user.php | searchcode

/upload/admin/model/user/user.php

https://bitbucket.org/mjalajel/opencart · PHP · 101 lines · 75 code · 26 blank · 0 comment · 13 complexity · 9e2fd3df2a0dd109ba1c4f8e81f95f5b MD5 · raw file

<?php

class ModelUserUser extends Model {

	public function addUser($data) {

		$this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "', status = '" . (int)$data['status'] . "', date_added = NOW()");

	}

	

	public function editUser($user_id, $data) {

		$this->db->query("UPDATE `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "', status = '" . (int)$data['status'] . "' WHERE user_id = '" . (int)$user_id . "'");

		

		if ($data['password']) {

			$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE user_id = '" . (int)$user_id . "'");

		}

	}



	public function editPassword($user_id, $password) {

		$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE user_id = '" . (int)$user_id . "'");

	}



	public function editCode($email, $code) {

		$this->db->query("UPDATE `" . DB_PREFIX . "user` SET code = '" . $this->db->escape($code) . "' WHERE LCASE(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");

	}

			

	public function deleteUser($user_id) {

		$this->db->query("DELETE FROM `" . DB_PREFIX . "user` WHERE user_id = '" . (int)$user_id . "'");

	}

	

	public function getUser($user_id) {

		$query = $this->db->query("SELECT *, (SELECT ug.name FROM `" . DB_PREFIX . "user_group` ug WHERE ug.user_group_id = u.user_group_id) AS user_group FROM `" . DB_PREFIX . "user` u WHERE u.user_id = '" . (int)$user_id . "'");

	

		return $query->row;

	}

	

	public function getUserByUsername($username) {

		$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE username = '" . $this->db->escape($username) . "'");

	

		return $query->row;

	}

		

	public function getUserByCode($code) {

		$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE code = '" . $this->db->escape($code) . "' AND code != ''");

	

		return $query->row;

	}

		

	public function getUsers($data = array()) {

		$sql = "SELECT * FROM `" . DB_PREFIX . "user`";

			

		$sort_data = array(

			'username',

			'status',

			'date_added'

		);	

			

		if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {

			$sql .= " ORDER BY " . $data['sort'];	

		} else {

			$sql .= " ORDER BY username";	

		}

			

		if (isset($data['order']) && ($data['order'] == 'DESC')) {

			$sql .= " DESC";

		} else {

			$sql .= " ASC";

		}

		

		if (isset($data['start']) || isset($data['limit'])) {

			if ($data['start'] < 0) {

				$data['start'] = 0;

			}			

			

			if ($data['limit'] < 1) {

				$data['limit'] = 20;

			}	

			

			$sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];

		}

			

		$query = $this->db->query($sql);

	

		return $query->rows;

	}



	public function getTotalUsers() {

      	$query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user`");

		

		return $query->row['total'];

	}



	public function getTotalUsersByGroupId($user_group_id) {

      	$query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user` WHERE user_group_id = '" . (int)$user_group_id . "'");

		

		return $query->row['total'];

	}

	

	public function getTotalUsersByEmail($email) {

      	$query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "user` WHERE LCASE(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");

		

		return $query->row['total'];

	}	

}

?>
Alerts (6)

'md5(' Weak hashing detected; use password_hash() with PASSWORD_DEFAULT for secure password storage
4 11 16
Complexity hotspot; line 60 (total complexity: 3)
60
Complexity hotspot; lines 66 to 67 (total complexity: 3)
66 67