Issues in buddy.php - All Issues - Inspection of "RELEASE-41d0: Project 'SuperNova.WS' Release 41" - supernova-ws/SuperNova - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( bc874f...230097 )

by SuperNova.WS

created 2017-02-07 06:22 UTC

buddy.php (2 issues)

Labels

Documentation 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * buddy.php
 *   Friend system
 *
 * v3.0 Fully rewrote by Gorlum for http://supernova.ws
 *   [!] Full rewrote from scratch
 *
 * Idea from buddy.php Created by Perberos. All rights reversed (C) 2006
 * */
include('common.' . substr(strrchr(__FILE__, '.'), 1));

lng_include('buddy');

$result = array();
try
{
  sn_db_transaction_start();

  if($buddy_id = sys_get_param_id('buddy_id'))
  {
    $buddy_row = doquery("SELECT BUDDY_SENDER_ID, BUDDY_OWNER_ID, BUDDY_STATUS FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1 FOR UPDATE;", true);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    if(!is_array($buddy_row))
    {
      throw new exception('buddy_err_not_exist', ERR_ERROR);
    }

    switch($mode = sys_get_param_str('mode'))
    {
      case 'accept':
        if($buddy_row['BUDDY_SENDER_ID'] == $user['id'])
        {
          throw new exception('buddy_err_accept_own', ERR_ERROR);
        }

        if($buddy_row['BUDDY_OWNER_ID'] != $user['id'])
        {
          throw new exception('buddy_err_accept_alien', ERR_ERROR);
        }

        if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE)
        {
          throw new exception('buddy_err_accept_already', ERR_WARNING);
        }

        if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_DENIED)
        {
          throw new exception('buddy_err_accept_denied', ERR_ERROR);
        }

        doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_ACTIVE . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
        if(classSupernova::$db->db_affected_rows())
        {
          msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_accept_title'],
            sprintf($lang['buddy_msg_accept_text'], $user['username']));
          sn_db_transaction_commit();
          throw new exception('buddy_err_accept_none', ERR_NONE);
        }
        else
        {
          throw new exception('buddy_err_accept_internal', ERR_ERROR);
        }
      break;

      case 'delete':
        if($buddy_row['BUDDY_SENDER_ID'] != $user['id'] && $buddy_row['BUDDY_OWNER_ID'] != $user['id'])
        {
          throw new exception('buddy_err_delete_alien', ERR_ERROR);
        }

        if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE) // Existing friendship
        {
          $ex_friend_id = $buddy_row['BUDDY_SENDER_ID'] == $user['id'] ? $buddy_row['BUDDY_OWNER_ID'] : $buddy_row['BUDDY_SENDER_ID'];

          msg_send_simple_message($ex_friend_id, $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_unfriend_title'],
            sprintf($lang['buddy_msg_unfriend_text'], $user['username']));

          doquery("DELETE FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
          sn_db_transaction_commit();
          throw new exception('buddy_err_unfriend_none', ERR_NONE);
        }
        elseif($buddy_row['BUDDY_SENDER_ID'] == $user['id']) // Player's outcoming request - either denied or waiting
        {
          doquery("DELETE FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
          sn_db_transaction_commit();
          throw new exception('buddy_err_delete_own', ERR_NONE);
        }
        elseif($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_WAITING) // Deny incoming request
        {
          msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_deny_title'],
            sprintf($lang['buddy_msg_deny_text'], $user['username']));

          doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_DENIED . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
          sn_db_transaction_commit();
          throw new exception('buddy_err_deny_none', ERR_NONE);
        }
      break;
    }
  }

  // New request?
  // Checking for user ID - in case if it was request from outside buddy system
  if($new_friend_id = sys_get_param_id('request_user_id'))
  {
    $new_friend_row = db_user_by_id($new_friend_id, true, '`id`, `username`');
  }
  elseif($new_friend_name = sys_get_param_str_unsafe('request_user_name'))
  {
    $new_friend_row = db_user_by_username($new_friend_name, true, '`id`, `username`');
    $new_friend_name = db_escape($new_friend_name);
  }

  if($new_friend_row['id'] == $user['id'])
  {
    unset($new_friend_row);
    throw new exception('buddy_err_adding_self', ERR_ERROR);
  }

  // Checking for user name & request text - in case if it was request to adding new request
  if(isset($new_friend_row['id']) && ($new_request_text = sys_get_param_str('request_text')))
  {
    $check_relation = doquery("SELECT `BUDDY_ID` FROM {{buddy}} WHERE
      (`BUDDY_SENDER_ID` = {$user['id']} AND `BUDDY_OWNER_ID` = {$new_friend_row['id']})
      OR
      (`BUDDY_SENDER_ID` = {$new_friend_row['id']} AND `BUDDY_OWNER_ID` = {$user['id']})
      LIMIT 1 FOR UPDATE;"
    , true);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    if(isset($check_relation['BUDDY_ID']))
    {
      throw new exception('buddy_err_adding_exists', ERR_WARNING);
    }

    msg_send_simple_message($new_friend_row['id'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_adding_title'],
      sprintf($lang['buddy_msg_adding_text'], $user['username']));

    doquery($q = "INSERT INTO {{buddy}} SET `BUDDY_SENDER_ID` = {$user['id']}, `BUDDY_OWNER_ID` = {$new_friend_row['id']}, `BUDDY_REQUEST` = '{$new_request_text}';");
    sn_db_transaction_commit();
    throw new exception('buddy_err_adding_none', ERR_NONE);
  }
}
catch(exception $e)
{
  $result[] = array(
    'STATUS'  => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR,
    'MESSAGE' => $lang[$e->getMessage()],
  );
}
// TODO - Это просто заглушка. Дойдут руки - разобраться, в чём проблема
sn_db_transaction_rollback();

$query = db_buddy_list_by_user($user['id']);
while($row = db_fetch($query))
{
  $row['BUDDY_REQUEST'] = sys_bbcodeParse($row['BUDDY_REQUEST']);

  $row['BUDDY_ACTIVE'] = $row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE;
  $row['BUDDY_DENIED'] = $row['BUDDY_STATUS'] == BUDDY_REQUEST_DENIED;
  $row['BUDDY_INCOMING'] = $row['BUDDY_OWNER_ID'] == $user['id'];
  $row['BUDDY_ONLINE'] = floor((SN_TIME_NOW - $row['onlinetime']) / 60);

  $template_result['.']['buddy'][] = $row;
}

$template_result += array(
  'PAGE_HEADER' => $lang['buddy_buddies'],
  'PAGE_HINT' => $lang['buddy_hint'],
  'USER_ID' => $user['id'],
  'REQUEST_USER_ID' => isset($new_friend_row['id']) ? $new_friend_row['id'] : 0,
  'REQUEST_USER_NAME' => isset($new_friend_row['username']) ? $new_friend_row['username'] : '',
);

$template_result['.']['result'] = is_array($template_result['.']['result']) ? $template_result['.']['result'] : array();
$template_result['.']['result'] += $result;

$template = gettemplate('buddy', true);
$template->assign_recursive($template_result);

display($template);


1			<?php
2
3			/**
4			* buddy.php
5			* Friend system
6			*
7			* v3.0 Fully rewrote by Gorlum for http://supernova.ws
8			* [!] Full rewrote from scratch
9			*
10			* Idea from buddy.php Created by Perberos. All rights reversed (C) 2006
11			* */
12			include('common.' . substr(strrchr(__FILE__, '.'), 1));
13
14			lng_include('buddy');
15
16			$result = array();
17			try
18			{
19			sn_db_transaction_start();
20
21			if($buddy_id = sys_get_param_id('buddy_id'))
22			{
23			$buddy_row = doquery("SELECT BUDDY_SENDER_ID, BUDDY_OWNER_ID, BUDDY_STATUS FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1 FOR UPDATE;", true);
			0 ignored issues – show Documentation introduced 2016-03-23 16:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `true` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
24			if(!is_array($buddy_row))
25			{
26			throw new exception('buddy_err_not_exist', ERR_ERROR);
27			}
28
29			switch($mode = sys_get_param_str('mode'))
30			{
31			case 'accept':
32			if($buddy_row['BUDDY_SENDER_ID'] == $user['id'])
33			{
34			throw new exception('buddy_err_accept_own', ERR_ERROR);
35			}
36
37			if($buddy_row['BUDDY_OWNER_ID'] != $user['id'])
38			{
39			throw new exception('buddy_err_accept_alien', ERR_ERROR);
40			}
41
42			if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE)
43			{
44			throw new exception('buddy_err_accept_already', ERR_WARNING);
45			}
46
47			if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_DENIED)
48			{
49			throw new exception('buddy_err_accept_denied', ERR_ERROR);
50			}
51
52			doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_ACTIVE . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
53			if(classSupernova::$db->db_affected_rows())
54			{
55			msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_accept_title'],
56			sprintf($lang['buddy_msg_accept_text'], $user['username']));
57			sn_db_transaction_commit();
58			throw new exception('buddy_err_accept_none', ERR_NONE);
59			}
60			else
61			{
62			throw new exception('buddy_err_accept_internal', ERR_ERROR);
63			}
64			break;
65
66			case 'delete':
67			if($buddy_row['BUDDY_SENDER_ID'] != $user['id'] && $buddy_row['BUDDY_OWNER_ID'] != $user['id'])
68			{
69			throw new exception('buddy_err_delete_alien', ERR_ERROR);
70			}
71
72			if($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE) // Existing friendship
73			{
74			$ex_friend_id = $buddy_row['BUDDY_SENDER_ID'] == $user['id'] ? $buddy_row['BUDDY_OWNER_ID'] : $buddy_row['BUDDY_SENDER_ID'];
75
76			msg_send_simple_message($ex_friend_id, $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_unfriend_title'],
77			sprintf($lang['buddy_msg_unfriend_text'], $user['username']));
78
79			doquery("DELETE FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
80			sn_db_transaction_commit();
81			throw new exception('buddy_err_unfriend_none', ERR_NONE);
82			}
83			elseif($buddy_row['BUDDY_SENDER_ID'] == $user['id']) // Player's outcoming request - either denied or waiting
84			{
85			doquery("DELETE FROM {{buddy}} WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
86			sn_db_transaction_commit();
87			throw new exception('buddy_err_delete_own', ERR_NONE);
88			}
89			elseif($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_WAITING) // Deny incoming request
90			{
91			msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_deny_title'],
92			sprintf($lang['buddy_msg_deny_text'], $user['username']));
93
94			doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_DENIED . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
95			sn_db_transaction_commit();
96			throw new exception('buddy_err_deny_none', ERR_NONE);
97			}
98			break;
99			}
100			}
101
102			// New request?
103			// Checking for user ID - in case if it was request from outside buddy system
104			if($new_friend_id = sys_get_param_id('request_user_id'))
105			{
106			$new_friend_row = db_user_by_id($new_friend_id, true, '`id`, `username`');
107			}
108			elseif($new_friend_name = sys_get_param_str_unsafe('request_user_name'))
109			{
110			$new_friend_row = db_user_by_username($new_friend_name, true, '`id`, `username`');
111			$new_friend_name = db_escape($new_friend_name);
112			}
113
114			if($new_friend_row['id'] == $user['id'])
115			{
116			unset($new_friend_row);
117			throw new exception('buddy_err_adding_self', ERR_ERROR);
118			}
119
120			// Checking for user name & request text - in case if it was request to adding new request
121			if(isset($new_friend_row['id']) && ($new_request_text = sys_get_param_str('request_text')))
122			{
123			$check_relation = doquery("SELECT `BUDDY_ID` FROM {{buddy}} WHERE
124			(`BUDDY_SENDER_ID` = {$user['id']} AND `BUDDY_OWNER_ID` = {$new_friend_row['id']})
125			OR
126			(`BUDDY_SENDER_ID` = {$new_friend_row['id']} AND `BUDDY_OWNER_ID` = {$user['id']})
127			LIMIT 1 FOR UPDATE;"
128			, true);
			0 ignored issues – show Documentation introduced 2016-03-23 16:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `true` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
129			if(isset($check_relation['BUDDY_ID']))
130			{
131			throw new exception('buddy_err_adding_exists', ERR_WARNING);
132			}
133
134			msg_send_simple_message($new_friend_row['id'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_adding_title'],
135			sprintf($lang['buddy_msg_adding_text'], $user['username']));
136
137			doquery($q = "INSERT INTO {{buddy}} SET `BUDDY_SENDER_ID` = {$user['id']}, `BUDDY_OWNER_ID` = {$new_friend_row['id']}, `BUDDY_REQUEST` = '{$new_request_text}';");
138			sn_db_transaction_commit();
139			throw new exception('buddy_err_adding_none', ERR_NONE);
140			}
141			}
142			catch(exception $e)
143			{
144			$result[] = array(
145			'STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR,
146			'MESSAGE' => $lang[$e->getMessage()],
147			);
148			}
149			// TODO - Это просто заглушка. Дойдут руки - разобраться, в чём проблема
150			sn_db_transaction_rollback();
151
152			$query = db_buddy_list_by_user($user['id']);
153			while($row = db_fetch($query))
154			{
155			$row['BUDDY_REQUEST'] = sys_bbcodeParse($row['BUDDY_REQUEST']);
156
157			$row['BUDDY_ACTIVE'] = $row['BUDDY_STATUS'] == BUDDY_REQUEST_ACTIVE;
158			$row['BUDDY_DENIED'] = $row['BUDDY_STATUS'] == BUDDY_REQUEST_DENIED;
159			$row['BUDDY_INCOMING'] = $row['BUDDY_OWNER_ID'] == $user['id'];
160			$row['BUDDY_ONLINE'] = floor((SN_TIME_NOW - $row['onlinetime']) / 60);
161
162			$template_result['.']['buddy'][] = $row;
163			}
164
165			$template_result += array(
166			'PAGE_HEADER' => $lang['buddy_buddies'],
167			'PAGE_HINT' => $lang['buddy_hint'],
168			'USER_ID' => $user['id'],
169			'REQUEST_USER_ID' => isset($new_friend_row['id']) ? $new_friend_row['id'] : 0,
170			'REQUEST_USER_NAME' => isset($new_friend_row['username']) ? $new_friend_row['username'] : '',
171			);
172
173			$template_result['.']['result'] = is_array($template_result['.']['result']) ? $template_result['.']['result'] : array();
174			$template_result['.']['result'] += $result;
175
176			$template = gettemplate('buddy', true);
177			$template->assign_recursive($template_result);
178
179			display($template);
180

supernova-ws / SuperNova

Push — master ( bc874f...230097 )

buddy.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like