Sign upLogin

rwwarren/door-lock

View on GitHub
Star

Showing 383 of 383 total issues

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

resetPassword accesses the super-global variable $_POST.
Open

function resetPassword(){
  if (isset($_POST['username']) && isset($_POST['email'])){
    $username = $_POST['username'];
    $email = $_POST['email'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

registerUser accesses the super-global variable $_POST.
Open

function registerUser(){
  if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
    $personName = $_POST['personName'];
    $username = $_POST['username'];
    $password = $_POST['password'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

registerUser accesses the super-global variable $_POST.
Open

function registerUser(){
  if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
    $personName = $_POST['personName'];
    $username = $_POST['username'];
    $password = $_POST['password'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

logout accesses the super-global variable $_SESSION.
Open

function logout(){
  global $root;
  $apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
  $results = $apiClient->logout($_COOKIE['sid']);
  if($results['success'] == 1) {
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUserInfo accesses the super-global variable $_POST.
Open

function changeUserInfo(){
  if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
      isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
    $username = $_SESSION['username'];
    $oldPassword = mysql_real_escape_string($_POST['oldPwd']);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

resetPassword accesses the super-global variable $_POST.
Open

function resetPassword(){
  if (isset($_POST['username']) && isset($_POST['email'])){
    $username = $_POST['username'];
    $email = $_POST['email'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUser accesses the super-global variable $_POST.
Open

function changeUser(){
  if(isset($_POST['user']) && isset($_POST['type']) && isAdmin() /*&& checkHeaders()*/){
    $user = $_POST['user'];
    $type = $_POST['type'];
    $user = mysql_real_escape_string($user);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

changeUser accesses the super-global variable $_POST.
Open

function changeUser(){
  if(isset($_POST['user']) && isset($_POST['type']) && isAdmin() /*&& checkHeaders()*/){
    $user = $_POST['user'];
    $type = $_POST['type'];
    $user = mysql_real_escape_string($user);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

registerUser accesses the super-global variable $_POST.
Open

function registerUser(){
  if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
    $personName = $_POST['personName'];
    $username = $_POST['username'];
    $password = $_POST['password'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

The function changeUserInfo() calls the typical debug function print_r() which is mostly only used during development.
Open

    print_r($_POST);
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

DevelopmentCodeFragment

Since: 2.3.0

Functions like vardump(), printr() etc. are normally only used during development and therefore such calls in production code are a good indicator that they were just forgotten.

Example

class SuspectCode {

    public function doSomething(array $items)
    {
        foreach ($items as $i => $item) {
            // …

            if ('qafoo' == $item) var_dump($i);

            // …
        }
    }
}

Source https://phpmd.org/rules/design.html#developmentcodefragment

registerUser accesses the super-global variable $_POST.
Open

function registerUser(){
  if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
    $personName = $_POST['personName'];
    $username = $_POST['username'];
    $password = $_POST['password'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

registerUser accesses the super-global variable $_POST.
Open

function registerUser(){
  if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
    $personName = $_POST['personName'];
    $username = $_POST['username'];
    $password = $_POST['password'];
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

admin accesses the super-global variable $_POST.
Open

function admin(){
  global $root;
  $apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
  if(!isset($_POST['sid']) || strlen($_POST['sid']) < 1) {
    header("HTTP/1.0 400 sid not entered");
Severity: Minor
Found in mobile/web/src/root/userFunctions.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

Severity
Category
Status
Source
Language