These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Html; |
||
6 | use Redaxscript\Mailer; |
||
7 | use Redaxscript\Model; |
||
8 | use Redaxscript\Validator; |
||
9 | use function sha1; |
||
10 | |||
11 | /** |
||
12 | * children class to process the recover request |
||
13 | * |
||
14 | * @since 3.0.0 |
||
15 | * |
||
16 | * @package Redaxscript |
||
17 | * @category Controller |
||
18 | * @author Henry Ruhs |
||
19 | * @author Balázs Szilágyi |
||
20 | */ |
||
21 | |||
22 | class Recover extends ControllerAbstract |
||
23 | { |
||
24 | /** |
||
25 | * process the class |
||
26 | * |
||
27 | * @since 3.0.0 |
||
28 | * |
||
29 | * @return string |
||
30 | */ |
||
31 | |||
32 | 5 | public function process() : string |
|
33 | { |
||
34 | 5 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
35 | 5 | $validateArray = $this->_validatePost($postArray); |
|
36 | 5 | $users = $this->_getUsers($postArray); |
|
37 | |||
38 | /* validate post */ |
||
39 | |||
40 | 5 | if ($validateArray) |
|
0 ignored issues
–
show
|
|||
41 | { |
||
42 | 3 | return $this->_error( |
|
43 | [ |
||
44 | 3 | 'route' => 'login/recover', |
|
45 | 3 | 'message' => $validateArray |
|
46 | ]); |
||
47 | } |
||
48 | |||
49 | /* handle mail and validate user */ |
||
50 | |||
51 | 2 | $validateArray = []; |
|
52 | 2 | foreach ($users as $user) |
|
0 ignored issues
–
show
The expression
$users of type array|object<IdiormResultSet>|null is not guaranteed to be traversable. How about adding an additional type check?
There are different options of fixing this problem.
Loading history...
|
|||
53 | { |
||
54 | $mailArray = |
||
55 | [ |
||
56 | 2 | 'id' => $user->id, |
|
57 | 2 | 'name' => $user->name, |
|
58 | 2 | 'user' => $user->user, |
|
59 | 2 | 'password' => $user->password, |
|
60 | 2 | 'email' => $user->email |
|
61 | ]; |
||
62 | 2 | if (!$this->_mail($mailArray)) |
|
63 | { |
||
64 | 1 | return $this->_error( |
|
65 | [ |
||
66 | 1 | 'route' => 'login/recover', |
|
67 | 1 | 'message' => $this->_language->get('email_failed') |
|
68 | ]); |
||
69 | } |
||
70 | 1 | $validateArray[] = $user->name . $this->_language->get('colon') . ' ' . $this->_language->get('recovery_sent'); |
|
71 | } |
||
72 | 1 | if ($validateArray) |
|
0 ignored issues
–
show
The expression
$validateArray of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||
73 | { |
||
74 | 1 | return $this->_success( |
|
75 | [ |
||
76 | 1 | 'route' => 'login', |
|
77 | 1 | 'timeout' => 2, |
|
78 | 1 | 'message' => $validateArray |
|
79 | ]); |
||
80 | } |
||
81 | |||
82 | /* handle error */ |
||
83 | |||
84 | return $this->_error( |
||
85 | [ |
||
86 | 'route' => 'login/recover' |
||
87 | ]); |
||
88 | } |
||
89 | |||
90 | /** |
||
91 | * sanitize the post |
||
92 | * |
||
93 | * @since 4.0.0 |
||
94 | * |
||
95 | * @return array |
||
96 | */ |
||
97 | |||
98 | 5 | protected function _sanitizePost() : array |
|
99 | { |
||
100 | 5 | $emailFilter = new Filter\Email(); |
|
101 | 5 | $numberFilter = new Filter\Number(); |
|
102 | 5 | $textFilter = new Filter\Text(); |
|
103 | |||
104 | /* sanitize post */ |
||
105 | |||
106 | return |
||
107 | [ |
||
108 | 5 | 'email' => $emailFilter->sanitize($this->_request->getPost('email')), |
|
109 | 5 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
110 | 5 | 'solution' => $textFilter->sanitize($this->_request->getPost('solution')) |
|
111 | ]; |
||
112 | } |
||
113 | |||
114 | /** |
||
115 | * validate the post |
||
116 | * |
||
117 | * @since 3.0.0 |
||
118 | * |
||
119 | * @param array $postArray array of the post |
||
120 | * |
||
121 | * @return array |
||
122 | */ |
||
123 | |||
124 | 5 | protected function _validatePost(array $postArray = []) : array |
|
125 | { |
||
126 | 5 | $emailValidator = new Validator\Email(); |
|
127 | 5 | $captchaValidator = new Validator\Captcha(); |
|
128 | 5 | $userModel = new Model\User(); |
|
129 | 5 | $settingModel = new Model\Setting(); |
|
130 | 5 | $validateArray = []; |
|
131 | |||
132 | /* validate post */ |
||
133 | |||
134 | 5 | if (!$postArray['email']) |
|
135 | { |
||
136 | 1 | $validateArray[] = $this->_language->get('email_empty'); |
|
137 | } |
||
138 | 4 | else if (!$emailValidator->validate($postArray['email'])) |
|
139 | { |
||
140 | 1 | $validateArray[] = $this->_language->get('email_incorrect'); |
|
141 | } |
||
142 | 3 | else if (!$userModel->query()->where('email', $postArray['email'])->findOne()->id) |
|
143 | { |
||
144 | 1 | $validateArray[] = $this->_language->get('email_unknown'); |
|
145 | } |
||
146 | 5 | if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
|
147 | { |
||
148 | 1 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
|
149 | } |
||
150 | 5 | return $validateArray; |
|
151 | } |
||
152 | |||
153 | /** |
||
154 | * get the users |
||
155 | * |
||
156 | * @since 4.0.0 |
||
157 | * |
||
158 | * @param array $postArray array of the post |
||
159 | * |
||
160 | * @return object|null |
||
161 | */ |
||
162 | |||
163 | 5 | protected function _getUsers(array $postArray = []) : ?object |
|
164 | { |
||
165 | 5 | $userModel = new Model\User(); |
|
166 | return $userModel |
||
167 | 5 | ->query() |
|
168 | 5 | ->where( |
|
169 | [ |
||
170 | 5 | 'email' => $postArray['email'], |
|
171 | 5 | 'status' => 1 |
|
172 | ]) |
||
173 | 5 | ->findMany() ? : null; |
|
174 | } |
||
175 | |||
176 | /** |
||
177 | * send the mail |
||
178 | * |
||
179 | * @since 3.0.0 |
||
180 | * |
||
181 | * @param array $mailArray array of the mail |
||
182 | * |
||
183 | * @return bool |
||
184 | */ |
||
185 | |||
186 | 1 | protected function _mail(array $mailArray = []) : bool |
|
187 | { |
||
188 | 1 | $settingModel = new Model\Setting(); |
|
189 | 1 | $urlReset = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login/reset/' . sha1($mailArray['password']) . '/' . $mailArray['id']; |
|
190 | |||
191 | /* html element */ |
||
192 | |||
193 | 1 | $linkElement = new Html\Element(); |
|
194 | $linkElement |
||
195 | 1 | ->init('a', |
|
196 | [ |
||
197 | 1 | 'href' => $urlReset |
|
198 | ]) |
||
199 | 1 | ->text($urlReset); |
|
200 | |||
201 | /* prepare mail */ |
||
202 | |||
203 | $toArray = |
||
204 | [ |
||
205 | 1 | $mailArray['name'] => $mailArray['email'] |
|
206 | ]; |
||
207 | $fromArray = |
||
208 | [ |
||
209 | 1 | $settingModel->get('author') => $settingModel->get('email') |
|
210 | ]; |
||
211 | 1 | $subject = $this->_language->get('recovery'); |
|
212 | $bodyArray = |
||
213 | [ |
||
214 | 1 | $this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'], |
|
215 | 1 | '<br />', |
|
216 | 1 | $this->_language->get('password_reset') . $this->_language->get('colon') . ' ' . $linkElement |
|
217 | ]; |
||
218 | |||
219 | /* send mail */ |
||
220 | |||
221 | 1 | $mailer = new Mailer(); |
|
222 | 1 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
223 | 1 | return $mailer->send(); |
|
224 | } |
||
225 | } |
||
226 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.