pw_reset.php
show_active accesses the super-global variable $_POST. Open
Open
function show_active() {
include('mysql_access.php');
$email = $_POST['email'];
$default = '$P$BLcP9TBqSqFi6r6jkJHC8EVgoXfy01.';
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $default . "' WHERE `contact_information`.`email` ='" . $email . "';";- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
Avoid using undefined variables such as '$db' which will lead to PHP notices. Open
Open
$result = $db->query($SQL) or die("failed to reset password");- Read upRead up
- Exclude checks
UndefinedVariable
Since: 2.8.0
Detects when a variable is used that has not been defined before.
Example
class Foo
{
private function bar()
{
// $message is undefined
echo $message;
}
}Source https://phpmd.org/rules/cleancode.html#undefinedvariable
Avoid using undefined variables such as '$db' which will lead to PHP notices. Open
Open
$response=$db->query("SELECT username FROM contact_information WHERE email ='$email'");- Read upRead up
- Exclude checks
UndefinedVariable
Since: 2.8.0
Detects when a variable is used that has not been defined before.
Example
class Foo
{
private function bar()
{
// $message is undefined
echo $message;
}
}Source https://phpmd.org/rules/cleancode.html#undefinedvariable
The function show_active() contains an exit expression. Open
Open
$result = $db->query($SQL) or die("failed to reset password");- Read upRead up
- Exclude checks
ExitExpression
Since: 0.2
An exit-expression within regular code is untestable and therefore it should be avoided. Consider to move the exit-expression into some kind of startup script where an error/exception code is returned to the calling environment.
Example
class Foo {
public function bar($param) {
if ($param === 42) {
exit(23);
}
}
}Source https://phpmd.org/rules/design.html#exitexpression
A file should declare new symbols (classes, functions, constants, etc.) and cause no other side effects, or it should execute logic with side effects, but should not do both. The first symbol is defined on line 27 and the first side effect is on line 2. Open
Open
<?php- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "false" but found "False" Open
Open
$exec_page = False;- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "false" but found "False" Open
Open
$public_page = False;- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "true" but found "True" Open
Open
$active_page = True;- Exclude checks
Line exceeds 120 characters; contains 141 characters Open
Open
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $default . "' WHERE `contact_information`.`email` ='" . $email . "';";- Exclude checks
End of line character is invalid; expected "\n" but found "\r\n" Open
Open
<?php- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$response=$db->query("SELECT username FROM contact_information WHERE email ='$email'");- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
echo "Password Reset!<br>";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$default = '$P$BLcP9TBqSqFi6r6jkJHC8EVgoXfy01.';- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
include('mysql_access.php');- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$email = $_POST['email'];- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$result = $db->query($SQL) or die("failed to reset password");- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
echo "email : " . $email . "<br>";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
echo "username : " . $result['username'] . "<br>";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
echo "password : password<br>";- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
Open
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $default . "' WHERE `contact_information`.`email` ='" . $email . "';";- Exclude checks
Space before opening parenthesis of function call prohibited Open
Open
require_once ('mysql_access.php');- Exclude checks
Opening brace should be on a new line Open
Open
function show_active() {- Exclude checks
Space before opening parenthesis of function call prohibited Open
Open
require_once ('session.php');- Exclude checks
The variable $SQL is not named in camelCase. Open
Open
function show_active() {
include('mysql_access.php');
$email = $_POST['email'];
$default = '$P$BLcP9TBqSqFi6r6jkJHC8EVgoXfy01.';
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $default . "' WHERE `contact_information`.`email` ='" . $email . "';";- Read upRead up
- Exclude checks
CamelCaseVariableName
Since: 0.2
It is considered best practice to use the camelCase notation to name variables.
Example
class ClassName {
public function doSomething() {
$data_module = new DataModule();
}
}Source
The variable $SQL is not named in camelCase. Open
Open
function show_active() {
include('mysql_access.php');
$email = $_POST['email'];
$default = '$P$BLcP9TBqSqFi6r6jkJHC8EVgoXfy01.';
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $default . "' WHERE `contact_information`.`email` ='" . $email . "';";- Read upRead up
- Exclude checks
CamelCaseVariableName
Since: 0.2
It is considered best practice to use the camelCase notation to name variables.
Example
class ClassName {
public function doSomething() {
$data_module = new DataModule();
}
}