
630 | * Update module status (enabled/disabled). |
||
631 | * |
||
632 | * @param object \PH7\Db $oDb |
||
633 | * @param string $sModName Module Name. |
||
634 | * @param string $sStatus '1' = Enabled | '0' = Disabled (need to be string because in DB it is an "enum"). |
||
635 | * @return mixed (integer | boolean) Returns the number of rows on success or FALSE on failure. |
||
636 | */ |
||
637 | private function _updateMods(Db $oDb, $sModName, $sStatus) |
||
638 | { |
||
639 | $sSql = 'UPDATE ' . $_SESSION['db']['prefix'] . 'SysModsEnabled SET enabled = :status WHERE folderName = :modName LIMIT 1'; |
||
640 | $rStmt = $oDb->prepare($sSql); |
||
641 | return $rStmt->execute(['modName' => $sModName, 'status' => $sStatus]); |
||
642 | } |
||
643 | |||
644 | /** |
||
645 | * Update Settings. |
||
646 | * |
||
647 | * @param array $aParams |
||
648 | * @return void |
||
649 | */ |
||
650 | private function _updateSettings(array $aParams) |
||
651 | { |
||
652 | // Initialize the site's database to get "\PH7\Framework\Mvc\Model\Engine\Db" class working (as it uses that DB and not the installer one) |
||
653 | Framework\Mvc\Router\FrontController::getInstance()->_databaseInitialize(); |
||
654 | |||
655 | // Enable/Disable Social Media Widgets according to the chosen niche |
||
656 | Framework\Mvc\Model\DbConfig::setSocialWidgets($aParams['social_media_widgets']); |
||
657 | } |
||
658 | |||
659 | /***** Get the loading image *****/ |
||
660 | private function _loadImg() |
||
0 ignored issues
–
show
|
|||
661 | { |
||
662 | global $LANG; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
Loading history...
|
|||
663 | |||
664 | return '<div style="text-align:center"><p>' . $LANG['wait_importing_database'] . '</p> |
||
665 | <p><img src="data:image/gif;base64,R0lGODlhHwAfAPUAAP///wAAAOjo6NLS0ry8vK6urqKiotzc3Li4uJqamuTk5NjY2KqqqqCgoLCwsMzMzPb29qioqNTU1Obm5jY2NiYmJlBQUMTExHBwcJKSklZWVvr6+mhoaEZGRsbGxvj4+EhISDIyMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCgAAACwAAAAAHwAfAAAG/0CAcEgUDAgFA4BiwSQexKh0eEAkrldAZbvlOD5TqYKALWu5XIwnPFwwymY0GsRgAxrwuJwbCi8aAHlYZ3sVdwtRCm8JgVgODwoQAAIXGRpojQwKRGSDCRESYRsGHYZlBFR5AJt2a3kHQlZlERN2QxMRcAiTeaG2QxJ5RnAOv1EOcEdwUMZDD3BIcKzNq3BJcJLUABBwStrNBtjf3GUGBdLfCtadWMzUz6cDxN/IZQMCvdTBcAIAsli0jOHSJeSAqmlhNr0awo7RJ19TJORqdAXVEEVZyjyKtE3Bg3oZE2iK8oeiKkFZGiCaggelSTiA2LhxiZLBSjZjBL2siNBOFQ84LxHA+mYEiRJzBO7ZCQIAIfkECQoAAAAsAAAAAB8AHwAABv9AgHBIFAwIBQPAUCAMBMSodHhAJK5XAPaKOEynCsIWqx0nCIrvcMEwZ90JxkINaMATZXfju9jf82YAIQxRCm14Ww4PChAAEAoPDlsAFRUgHkRiZAkREmoSEXiVlRgfQgeBaXRpo6MOQlZbERN0Qx4drRUcAAJmnrVDBrkVDwNjr8BDGxq5Z2MPyUQZuRgFY6rRABe5FgZjjdm8uRTh2d5b4NkQY0zX5QpjTc/lD2NOx+WSW0++2RJmUGJhmZVsQqgtCE6lqpXGjBchmt50+hQKEAEiht5gUcTIESR9GhlgE9IH0BiTkxrMmWIHDkose9SwcQlHDsOIk9ygiVbl5JgMLuV4HUmypMkTOkEAACH5BAkKAAAALAAAAAAfAB8AAAb/QIBwSBQMCAUDwFAgDATEqHR4QCSuVwD2ijhMpwrCFqsdJwiK73DBMGfdCcZCDWjAE2V347vY3/NmdXNECm14Ww4PChAAEAoPDltlDGlDYmQJERJqEhGHWARUgZVqaWZeAFZbERN0QxOeWwgAAmabrkMSZkZjDrhRkVtHYw+/RA9jSGOkxgpjSWOMxkIQY0rT0wbR2LQV3t4UBcvcF9/eFpdYxdgZ5hUYA73YGxruCbVjt78G7hXFqlhY/fLQwR0HIQdGuUrTz5eQdIc0cfIEwByGD0MKvcGSaFGjR8GyeAPhIUofQGNQSgrB4IsdOCqx7FHDBiYcOQshYjKDxliVDpRjunCjdSTJkiZP6AQBACH5BAkKAAAALAAAAAAfAB8AAAb/QIBwSBQMCAUDwFAgDATEqHR4QCSuVwD2ijhMpwrCFqsdJwiK73DBMGfdCcZCDWjAE2V347vY3/NmdXNECm14Ww4PChAAEAoPDltlDGlDYmQJERJqEhGHWARUgZVqaWZeAFZbERN0QxOeWwgAAmabrkMSZkZjDrhRkVtHYw+/RA9jSGOkxgpjSWOMxkIQY0rT0wbR2I3WBcvczltNxNzIW0693MFYT7bTumNQqlisv7BjswAHo64egFdQAbj0RtOXDQY6VAAUakihN1gSLaJ1IYOGChgXXqEUpQ9ASRlDYhT0xQ4cACJDhqDD5mRKjCAYuArjBmVKDP9+VRljMyMHDwcfuBlBooSCBQwJiqkJAgAh+QQJCgAAACwAAAAAHwAfAAAG/0CAcEgUDAgFA8BQIAwExKh0eEAkrlcA9oo4TKcKwharHScIiu9wwTBn3QnGQg1owBNld+O72N/zZnVzRApteFsODwoQABAKDw5bZQxpQ2JkCRESahIRh1gEVIGVamlmXgBWWxETdEMTnlsIAAJmm65DEmZGYw64UZFbR2MPv0QPY0hjpMYKY0ljjMZCEGNK09MG0diN1gXL3M5bTcTcyFtOvdzBWE+207pjUKpYrL+wY7MAB4EerqZjUAG4lKVCBwMbvnT6dCXUkEIFK0jUkOECFEeQJF2hFKUPAIkgQwIaI+hLiJAoR27Zo4YBCJQgVW4cpMYDBpgVZKL59cEBhw+U+QROQ4bBAoUlTZ7QCQIAIfkECQoAAAAsAAAAAB8AHwAABv9AgHBIFAwIBQPAUCAMBMSodHhAJK5XAPaKOEynCsIWqx0nCIrvcMEwZ90JxkINaMATZXfju9jf82Z1c0QKbXhbDg8KEAAQCg8OW2UMaUNiZAkREmoSEYdYBFSBlWppZl4AVlsRE3RDE55bCAACZpuuQxJmRmMOuFGRW0djD79ED2NIY6TGCmNJY4zGQhBjStPTFBXb21DY1VsGFtzbF9gAzlsFGOQVGefIW2LtGhvYwVgDD+0V17+6Y6BwaNfBwy9YY2YBcMAPnStTY1B9YMdNiyZOngCFGuIBxDZAiRY1eoTvE6UoDEIAGrNSUoNBUuzAaYlljxo2M+HIeXiJpRsRNMaq+JSFCpsRJEqYOPH2JQgAIfkECQoAAAAsAAAAAB8AHwAABv9AgHBIFAwIBQPAUCAMBMSodHhAJK5XAPaKOEynCsIWqx0nCIrvcMEwZ90JxkINaMATZXfjywjlzX9jdXNEHiAVFX8ODwoQABAKDw5bZQxpQh8YiIhaERJqEhF4WwRDDpubAJdqaWZeAByoFR0edEMTolsIAA+yFUq2QxJmAgmyGhvBRJNbA5qoGcpED2MEFrIX0kMKYwUUslDaj2PA4soGY47iEOQFY6vS3FtNYw/m1KQDYw7mzFhPZj5JGzYGipUtESYowzVmF4ADgOCBCZTgFQAxZBJ4AiXqT6ltbUZhWdToUSR/Ii1FWbDnDkUyDQhJsQPn5ZU9atjUhCPHVhgTNy/RSKsiqKFFbUaQKGHiJNyXIAAh+QQJCgAAACwAAAAAHwAfAAAG/0CAcEh8JDAWCsBQIAwExKhU+HFwKlgsIMHlIg7TqQeTLW+7XYIiPGSAymY0mrFgA0LwuLzbCC/6eVlnewkADXVECgxcAGUaGRdQEAoPDmhnDGtDBJcVHQYbYRIRhWgEQwd7AB52AGt7YAAIchETrUITpGgIAAJ7ErdDEnsCA3IOwUSWaAOcaA/JQ0amBXKa0QpyBQZyENFCEHIG39HcaN7f4WhM1uTZaE1y0N/TacZoyN/LXU+/0cNyoMxCUytYLjm8AKSS46rVKzmxADhjlCACMFGkBiU4NUQRxS4OHijwNqnSJS6ZovzRyJAQo0NhGrgs5bIPmwWLCLHsQsfhxBWTe9QkOzCwC8sv5Ho127akyRM7QQAAOwAAAAAAAAAAAA==" alt="' . $LANG['loading'] . '" /></p> |
||
666 | </div>'; |
||
667 | } |
||
668 | |||
669 | /***** Set the correct permission to the config files *****/ |
||
670 | private function _chmodConfigFiles() |
||
671 | { |
||
672 | @chmod(PH7_PATH_APP_CONFIG . 'config.ini', 0644); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
673 | @chmod(PH7_ROOT_PUBLIC . '_constants.php', 0644); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
674 | } |
||
675 | |||
676 | private function _removeSessions() |
||
677 | { |
||
678 | $_SESSION = []; |
||
679 | session_unset(); |
||
680 | session_destroy(); |
||
681 | } |
||
682 | |||
683 | private function _removeCookies() |
||
684 | { |
||
685 | $sCookieName = Controller::SOFTWARE_PREFIX_COOKIE_NAME . '_install_lang'; |
||
686 | // We are asking the browser to delete the cookie. |
||
687 | setcookie($sCookieName, 0, 0); |
||
688 | // and then, we delete the cookie value locally to avoid using it by mistake in following our script. |
||
689 | unset($_COOKIE[$sCookieName]); |
||
690 | } |
||
691 | } |
||
692 |
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.