These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Admin\Controller; |
||
3 | |||
4 | use Redaxscript\Admin; |
||
5 | use Redaxscript\Auth; |
||
6 | use Redaxscript\Filter; |
||
7 | use Redaxscript\Hash; |
||
8 | use Redaxscript\Validator; |
||
9 | use function json_encode; |
||
10 | |||
11 | /** |
||
12 | * children class to process the admin user request |
||
13 | * |
||
14 | * @since 4.0.0 |
||
15 | * |
||
16 | * @package Redaxscript |
||
17 | * @category Controller |
||
18 | * @author Henry Ruhs |
||
19 | */ |
||
20 | |||
21 | class User extends ControllerAbstract |
||
22 | { |
||
23 | /** |
||
24 | * process the class |
||
25 | * |
||
26 | * @since 4.0.0 |
||
27 | * |
||
28 | * @param string $action action to process |
||
29 | * |
||
30 | * @return string |
||
31 | */ |
||
32 | |||
33 | public function process(string $action = null) : string |
||
34 | { |
||
35 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
||
36 | $validateArray = $this->_validatePost($postArray); |
||
0 ignored issues
–
show
|
|||
37 | $passwordHash = new Hash(); |
||
38 | $myId = (int)$this->_registry->get('myId'); |
||
39 | |||
40 | /* validate post */ |
||
41 | |||
42 | if ($validateArray) |
||
0 ignored issues
–
show
The expression
$validateArray of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||
43 | { |
||
44 | return $this->_error( |
||
45 | [ |
||
46 | 'route' => $this->_getErrorRoute($postArray), |
||
0 ignored issues
–
show
It seems like
$postArray defined by $this->_normalizePost($this->_sanitizePost()) on line 35 can also be of type null ; however, Redaxscript\Admin\Contro...\User::_getErrorRoute() does only seem to accept array , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
47 | 'message' => $validateArray |
||
48 | ]); |
||
49 | } |
||
50 | |||
51 | /* handle create */ |
||
52 | |||
53 | if ($action === 'create') |
||
54 | { |
||
55 | $passwordHash->init($postArray['password']); |
||
56 | $createArray = |
||
57 | [ |
||
58 | 'name' => $postArray['name'], |
||
59 | 'user' => $postArray['user'], |
||
60 | 'description' => $postArray['description'], |
||
61 | 'password' => $passwordHash->getHash(), |
||
62 | 'email' => $postArray['email'], |
||
63 | 'language' => $postArray['language'], |
||
64 | 'status' => $postArray['status'], |
||
65 | 'groups' => $postArray['groups'] |
||
66 | ]; |
||
67 | if ($this->_create($createArray)) |
||
68 | { |
||
69 | return $this->_success( |
||
70 | [ |
||
71 | 'route' => $this->_getSuccessRoute($postArray), |
||
72 | 'timeout' => 2 |
||
73 | ]); |
||
74 | } |
||
75 | } |
||
76 | |||
77 | /* handle update */ |
||
78 | |||
79 | if ($action === 'update') |
||
80 | { |
||
81 | $updateFullArray = |
||
82 | [ |
||
83 | 'name' => $postArray['name'], |
||
84 | 'description' => $postArray['description'], |
||
85 | 'email' => $postArray['email'], |
||
86 | 'language' => $postArray['language'], |
||
87 | 'status' => $postArray['status'], |
||
88 | 'groups' => $postArray['groups'] |
||
89 | ]; |
||
90 | $updateLiteArray = |
||
91 | [ |
||
92 | 'name' => $postArray['name'], |
||
93 | 'description' => $postArray['description'], |
||
94 | 'email' => $postArray['email'], |
||
95 | 'language' => $postArray['language'] |
||
96 | ]; |
||
97 | if ($postArray['password']) |
||
98 | { |
||
99 | $passwordHash->init($postArray['password']); |
||
100 | $updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash(); |
||
101 | } |
||
102 | if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray)) |
||
103 | { |
||
104 | if ($postArray['id'] === $myId) |
||
105 | { |
||
106 | $this->_refresh($postArray); |
||
107 | } |
||
108 | return $this->_success( |
||
109 | [ |
||
110 | 'route' => $this->_getSuccessRoute($postArray), |
||
111 | 'timeout' => 2 |
||
112 | ]); |
||
113 | } |
||
114 | } |
||
115 | |||
116 | /* handle error */ |
||
117 | |||
118 | return $this->_error( |
||
119 | [ |
||
120 | 'route' => $this->_getErrorRoute($postArray) |
||
0 ignored issues
–
show
It seems like
$postArray defined by $this->_normalizePost($this->_sanitizePost()) on line 35 can also be of type null ; however, Redaxscript\Admin\Contro...\User::_getErrorRoute() does only seem to accept array , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
121 | ]); |
||
122 | } |
||
123 | |||
124 | /** |
||
125 | * sanitize the post |
||
126 | * |
||
127 | * @since 4.0.0 |
||
128 | * |
||
129 | * @return array |
||
130 | */ |
||
131 | |||
132 | protected function _sanitizePost() : array |
||
133 | { |
||
134 | $numberFilter = new Filter\Number(); |
||
135 | $specialFilter = new Filter\Special(); |
||
136 | $emailFilter = new Filter\Email(); |
||
137 | |||
138 | /* sanitize post */ |
||
139 | |||
140 | return |
||
141 | [ |
||
142 | 'id' => $numberFilter->sanitize($this->_request->getPost('id')), |
||
0 ignored issues
–
show
It seems like
$this->_request->getPost('id') targeting Redaxscript\Request::getPost() can also be of type array ; however, Redaxscript\Filter\Number::sanitize() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
143 | 'name' => $this->_request->getPost('name'), |
||
144 | 'user' => $this->_request->getPost('user'), |
||
145 | 'description' => $this->_request->getPost('description'), |
||
146 | 'password' => $this->_request->getPost('password'), |
||
147 | 'password_confirm' => $this->_request->getPost('password_confirm'), |
||
148 | 'email' => $emailFilter->sanitize($this->_request->getPost('email')), |
||
0 ignored issues
–
show
It seems like
$this->_request->getPost('email') targeting Redaxscript\Request::getPost() can also be of type array ; however, Redaxscript\Filter\Email::sanitize() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
149 | 'language' => $specialFilter->sanitize($this->_request->getPost('language')), |
||
0 ignored issues
–
show
It seems like
$this->_request->getPost('language') targeting Redaxscript\Request::getPost() can also be of type array ; however, Redaxscript\Filter\Special::sanitize() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
150 | 'status' => $numberFilter->sanitize($this->_request->getPost('status')), |
||
0 ignored issues
–
show
It seems like
$this->_request->getPost('status') targeting Redaxscript\Request::getPost() can also be of type array ; however, Redaxscript\Filter\Number::sanitize() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
151 | 'groups' => json_encode($this->_request->getPost('groups')) |
||
152 | ]; |
||
153 | } |
||
154 | |||
155 | /** |
||
156 | * validate the post |
||
157 | * |
||
158 | * @since 4.0.0 |
||
159 | * |
||
160 | * @param array $postArray array of the post |
||
161 | * |
||
162 | * @return array |
||
163 | */ |
||
164 | |||
165 | protected function _validatePost(array $postArray = []) : array |
||
166 | { |
||
167 | $loginValidator = new Validator\Login(); |
||
168 | $emailValidator = new Validator\Email(); |
||
169 | $userModel = new Admin\Model\User(); |
||
170 | $validateArray = []; |
||
171 | |||
172 | /* validate post */ |
||
173 | |||
174 | if (!$postArray['name']) |
||
175 | { |
||
176 | $validateArray[] = $this->_language->get('name_empty'); |
||
177 | } |
||
178 | if (!$postArray['id']) |
||
179 | { |
||
180 | if (!$postArray['user']) |
||
181 | { |
||
182 | $validateArray[] = $this->_language->get('user_empty'); |
||
183 | } |
||
184 | else if (!$loginValidator->validate($postArray['user'])) |
||
185 | { |
||
186 | $validateArray[] = $this->_language->get('user_incorrect'); |
||
187 | } |
||
188 | else if ($userModel->getByUser($postArray['user'])) |
||
189 | { |
||
190 | $validateArray[] = $this->_language->get('user_exists'); |
||
191 | } |
||
192 | if (!$postArray['password']) |
||
193 | { |
||
194 | $validateArray[] = $this->_language->get('password_empty'); |
||
195 | } |
||
196 | else if (!$loginValidator->validate($postArray['password'])) |
||
197 | { |
||
198 | $validateArray[] = $this->_language->get('password_incorrect'); |
||
199 | } |
||
200 | else if ($postArray['password'] !== $postArray['password_confirm']) |
||
201 | { |
||
202 | $validateArray[] = $this->_language->get('password_mismatch'); |
||
203 | } |
||
204 | } |
||
205 | else if ($postArray['password']) |
||
206 | { |
||
207 | if (!$loginValidator->validate($postArray['password'])) |
||
208 | { |
||
209 | $validateArray[] = $this->_language->get('password_incorrect'); |
||
210 | } |
||
211 | else if ($postArray['password'] !== $postArray['password_confirm']) |
||
212 | { |
||
213 | $validateArray[] = $this->_language->get('password_mismatch'); |
||
214 | } |
||
215 | } |
||
216 | if (!$emailValidator->validate($postArray['email'])) |
||
217 | { |
||
218 | $validateArray[] = $this->_language->get('email_incorrect'); |
||
219 | } |
||
220 | return $validateArray; |
||
221 | } |
||
222 | |||
223 | /** |
||
224 | * create the user |
||
225 | * |
||
226 | * @since 4.0.0 |
||
227 | * |
||
228 | * @param array $createArray array of the create |
||
229 | * |
||
230 | * @return bool |
||
231 | */ |
||
232 | |||
233 | protected function _create(array $createArray = []) : bool |
||
234 | { |
||
235 | $userModel = new Admin\Model\User(); |
||
236 | return $userModel->createByArray($createArray); |
||
237 | } |
||
238 | |||
239 | /** |
||
240 | * update the user |
||
241 | * |
||
242 | * @since 4.0.0 |
||
243 | * |
||
244 | * @param int $userId identifier of the user |
||
245 | * @param array $updateArray array of the update |
||
246 | * |
||
247 | * @return bool |
||
248 | */ |
||
249 | |||
250 | protected function _update(int $userId = null, array $updateArray = []) : bool |
||
251 | { |
||
252 | $userModel = new Admin\Model\User(); |
||
253 | return $userModel->updateByIdAndArray($userId, $updateArray); |
||
254 | } |
||
255 | |||
256 | /** |
||
257 | * refresh the auth |
||
258 | * |
||
259 | * @since 4.0.0 |
||
260 | * |
||
261 | * @param array $refreshArray array of the update |
||
262 | */ |
||
263 | |||
264 | protected function _refresh(array $refreshArray = []) : void |
||
265 | { |
||
266 | $auth = new Auth($this->_request); |
||
267 | $auth->init(); |
||
268 | $auth->setUser('name', $refreshArray['name']); |
||
269 | $auth->setUser('email', $refreshArray['email']); |
||
270 | $auth->setUser('language', $refreshArray['language']); |
||
271 | $auth->save(); |
||
272 | } |
||
273 | |||
274 | /** |
||
275 | * get success route |
||
276 | * |
||
277 | * @since 4.0.0 |
||
278 | * |
||
279 | * @param array $postArray array of the post |
||
280 | * |
||
281 | * @return string |
||
282 | */ |
||
283 | |||
284 | protected function _getSuccessRoute(array $postArray = []) : string |
||
285 | { |
||
286 | if ($this->_registry->get('usersEdit') && $postArray['id']) |
||
287 | { |
||
288 | return 'admin/view/users#row-' . $postArray['id']; |
||
289 | } |
||
290 | if ($this->_registry->get('usersEdit') && $postArray['user']) |
||
291 | { |
||
292 | $userModel = new Admin\Model\User(); |
||
293 | return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id; |
||
294 | } |
||
295 | return 'admin'; |
||
296 | } |
||
297 | |||
298 | /** |
||
299 | * get error route |
||
300 | * |
||
301 | * @since 4.0.0 |
||
302 | * |
||
303 | * @param array $postArray array of the post |
||
304 | * |
||
305 | * @return string |
||
306 | */ |
||
307 | |||
308 | protected function _getErrorRoute(array $postArray = []) : string |
||
309 | { |
||
310 | if ($this->_registry->get('usersEdit') && $postArray['id']) |
||
311 | { |
||
312 | return 'admin/edit/users/' . $postArray['id']; |
||
313 | } |
||
314 | if ($this->_registry->get('usersNew')) |
||
315 | { |
||
316 | return 'admin/new/users'; |
||
317 | } |
||
318 | return 'admin'; |
||
319 | } |
||
320 | } |
||
321 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.