Issues in RegisterAndEditDetailsPage.php (master) - Issues in master - sunnysideup/silverstripe-userpage - Measure and Improve Code Quality continuously with Scrutinizer

Issues (24)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/RegisterAndEditDetailsPage.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
    * Page containing an edit details form
    * Uses Member::getMemberFormFields() to know what to make available for editing
    */
class RegisterAndEditDetailsPage extends Page
{
    private static $icon = "userpage/images/treeicons/RegisterAndEditDetailsPage";

    private static $can_be_root = false;

    private static $db = array(
        "ThankYouTitle" => "Varchar(255)",
        "ThankYouContent" => "HTMLText",
        "WelcomeTitle" => "Varchar(255)",
        "WelcomeContent" => "HTMLText",
        "TitleLoggedIn" => "Varchar(255)",
        "MenuTitleLoggedIn" => "Varchar(255)",
        "ContentLoggedIn" => "HTMLText",
        "ErrorEmailAddressAlreadyExists" => "Varchar(255)",
        "ErrorBadEmail" => "Varchar(255)",
        "ErrorPasswordDoNotMatch" => "Varchar(255)",
        "ErrorMustSupplyPassword" => "Varchar(255)"
    );

    private static $register_group_title = "Registered users";

    private static $register_group_code = "registrations";

    private static $register_group_access_key = "REGISTRATIONS";

    protected function showLoggedInFields()
    {
        if (!$this->isCMSRead() && Member::currentUser()) {
            return true;
        }
    }

    protected function isCMSRead()
    {
        return $this->isCMS || Controller::curr()->getRequest()->param("URLSegment") == "admin";
    }

    /**
     * Returns a link to this page that will, on completion,
     * redirect back to the another page
     *@param String - $link
     *@return String - $link
     **/


    public function link_for_going_to_page_via_making_user($link)
    {
        $registerAndEditDetailsPage = RegisterAndEditDetailsPage::get()->first();
        if ($registerAndEditDetailsPage) {
            return $registerAndEditDetailsPage->Link()."?BackURL=".urlencode($link);
        }
    }

    public function getCMSFields()
    {
        $fields = parent::getCMSFields();
        $this->isCMS = true;
        $fields->addFieldToTab('Root.LoggedIn', new TextField('TitleLoggedIn', 'Title when user is Logged In'));
        $fields->addFieldToTab('Root.LoggedIn', new TextField('MenuTitleLoggedIn', 'Navigation Label when user is Logged In'));
        $fields->addFieldToTab('Root.Welcome', new TextField('WelcomeTitle', 'Welcome Title (afer user creates an account)'));
        $fields->addFieldToTab('Root.Welcome', new HtmlEditorField('WelcomeContent', 'Welcome message (afer user creates an account)'));
        $fields->addFieldToTab('Root.UpdatingDetails', new TextField('ThankYouTitle', 'Thank you Title (afer user updates their details)'));
        $fields->addFieldToTab('Root.UpdatingDetails', new HtmlEditorField('ThankYouContent', 'Thank you message (afer user updates their details)'));
        $fields->addFieldToTab('Root.LoggedIn', new HtmlEditorField('ContentLoggedIn', 'Content when user is Logged In'));
        $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorEmailAddressAlreadyExists', 'Error shown when email address is already registered'));
        $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorBadEmail', 'Bad email'));
        $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorPasswordDoNotMatch', 'Error shown when passwords do not match'));
        $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorMustSupplyPassword', 'Error shown when new user does not supply password'));
        return $fields;
    }

    public function canCreate($member = null)
    {
        return RegisterAndEditDetailsPage::get()->count() ? false : true;
    }

    public function requireDefaultRecords()
    {
        parent::requireDefaultRecords();
        $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
        $update = array();
        $group = Group::get()
            ->filter(array("Code" => self::$register_group_code))->first();
        if (!$group) {
            $group = new Group();
            $group->Code = self::$register_group_code;
            $group->Title = self::$register_group_title;
            $group->write();
            Permission::grant($group->ID, self::$register_group_access_key);
            DB::alteration_message("GROUP: ".self::$register_group_code.' ('.self::$register_group_title.')', "created");
        } elseif (DB::query("SELECT * FROM Permission WHERE {$bt}GroupID{$bt} = ".$group->ID." AND {$bt}Code{$bt} = '".self::$register_group_access_key."'")->numRecords() == 0) {
            Permission::grant($group->ID, self::$register_group_access_key);
        }
        $page = RegisterAndEditDetailsPage::get()->first();
        if (!$page) {
            $page = new RegisterAndEditDetailsPage();
            $page->Title = "Register";
            $page->URLSegment = "register";
            $page->MenuTitle = "Register";
            $update[] = "created RegisterAndEditDetailsPage";
        }
        if ($page) {

            //REGISTER
            if (strlen($page->Content) < 17) {
                $page->Content = "<p>Please log in or register here.</p>";
                $update[] =  "updated Content";
            }

            //WELCOME !
            if (!$page->WelcomeTitle) {
                $page->WelcomeTitle = "Thank you for registering";
                $update[] =  "updated WelcomeTitle";
            }
            if (strlen($page->WelcomeContent) < 17) {
                $page->WelcomeContent = "<p>Thank you for registration. Please make sure to remember your username and password.</p>";
                $update[] =  "updated WelcomeContent";
            }

            // WELCOME BACK
            if (!$page->TitleLoggedIn) {
                $page->TitleLoggedIn = "Welcome back";
                $update[] =  "updated TitleLoggedIn";
            }
            if (!$page->MenuTitleLoggedIn) {
                $page->MenuTitleLoggedIn = "Welcome back";
                $update[] =  "updated MenuTitleLoggedIn";
            }
            if (strlen($page->ContentLoggedIn) < 17) {
                $page->ContentLoggedIn = "<p>Welcome back - you can do the following ....</p>";
                $update[] =  "updated ContentLoggedIn";
            }

            //THANK YOU FOR UPDATING
            if (!$page->ThankYouTitle) {
                $page->ThankYouTitle = "Thank you for updating your details";
                $update[] =  "updated ThankYouTitle";
            }
            if (strlen($page->ThankYouContent) < 17) {
                $page->ThankYouContent = "<p>Thank you for updating your details. </p>";
                $update[] =  "updated ThankYouContent";
            }

            //ERRORS!
            if (!$page->ErrorEmailAddressAlreadyExists) {
                $page->ErrorEmailAddressAlreadyExists = "Sorry, that email address is already in use by someone else. You may have setup an account in the past or mistyped your email address.";
                $update[] =  "updated ErrorEmailAddressAlreadyExists";
            }
            if (!$page->ErrorBadEmail) {
                $page->ErrorBadEmail = "Sorry, that does not appear a valid email address.";
                $update[] =  "updated ErrorBadEmail";
            }
            if (!$page->ErrorPasswordDoNotMatch) {
                $page->ErrorPasswordDoNotMatch = "Your passwords do not match. Please try again.";
                $update[] =  "updated ErrorPasswordDoNotMatch";
            }
            if (!$page->ErrorMustSupplyPassword) {
                $page->ErrorMustSupplyPassword = "Your must supply a password.";
                $update[] =  "updated ErrorMustSupplyPassword";
            }
            if (count($update)) {
                $page->writeToStage('Stage');
                $page->publish('Stage', 'Live');
                DB::alteration_message($page->ClassName." created/updated: <ul><li>".implode("</li><li>", $update)."</li></ul>", 'created');
            }
        }
    }
}

class RegisterAndEditDetailsPage_Controller extends Page_Controller
{
    private static $fields_to_remove = array("Locale","DateFormat", "TimeFormat");


    private static $required_fields = array("FirstName","Email");


    private static $minutes_before_member_is_not_new_anymore = 30;

    public function init()
    {
        parent::init();
        if ($this->showLoggedInFields()) {
            $field = "TitleLoggedIn";
        } else {
            $field = "Title";
        }
        $this->Title = $this->getField($field);
        if ($this->showLoggedInFields()) {
            $field = "MenuTitleLoggedIn";
        } else {
            $field = "MenuTitle";
        }
        $this->MenuTitle =  $this->getField($field);
        if ($this->showLoggedInFields()) {
            $field = "ContentLoggedIn";
        } else {
            $field = "Content";
        }
        $this->Content =  $this->getField($field);
    }

    public function index()
    {
        if (Director::is_ajax()) {
            return $this->renderWith(array("RegisterAndEditDetailsPageAjax", "RegisterAndEditDetailsPage"));
        }
        return array();
    }

    public function Form()
    {
        if (isset($_REQUEST["BackURL"])) {
            Session::set('BackURL', $_REQUEST["BackURL"]);
        }
        $member = Member::currentUser();
        $fields = new FieldList();

        $passwordField = null;
        if ($member) {
            $name = $member->getName();
            //if($member && $member->Password != '') {$passwordField->setCanBeEmpty(true);}
            $action = new FormAction("submit", "Update your details");
            $action->addExtraClass("updateButton");
            $actions = new FieldList($action);
        } else {
            $passwordField = new ConfirmedPasswordField("Password", "Password");
            $action = new FormAction("submit", "Register");
            $action->addExtraClass("registerButton");
            $actions = new FieldList($action);
            $member = new Member();
        }
        $memberFormFields = $member->getMemberFormFields();

        if ($memberFormFields) {
            if (is_array(self::$fields_to_remove) && count(self::$fields_to_remove)) {
                foreach (self::$fields_to_remove as $fieldName) {
                    $memberFormFields->removeByName($fieldName);
                }
            }
            $fields->merge($memberFormFields);
        }
        if ($passwordField) {
            $fields->push($passwordField);
        }
        foreach (self::$required_fields as $fieldName) {
            $fields->fieldByName($fieldName)->addExtraClass("RequiredField");
        }
        $requiredFields = new RequiredFields(self::$required_fields);
        $form = new Form($this, "Form", $fields, $actions, $requiredFields);
        // Load any data avaliable into the form.
        if ($member) {
            $member->Password = null;
            $form->loadDataFrom($member);
        }
        $data = Session::get("FormInfo.Form_Form.data");
        if (is_array($data)) {
            $form->loadDataFrom($data);
        }

        // Optional spam protection
        if (class_exists('SpamProtectorManager')) {
            SpamProtectorManager::update_form($form);
        }
        if (!isset($_REQUEST["Password"])) {
            $form->fields()->fieldByName("Password")->SetValue("");
        }
        return $form;
    }


    /**
     * Save the changes to the form
     */
    public function submit($data, $form)
    {
        $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
        $member = Member::currentUser();
        $newMember = false;
        Session::set("FormInfo.Form_Form.data", $data);
        $emailField = new EmailField("Email");
        $emailField->setValue($data["Email"]);
        if ($emailField) {
            if (!$emailField->validate($form->validator)) {
                $form->addErrorMessage("Blurb", $this->ErrorBadEmail, "bad");
                $this->redirectBack();
                return;
            }
        }
        if (!$member) {
            $newMember = true;
            $member = Object::create('Member');
            $form->sessionMessage($this->WelcomeTitle, 'good');
            $id = 0;
        } else {
            $form->sessionMessage($this->ThankYouTitle, 'good');
            $id = $member->ID;
        }

        //validation
        if ($existingMember = Member::get()->filter(array("Email" => Convert::raw2sql($data['Email'])))->exclude(array("ID" => $id))->first()) {
            $form->addErrorMessage("Blurb", $this->ErrorEmailAddressAlreadyExists, "bad");
            return $this->redirectBack();
        }
        // check password fields are the same before saving
        if ($data["Password"]["_Password"] != $data["Password"]["_ConfirmPassword"]) {
            $form->addErrorMessage("Password", $this->ErrorPasswordDoNotMatch, "bad");
            return $this->redirectBack();
        }

        if (!$id && !$data["Password"]["_Password"]) {
            $form->addErrorMessage("Password", $this->ErrorMustSupplyPassword, "bad");
            return $this->redirectBack();
        }
        $password = $member->Password;
        if (isset($data["Password"]["Password"]) && strlen($data["Password"]["Password"]) > 3) {
            $password = $data["Password"]["Password"];
        }
        $form->saveInto($member);
        $member->changePassword($password);
        $member->write();
        if ($newMember) {
            $form->saveInto($member);
            $member->write();
        }
        //adding to group
        $group = Group::get()
            ->filter(array("Code" => self::$register_group_code))
            ->first();
        if ($group) {
            $member->Groups()->add($group);
        }
        if ($newMember) {
            $member->logIn();
            $link = ContentController::join_links($this->Link(), 'welcome');
        } else {
            $link = ContentController::join_links($this->Link(), 'thanks');
        }
        if (!isset($_REQUEST["BackURL"]) && Session::get('BackURL')) {

            $_REQUEST["BackURL"] = Session::get('BackURL');
        }
        if (isset($_REQUEST["BackURL"])) {

            $link = urldecode($_REQUEST["BackURL"]);
            Session::set('BackURL', '');
        }
        if ($link) {
            return $this->redirect($link);
        }
        return array();
    }

    public function thanks()
    {
        $member = Member::currentUser();
        if (!$member) {
            return $this->redirect($this->Link());
        }
        if ($this->numberOfMinutesMemberIsListed($member) < self::get_minutes_before_member_is_not_new_anymore()) {
            $this->Title = $this->WelcomeTitle;
            $this->Content = $this->WelcomeContent;
        } else {
            $this->Title = $this->ThankYouTitle;
            $this->Content = $this->ThankYouContent;
        }
        return array();
    }

    public function welcome()
    {
        if (!Member::currentUser()) {
            return $this->redirect($this->Link());
        }
        $this->Title = $this->WelcomeTitle;
        $this->Content = $this->WelcomeContent;
        return array();
    }

    public function numberOfMinutesMemberIsListed($member)
    {
        if ($member) {
            $timestamp = strtotime(strval($member->Created));
            $nowTimestamp = time();
            return ($nowTimestamp - $timestamp) / 60;
        }
        return 0;
    }
}


1		<?php
2
3		/**
4		* Page containing an edit details form
5		* Uses Member::getMemberFormFields() to know what to make available for editing
6		*/
7		class RegisterAndEditDetailsPage extends Page
8		{
9		private static $icon = "userpage/images/treeicons/RegisterAndEditDetailsPage";
10
11		private static $can_be_root = false;
12
13		private static $db = array(
14		"ThankYouTitle" => "Varchar(255)",
15		"ThankYouContent" => "HTMLText",
16		"WelcomeTitle" => "Varchar(255)",
17		"WelcomeContent" => "HTMLText",
18		"TitleLoggedIn" => "Varchar(255)",
19		"MenuTitleLoggedIn" => "Varchar(255)",
20		"ContentLoggedIn" => "HTMLText",
21		"ErrorEmailAddressAlreadyExists" => "Varchar(255)",
22		"ErrorBadEmail" => "Varchar(255)",
23		"ErrorPasswordDoNotMatch" => "Varchar(255)",
24		"ErrorMustSupplyPassword" => "Varchar(255)"
25		);
26
27		private static $register_group_title = "Registered users";
28
29		private static $register_group_code = "registrations";
30
31		private static $register_group_access_key = "REGISTRATIONS";
32
33		protected function showLoggedInFields()
34		{
35		if (!$this->isCMSRead() && Member::currentUser()) {
36		return true;
37		}
38		}
39
40		protected function isCMSRead()
41		{
42		return $this->isCMS \|\| Controller::curr()->getRequest()->param("URLSegment") == "admin";
43		}
44
45		/**
46		* Returns a link to this page that will, on completion,
47		* redirect back to the another page
48		*@param String - $link
49		*@return String - $link
50		**/
		0 ignored issues – show Documentation introduced 2017-01-10 01:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
51
52		public function link_for_going_to_page_via_making_user($link)
53		{
54		$registerAndEditDetailsPage = RegisterAndEditDetailsPage::get()->first();
55		if ($registerAndEditDetailsPage) {
56		return $registerAndEditDetailsPage->Link()."?BackURL=".urlencode($link);
57		}
58		}
59
60		public function getCMSFields()
61		{
62		$fields = parent::getCMSFields();
63		$this->isCMS = true;
64		$fields->addFieldToTab('Root.LoggedIn', new TextField('TitleLoggedIn', 'Title when user is Logged In'));
65		$fields->addFieldToTab('Root.LoggedIn', new TextField('MenuTitleLoggedIn', 'Navigation Label when user is Logged In'));
66		$fields->addFieldToTab('Root.Welcome', new TextField('WelcomeTitle', 'Welcome Title (afer user creates an account)'));
67		$fields->addFieldToTab('Root.Welcome', new HtmlEditorField('WelcomeContent', 'Welcome message (afer user creates an account)'));
68		$fields->addFieldToTab('Root.UpdatingDetails', new TextField('ThankYouTitle', 'Thank you Title (afer user updates their details)'));
69		$fields->addFieldToTab('Root.UpdatingDetails', new HtmlEditorField('ThankYouContent', 'Thank you message (afer user updates their details)'));
70		$fields->addFieldToTab('Root.LoggedIn', new HtmlEditorField('ContentLoggedIn', 'Content when user is Logged In'));
71		$fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorEmailAddressAlreadyExists', 'Error shown when email address is already registered'));
72		$fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorBadEmail', 'Bad email'));
73		$fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorPasswordDoNotMatch', 'Error shown when passwords do not match'));
74		$fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorMustSupplyPassword', 'Error shown when new user does not supply password'));
75		return $fields;
76		}
77
78		public function canCreate($member = null)
79		{
80		return RegisterAndEditDetailsPage::get()->count() ? false : true;
81		}
82
83		public function requireDefaultRecords()
84		{
85		parent::requireDefaultRecords();
86		$bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
87		$update = array();
88		$group = Group::get()
89		->filter(array("Code" => self::$register_group_code))->first();
90		if (!$group) {
91		$group = new Group();
92		$group->Code = self::$register_group_code;
93		$group->Title = self::$register_group_title;
94		$group->write();
95		Permission::grant($group->ID, self::$register_group_access_key);
96		DB::alteration_message("GROUP: ".self::$register_group_code.' ('.self::$register_group_title.')', "created");
97		} elseif (DB::query("SELECT * FROM Permission WHERE {$bt}GroupID{$bt} = ".$group->ID." AND {$bt}Code{$bt} = '".self::$register_group_access_key."'")->numRecords() == 0) {
98		Permission::grant($group->ID, self::$register_group_access_key);
99		}
100		$page = RegisterAndEditDetailsPage::get()->first();
101		if (!$page) {
102		$page = new RegisterAndEditDetailsPage();
103		$page->Title = "Register";
104		$page->URLSegment = "register";
105		$page->MenuTitle = "Register";
106		$update[] = "created RegisterAndEditDetailsPage";
107		}
108		if ($page) {
109
110		//REGISTER
111		if (strlen($page->Content) < 17) {
112		$page->Content = "<p>Please log in or register here.</p>";
113		$update[] = "updated Content";
114		}
115
116		//WELCOME !
117		if (!$page->WelcomeTitle) {
118		$page->WelcomeTitle = "Thank you for registering";
119		$update[] = "updated WelcomeTitle";
120		}
121		if (strlen($page->WelcomeContent) < 17) {
122		$page->WelcomeContent = "<p>Thank you for registration. Please make sure to remember your username and password.</p>";
123		$update[] = "updated WelcomeContent";
124		}
125
126		// WELCOME BACK
127		if (!$page->TitleLoggedIn) {
128		$page->TitleLoggedIn = "Welcome back";
129		$update[] = "updated TitleLoggedIn";
130		}
131		if (!$page->MenuTitleLoggedIn) {
132		$page->MenuTitleLoggedIn = "Welcome back";
133		$update[] = "updated MenuTitleLoggedIn";
134		}
135		if (strlen($page->ContentLoggedIn) < 17) {
136		$page->ContentLoggedIn = "<p>Welcome back - you can do the following ....</p>";
137		$update[] = "updated ContentLoggedIn";
138		}
139
140		//THANK YOU FOR UPDATING
141		if (!$page->ThankYouTitle) {
142		$page->ThankYouTitle = "Thank you for updating your details";
143		$update[] = "updated ThankYouTitle";
144		}
145		if (strlen($page->ThankYouContent) < 17) {
146		$page->ThankYouContent = "<p>Thank you for updating your details. </p>";
147		$update[] = "updated ThankYouContent";
148		}
149
150		//ERRORS!
151		if (!$page->ErrorEmailAddressAlreadyExists) {
152		$page->ErrorEmailAddressAlreadyExists = "Sorry, that email address is already in use by someone else. You may have setup an account in the past or mistyped your email address.";
153		$update[] = "updated ErrorEmailAddressAlreadyExists";
154		}
155		if (!$page->ErrorBadEmail) {
156		$page->ErrorBadEmail = "Sorry, that does not appear a valid email address.";
157		$update[] = "updated ErrorBadEmail";
158		}
159		if (!$page->ErrorPasswordDoNotMatch) {
160		$page->ErrorPasswordDoNotMatch = "Your passwords do not match. Please try again.";
161		$update[] = "updated ErrorPasswordDoNotMatch";
162		}
163		if (!$page->ErrorMustSupplyPassword) {
164		$page->ErrorMustSupplyPassword = "Your must supply a password.";
165		$update[] = "updated ErrorMustSupplyPassword";
166		}
167		if (count($update)) {
168		$page->writeToStage('Stage');
169		$page->publish('Stage', 'Live');
170		DB::alteration_message($page->ClassName." created/updated: <ul><li>".implode("</li><li>", $update)."</li></ul>", 'created');
171		}
172		}
173		}
174		}
175
176		class RegisterAndEditDetailsPage_Controller extends Page_Controller
177		{
178		private static $fields_to_remove = array("Locale","DateFormat", "TimeFormat");
179
180
181		private static $required_fields = array("FirstName","Email");
182
183
184		private static $minutes_before_member_is_not_new_anymore = 30;
185
186		public function init()
187		{
188		parent::init();
189		if ($this->showLoggedInFields()) {
190		$field = "TitleLoggedIn";
191		} else {
192		$field = "Title";
193		}
194		$this->Title = $this->getField($field);
195		if ($this->showLoggedInFields()) {
196		$field = "MenuTitleLoggedIn";
197		} else {
198		$field = "MenuTitle";
199		}
200		$this->MenuTitle = $this->getField($field);
201		if ($this->showLoggedInFields()) {
202		$field = "ContentLoggedIn";
203		} else {
204		$field = "Content";
205		}
206		$this->Content = $this->getField($field);
207		}
208
209		public function index()
210		{
211		if (Director::is_ajax()) {
212		return $this->renderWith(array("RegisterAndEditDetailsPageAjax", "RegisterAndEditDetailsPage"));
213		}
214		return array();
215		}
216
217		public function Form()
218		{
219		if (isset($_REQUEST["BackURL"])) {
220		Session::set('BackURL', $_REQUEST["BackURL"]);
221		}
222		$member = Member::currentUser();
223		$fields = new FieldList();
224
225		$passwordField = null;
226		if ($member) {
227		$name = $member->getName();
228		//if($member && $member->Password != '') {$passwordField->setCanBeEmpty(true);}
229		$action = new FormAction("submit", "Update your details");
230		$action->addExtraClass("updateButton");
231		$actions = new FieldList($action);
232		} else {
233		$passwordField = new ConfirmedPasswordField("Password", "Password");
234		$action = new FormAction("submit", "Register");
235		$action->addExtraClass("registerButton");
236		$actions = new FieldList($action);
237		$member = new Member();
238		}
239		$memberFormFields = $member->getMemberFormFields();
240
241		if ($memberFormFields) {
242		if (is_array(self::$fields_to_remove) && count(self::$fields_to_remove)) {
243		foreach (self::$fields_to_remove as $fieldName) {
244		$memberFormFields->removeByName($fieldName);
245		}
246		}
247		$fields->merge($memberFormFields);
248		}
249		if ($passwordField) {
250		$fields->push($passwordField);
251		}
252		foreach (self::$required_fields as $fieldName) {
253		$fields->fieldByName($fieldName)->addExtraClass("RequiredField");
254		}
255		$requiredFields = new RequiredFields(self::$required_fields);
256		$form = new Form($this, "Form", $fields, $actions, $requiredFields);
257		// Load any data avaliable into the form.
258		if ($member) {
259		$member->Password = null;
260		$form->loadDataFrom($member);
261		}
262		$data = Session::get("FormInfo.Form_Form.data");
263		if (is_array($data)) {
264		$form->loadDataFrom($data);
265		}
266
267		// Optional spam protection
268		if (class_exists('SpamProtectorManager')) {
269		SpamProtectorManager::update_form($form);
270		}
271		if (!isset($_REQUEST["Password"])) {
272		$form->fields()->fieldByName("Password")->SetValue("");
273		}
274		return $form;
275		}
276
277
278		/**
279		* Save the changes to the form
280		*/
281		public function submit($data, $form)
282		{
283		$bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`";
284		$member = Member::currentUser();
285		$newMember = false;
286		Session::set("FormInfo.Form_Form.data", $data);
287		$emailField = new EmailField("Email");
288		$emailField->setValue($data["Email"]);
289		if ($emailField) {
290		if (!$emailField->validate($form->validator)) {
291		$form->addErrorMessage("Blurb", $this->ErrorBadEmail, "bad");
292		$this->redirectBack();
293		return;
294		}
295		}
296		if (!$member) {
297		$newMember = true;
298		$member = Object::create('Member');
299		$form->sessionMessage($this->WelcomeTitle, 'good');
300		$id = 0;
301		} else {
302		$form->sessionMessage($this->ThankYouTitle, 'good');
303		$id = $member->ID;
304		}
305
306		//validation
307		if ($existingMember = Member::get()->filter(array("Email" => Convert::raw2sql($data['Email'])))->exclude(array("ID" => $id))->first()) {
308		$form->addErrorMessage("Blurb", $this->ErrorEmailAddressAlreadyExists, "bad");
309		return $this->redirectBack();
310		}
311		// check password fields are the same before saving
312		if ($data["Password"]["_Password"] != $data["Password"]["_ConfirmPassword"]) {
313		$form->addErrorMessage("Password", $this->ErrorPasswordDoNotMatch, "bad");
314		return $this->redirectBack();
315		}
316
317		if (!$id && !$data["Password"]["_Password"]) {
318		$form->addErrorMessage("Password", $this->ErrorMustSupplyPassword, "bad");
319		return $this->redirectBack();
320		}
321		$password = $member->Password;
322		if (isset($data["Password"]["Password"]) && strlen($data["Password"]["Password"]) > 3) {
323		$password = $data["Password"]["Password"];
324		}
325		$form->saveInto($member);
326		$member->changePassword($password);
327		$member->write();
328		if ($newMember) {
329		$form->saveInto($member);
330		$member->write();
331		}
332		//adding to group
333		$group = Group::get()
334		->filter(array("Code" => self::$register_group_code))
335		->first();
336		if ($group) {
337		$member->Groups()->add($group);
338		}
339		if ($newMember) {
340		$member->logIn();
341		$link = ContentController::join_links($this->Link(), 'welcome');
342		} else {
343		$link = ContentController::join_links($this->Link(), 'thanks');
344		}
345	View Code Duplication	if (!isset($_REQUEST["BackURL"]) && Session::get('BackURL')) {
		0 ignored issues – show Duplication introduced 2017-01-10 01:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
346		$_REQUEST["BackURL"] = Session::get('BackURL');
347		}
348	View Code Duplication	if (isset($_REQUEST["BackURL"])) {
		0 ignored issues – show Duplication introduced 2017-01-10 01:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
349		$link = urldecode($_REQUEST["BackURL"]);
350		Session::set('BackURL', '');
351		}
352		if ($link) {
353		return $this->redirect($link);
354		}
355		return array();
356		}
357
358		public function thanks()
359		{
360		$member = Member::currentUser();
361		if (!$member) {
362		return $this->redirect($this->Link());
363		}
364		if ($this->numberOfMinutesMemberIsListed($member) < self::get_minutes_before_member_is_not_new_anymore()) {
365		$this->Title = $this->WelcomeTitle;
366		$this->Content = $this->WelcomeContent;
367		} else {
368		$this->Title = $this->ThankYouTitle;
369		$this->Content = $this->ThankYouContent;
370		}
371		return array();
372		}
373
374		public function welcome()
375		{
376		if (!Member::currentUser()) {
377		return $this->redirect($this->Link());
378		}
379		$this->Title = $this->WelcomeTitle;
380		$this->Content = $this->WelcomeContent;
381		return array();
382		}
383
384		public function numberOfMinutesMemberIsListed($member)
385		{
386		if ($member) {
387		$timestamp = strtotime(strval($member->Created));
388		$nowTimestamp = time();
389		return ($nowTimestamp - $timestamp) / 60;
390		}
391		return 0;
392		}
393		}
394

sunnysideup / silverstripe-userpage

Issues (24)

Security Analysis not enabled

code/RegisterAndEditDetailsPage.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like