insert-update-user.php

/php/janrain-engage-php-sdk-0.1/sample/insert-update-user.php

https://github.com/Doap/Janrain-Sample-Code · PHP · 116 lines · 115 code · 1 blank · 0 comment · 29 complexity · 75af7769eeb34cbedb71c800a7573906 MD5 · raw file


<?php
ob_start();
$debug = array();
$stat = 'ok';
session_name('engage');
session_start();
$session = $_SESSION;
if ( !empty($session['authinfo']['profile']['identifier']) && class_exists('SQLite3') ) {
  $user = array();
  $user['user_name'] = '';
  $user['first_name'] = '';
  $user['last_name'] = '';
  $user['email'] = '';
  $user['profile_url'] = '';
  $user['phone'] = '';
  $user['company'] = '';
  foreach ($user as $key=>$val) {
    if ( !empty($session['user_data'][$key]) ) {
      $user[$key] = addslashes($session['user_data'][$key]);
    }
  }
  $user['identifier'] = addslashes($session['authinfo']['profile']['identifier']);
  $user['provider'] = addslashes($session['authinfo']['profile']['providerName']);
  if ( !empty($session['authinfo']['profile']['photo']) ) {
    $user['avatar_url'] = $session['authinfo']['profile']['photo'];
  }
  $sqdb = new SQLite3('demo.sqlite');
  $sqdb->exec('CREATE TABLE IF NOT EXISTS users '
  .'(id INTEGER PRIMARY KEY AUTOINCREMENT, user_name STRING, first_name STRING, last_name STRING, '
  .'email STRING, profile_url STRING, avatar_url STRING, phone STRING, company STRING)');
  $sqdb->exec('CREATE TABLE IF NOT EXISTS user_map (id INTEGER NOT NULL, identifier STRING, provider STRING)');
  $sqdb->exec('CREATE TABLE IF NOT EXISTS user_posts (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, comment STRING)');

  $identifier = $sqdb->querySingle('SELECT id FROM user_map WHERE identifier = \''.$user['identifier'].'\'');
  if ( empty($identifier) ) {
    $query = 'INSERT INTO users (user_name) VALUES (\'\')';
    $insert = $sqdb->exec($query);
    if (!$insert) {
      $stat = 'fail';
      $debug[] = $query;
      $debug[] = $sqdb->lastErrorMsg();
    } else {
      $user['id'] = $sqdb->lastInsertRowID();
      $query = 'INSERT INTO user_map (id, identifier, provider) VALUES (\''.$user['id'].'\',\''.$user['identifier'].'\',\''.$user['provider'].'\')';
      $insert = $sqdb->exec($query);
      if (!$insert) {
        $stat = 'fail';
        $debug[] = $query;
        $debug[] = $sqdb->lastErrorMsg();
      }
    }
  } else {
    $user['id'] = $identifier;
  }
  if ( !empty($user['id']) && $stat == 'ok' ) {
    $query = 'SELECT * FROM users WHERE id = \''.$user['id'].'\'';
    $db_user = $sqdb->querySingle($query, true);
    foreach ($db_user as $key=>$val) {
      if ( empty($user[$key]) ) {
        $user[$key] = addslashes($val);
      }
    }
    $user_updates = array();
    foreach ($user as $key=>$val) {
      if ( !empty($val) && $key != 'id' && $key != 'identifier'  && $key != 'provider' ) {
        $user_updates[] = $key.' = \''.$val.'\'';
      }
    }
    $user_update = implode(', ', $user_updates);
    if ( !empty($user_update) ) {
      $query = 'UPDATE users SET '.$user_update.' WHERE id = \''.$user['id'].'\'';
      $update = $sqdb->exec($query);
      if (!$update) {
        $stat = 'fail';
        $debug[] = $query;
        $debug[] = $sqdb->lastErrorMsg();
      }
    }
    $query = 'SELECT * FROM users WHERE id = \''.$user['id'].'\'';
    $user_data = $sqdb->querySingle($query, true);
    $query = 'SELECT identifier FROM user_map WHERE id = \''.$user['id'].'\'';
    $map_result = $sqdb->query($query);
    $map_result->reset();
    $map_data = array();
    while ($row = $map_result->fetchArray(SQLITE3_ASSOC)) {
      $map_data[] = $row;
    }
    $map_result->finalize();
  }
  if ( !empty($user['id']) ) {
    $query = 'SELECT * FROM user_posts WHERE user_id = \''.$user['id'].'\'';
    $post_data = $sqdb->querySingle($query, true);
    if ( empty($post_data) && !empty($_SESSION['post_data']) ) {
      $comment = addslashes($_SESSION['post_data']['comment']);
      $query = 'INSERT INTO user_posts (user_id, comment) VALUES (\''.$user['id'].'\',\''.$comment.'\')';
      $post_insert = $sqdb->exec($query);
    } elseif ( !empty($post_data) && !empty($_SESSION['post_data']) ) {
      $comment = addslashes($_SESSION['post_data']['comment']);
      $query = 'UPDATE user_posts SET comment = \''.$comment.'\' WHERE id = '.$post_data['id'];
      $post_update = $sqdb->exec($query);
      if (!$post_update) {
        $stat = 'fail';
        $debug[] = $query;
        $debug[] = $sqdb->lastErrorMsg();
      }
    }
  }
}
$out_array = array('data'=>$user,'stat'=>$stat);
if ( !empty($debug) ) {
  $out_array['debug'] = $debug;
}
$json = json_encode($out_array);
ob_end_clean();
echo $json;
?>

Alerts (12)

'exec(' System command execution detected; use safer alternatives (e.g., escapeshellarg) or avoid if possible
28 31 32 37 45 72 96 100
'SELECT * FROM' Avoid SELECT *; specify columns for better performance and maintainability
56 79 91
Complexity hotspot; line 65 (total complexity: 7)
65