show_active accesses the super-global variable $_SESSION. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
show_active accesses the super-global variable $_POST. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
show_active accesses the super-global variable $_POST. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
show_active accesses the super-global variable $_POST. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
Avoid using undefined variables such as '$db' which will lead to PHP notices. Open
$response=$db->query("SELECT username FROM contact_information WHERE id ='$user'");
- Read upRead up
- Exclude checks
UndefinedVariable
Since: 2.8.0
Detects when a variable is used that has not been defined before.
Example
class Foo
{
private function bar()
{
// $message is undefined
echo $message;
}
}
Source https://phpmd.org/rules/cleancode.html#undefinedvariable
Avoid using undefined variables such as '$db' which will lead to PHP notices. Open
$result = $db->query($SQL) or die("failed to reset password");
- Read upRead up
- Exclude checks
UndefinedVariable
Since: 2.8.0
Detects when a variable is used that has not been defined before.
Example
class Foo
{
private function bar()
{
// $message is undefined
echo $message;
}
}
Source https://phpmd.org/rules/cleancode.html#undefinedvariable
Missing class import via use statement (line '37', column '17'). Open
$hasher = new PasswordHash(8,true);
- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}
Source http://phpmd.org/rules/cleancode.html#MissingImport
The method show_active uses an else expression. Else clauses are basically not necessary and you can simplify the code by not using them. Open
else {
echo "The two passwords did not match. Go back <a href='update_password_form.php'>HERE</a> and try again.<br>";
}
- Read upRead up
- Exclude checks
ElseExpression
Since: 1.4.0
An if expression with an else branch is basically not necessary. You can rewrite the conditions in a way that the else clause is not necessary and the code becomes simpler to read. To achieve this, use early return statements, though you may need to split the code it several smaller methods. For very simple assignments you could also use the ternary operations.
Example
class Foo
{
public function bar($flag)
{
if ($flag) {
// one branch
} else {
// another branch
}
}
}
Source https://phpmd.org/rules/cleancode.html#elseexpression
The function show_active() contains an exit expression. Open
$result = $db->query($SQL) or die("failed to reset password");
- Read upRead up
- Exclude checks
ExitExpression
Since: 0.2
An exit-expression within regular code is untestable and therefore it should be avoided. Consider to move the exit-expression into some kind of startup script where an error/exception code is returned to the calling environment.
Example
class Foo {
public function bar($param) {
if ($param === 42) {
exit(23);
}
}
}
Source https://phpmd.org/rules/design.html#exitexpression
A file should declare new symbols (classes, functions, constants, etc.) and cause no other side effects, or it should execute logic with side effects, but should not do both. The first symbol is defined on line 27 and the first side effect is on line 2. Open
<?php
- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "true" but found "True" Open
$active_page = True;
- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "false" but found "False" Open
$exec_page = False;
- Exclude checks
TRUE, FALSE and NULL must be lowercase; expected "false" but found "False" Open
$public_page = False;
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$hash = $hasher->HashPassword($password);
- Exclude checks
Line exceeds 120 characters; contains 136 characters Open
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $hash . "' WHERE `contact_information`.`id` ='" . $user . "';";
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$result=mysqli_fetch_array($response);
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$hasher = new PasswordHash(8,true);
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$response=$db->query("SELECT username FROM contact_information WHERE id ='$user'");
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
if ($_POST['new_password_1'] == $_POST['new_password_2'])
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
{
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$hash = htmlspecialchars($hash, ENT_QUOTES);
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$password = $_POST['new_password_1'];
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
else {
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
echo "username : " . $result['username'] . "<br>";
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
//check 2 new passwords
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
}
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
echo "password : " . $password . "<br>";
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
}
- Exclude checks
End of line character is invalid; expected "\n" but found "\r\n" Open
<?php
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$user = $_SESSION['sessionID'];
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$result = $db->query($SQL) or die("failed to reset password");
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
echo "Password Reset!<br>";
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
echo "The two passwords did not match. Go back <a href='update_password_form.php'>HERE</a> and try again.<br>";
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
include('mysql_access.php');
- Exclude checks
Spaces must be used to indent lines; tabs are not allowed Open
$SQL ="UPDATE `apo`.`contact_information` SET `password` = '" . $hash . "' WHERE `contact_information`.`id` ='" . $user . "';";
- Exclude checks
Expected 1 space after closing parenthesis; found 6 Open
if ($_POST['new_password_1'] == $_POST['new_password_2'])
- Exclude checks
Opening brace should be on a new line Open
function show_active() {
- Exclude checks
No space found after comma in function call Open
$hasher = new PasswordHash(8,true);
- Exclude checks
Space before opening parenthesis of function call prohibited Open
require_once ('session.php');
- Exclude checks
Space before opening parenthesis of function call prohibited Open
require_once ('PasswordHash.php');
- Exclude checks
Expected 1 space after closing brace; newline found Open
}
- Exclude checks
Space before opening parenthesis of function call prohibited Open
require_once ('mysql_access.php');
- Exclude checks
The variable $SQL is not named in camelCase. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
CamelCaseVariableName
Since: 0.2
It is considered best practice to use the camelCase notation to name variables.
Example
class ClassName {
public function doSomething() {
$data_module = new DataModule();
}
}
Source
The variable $SQL is not named in camelCase. Open
function show_active() {
include('mysql_access.php');
$user = $_SESSION['sessionID'];
- Read upRead up
- Exclude checks
CamelCaseVariableName
Since: 0.2
It is considered best practice to use the camelCase notation to name variables.
Example
class ClassName {
public function doSomething() {
$data_module = new DataModule();
}
}