These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Html; |
||
6 | use Redaxscript\Mailer; |
||
7 | use Redaxscript\Model; |
||
8 | use Redaxscript\Validator; |
||
9 | use function sha1; |
||
10 | |||
11 | /** |
||
12 | * children class to process the recover request |
||
13 | * |
||
14 | * @since 3.0.0 |
||
15 | * |
||
16 | * @package Redaxscript |
||
17 | * @category Controller |
||
18 | * @author Henry Ruhs |
||
19 | * @author Balázs Szilágyi |
||
20 | */ |
||
21 | |||
22 | class Recover extends ControllerAbstract |
||
23 | { |
||
24 | /** |
||
25 | * process the class |
||
26 | * |
||
27 | * @since 3.0.0 |
||
28 | * |
||
29 | * @return string |
||
30 | */ |
||
31 | 5 | ||
32 | public function process() : string |
||
33 | 5 | { |
|
34 | 5 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
35 | 5 | $validateArray = $this->_validatePost($postArray); |
|
36 | $users = $this->_getUsers($postArray); |
||
37 | |||
38 | /* validate post */ |
||
39 | 5 | ||
40 | if ($validateArray) |
||
41 | 3 | { |
|
42 | return $this->_error( |
||
43 | 3 | [ |
|
44 | 3 | 'route' => 'login/recover', |
|
45 | 'message' => $validateArray |
||
46 | ]); |
||
47 | } |
||
48 | |||
49 | /* handle mail and validate user */ |
||
50 | 2 | ||
51 | 2 | $validateArray = []; |
|
52 | foreach ($users as $user) |
||
0 ignored issues
–
show
|
|||
53 | { |
||
54 | $mailArray = |
||
55 | 2 | [ |
|
56 | 2 | 'id' => $user->id, |
|
57 | 2 | 'name' => $user->name, |
|
58 | 2 | 'user' => $user->user, |
|
59 | 2 | 'password' => $user->password, |
|
60 | 'email' => $user->email |
||
61 | 2 | ]; |
|
62 | if (!$this->_mail($mailArray)) |
||
63 | 1 | { |
|
64 | return $this->_error( |
||
65 | 1 | [ |
|
66 | 1 | 'route' => 'login/recover', |
|
67 | 'message' => $this->_language->get('email_failed') |
||
68 | ]); |
||
69 | 1 | } |
|
70 | $validateArray[] = $user->name . $this->_language->get('colon') . ' ' . $this->_language->get('recovery_sent'); |
||
71 | 1 | } |
|
72 | if ($validateArray) |
||
73 | 1 | { |
|
74 | return $this->_success( |
||
75 | 1 | [ |
|
76 | 1 | 'route' => 'login', |
|
77 | 1 | 'timeout' => 2, |
|
78 | 'message' => $validateArray |
||
79 | ]); |
||
80 | } |
||
81 | |||
82 | /* handle error */ |
||
83 | |||
84 | return $this->_error( |
||
85 | [ |
||
86 | 'route' => 'login/recover' |
||
87 | ]); |
||
88 | } |
||
89 | |||
90 | /** |
||
91 | * sanitize the post |
||
92 | * |
||
93 | * @since 4.0.0 |
||
94 | * |
||
95 | * @return array |
||
96 | */ |
||
97 | 5 | ||
98 | protected function _sanitizePost() : array |
||
99 | 5 | { |
|
100 | 5 | $numberFilter = new Filter\Number(); |
|
101 | $emailFilter = new Filter\Email(); |
||
102 | |||
103 | /* sanitize post */ |
||
104 | |||
105 | return |
||
106 | 5 | [ |
|
107 | 5 | 'email' => $emailFilter->sanitize($this->_request->getPost('email')), |
|
108 | 5 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
109 | 'solution' => $this->_request->getPost('solution') |
||
110 | ]; |
||
111 | } |
||
112 | |||
113 | /** |
||
114 | * validate the post |
||
115 | * |
||
116 | * @since 3.0.0 |
||
117 | * |
||
118 | * @param array $postArray array of the post |
||
119 | * |
||
120 | * @return array |
||
121 | */ |
||
122 | 5 | ||
123 | protected function _validatePost(array $postArray = []) : array |
||
124 | 5 | { |
|
125 | 5 | $emailValidator = new Validator\Email(); |
|
126 | 5 | $captchaValidator = new Validator\Captcha(); |
|
127 | 5 | $userModel = new Model\User(); |
|
128 | 5 | $settingModel = new Model\Setting(); |
|
129 | $validateArray = []; |
||
130 | |||
131 | /* validate post */ |
||
132 | 5 | ||
133 | if (!$postArray['email']) |
||
134 | 1 | { |
|
135 | $validateArray[] = $this->_language->get('email_empty'); |
||
136 | 4 | } |
|
137 | else if (!$emailValidator->validate($postArray['email'])) |
||
138 | 1 | { |
|
139 | $validateArray[] = $this->_language->get('email_incorrect'); |
||
140 | 3 | } |
|
141 | else if (!$userModel->query()->where('email', $postArray['email'])->findOne()->id) |
||
142 | 1 | { |
|
143 | $validateArray[] = $this->_language->get('email_unknown'); |
||
144 | 5 | } |
|
145 | if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
||
146 | 1 | { |
|
147 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
||
148 | 5 | } |
|
149 | return $validateArray; |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * get the users |
||
154 | * |
||
155 | * @since 4.0.0 |
||
156 | * |
||
157 | * @param array $postArray array of the post |
||
158 | * |
||
159 | * @return object|null |
||
160 | */ |
||
161 | 5 | ||
162 | protected function _getUsers(array $postArray = []) : ?object |
||
163 | 5 | { |
|
164 | $userModel = new Model\User(); |
||
165 | 5 | return $userModel |
|
166 | 5 | ->query() |
|
167 | ->where( |
||
168 | 5 | [ |
|
169 | 5 | 'email' => $postArray['email'], |
|
170 | 'status' => 1 |
||
171 | 5 | ]) |
|
172 | ->findMany() ? : null; |
||
173 | } |
||
174 | |||
175 | /** |
||
176 | * send the mail |
||
177 | * |
||
178 | * @since 3.0.0 |
||
179 | * |
||
180 | * @param array $mailArray array of the mail |
||
181 | * |
||
182 | * @return bool |
||
183 | */ |
||
184 | 1 | ||
185 | protected function _mail(array $mailArray = []) : bool |
||
186 | 1 | { |
|
187 | 1 | $settingModel = new Model\Setting(); |
|
188 | $urlReset = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login/reset/' . sha1($mailArray['password']) . '/' . $mailArray['id']; |
||
189 | |||
190 | /* html element */ |
||
191 | 1 | ||
192 | $linkElement = new Html\Element(); |
||
193 | 1 | $linkElement |
|
194 | ->init('a', |
||
195 | 1 | [ |
|
196 | 'href' => $urlReset |
||
197 | 1 | ]) |
|
198 | ->text($urlReset); |
||
199 | |||
200 | /* prepare mail */ |
||
201 | |||
202 | $toArray = |
||
203 | 1 | [ |
|
204 | $mailArray['name'] => $mailArray['email'] |
||
205 | ]; |
||
206 | $fromArray = |
||
207 | 1 | [ |
|
208 | $settingModel->get('author') => $settingModel->get('email') |
||
209 | 1 | ]; |
|
210 | $subject = $this->_language->get('recovery'); |
||
211 | $bodyArray = |
||
212 | 1 | [ |
|
213 | 1 | $this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'], |
|
214 | 1 | '<br />', |
|
215 | $this->_language->get('password_reset') . $this->_language->get('colon') . ' ' . $linkElement |
||
216 | ]; |
||
217 | |||
218 | /* send mail */ |
||
219 | 1 | ||
220 | 1 | $mailer = new Mailer(); |
|
221 | 1 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
222 | return $mailer->send(); |
||
223 | } |
||
224 | } |
||
225 |
There are different options of fixing this problem.
If you want to be on the safe side, you can add an additional type-check:
If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:
Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.