mod_auth_default::checkLogin() - Code Metrics - Inspection of "Merge pull request #84 from mjrider/php-fixes" - Ariadne-CMS/ariadne - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 35a619...c36a21 )

by Robbert

created 2015-12-23 15:03 UTC

mod_auth_default::checkLogin() D

↳ Parent: mod_auth_default

Complexity

Conditions	27
Paths	36

Size

Total Lines	119
Code Lines	90

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	756

Metric	Value
dl	0
loc	119
ccs	0
cts	103
cp	0
rs	4.509
cc	27
eloc	90
nc	36
nop	3
crap	756

How to fix Long Method Complexity

<?php
	class mod_auth_default {

		function __construct($config=Array()) {
			$this->config = $config;
class MyClass { }

$x = new MyClass();
$x->foo = true;
		}

		function authExternalUser($login, $password, $requestedPath = "/") {

			return false;
		}

		function loadConfig($requestedPath = "/") {
		global $ARConfig, $store;
			if (!$requestedPath) {
				$requestedPath = "/";
			}
			$_cache = $ARConfig->cache;
			while ( $requestedPath && $requestedPath!='/' && !$store->exists($requestedPath) ) {
				$requestedPath = $store->make_path( $requestedPath, '..' );
			}
			$site = current($store->call("system.get.phtml", "", $store->get($requestedPath)));
			if ($site) {
				$site_config = $site->loadUserConfig();
				$this->config['siteConfig'] = $site_config['authentication'];
			}
			$ARConfig->cache = $_cache;
			return $this->config['siteConfig'];
		}

		function authUser($login, $password, $ARLoginPath="") {
		global $store, $AR;
			// Make sure we always have a user.
			$this->getUser('public');

			$criteria = array();
			$criteria["object"]["implements"]["="]="puser";
			$criteria["login"]["value"]["="]=$login;

			$siteConfig = $this->loadConfig($ARLoginPath);
			foreach ($siteConfig['userdirs'] as $userdir) {

				$user = current($store->call("system.authenticate.phtml", array("ARPassword" => $password),
						$store->find($userdir, $criteria, 1, 0)));
				if ($user) {
					$ARUserDir = $userdir;
					break;
				}
			}

			if (!$user) {
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
				$user = $this->authExternalUser($login, $password, $ARLoginPath);
				$ARUserDir = $user->parent;
			}

			if ($user) {
				if ((!$user->data->config || !$user->data->config->disabled)) {
					if ($login !== "public") {
						/* welcome to Ariadne :) */
						ldSetCredentials($login, $ARUserDir);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
					}
					$ARLogin = $user->data->login;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
					$ARPassword = 0;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
					$AR->user = $user;
					$result = true;
				} else {
					debug("getUser: user('$login') has been disabled", "all");
					$result = LD_ERR_ACCESS;
				}
			} else {
				debug("authUser: user('$login') could not authenticate", "all");
				$result = LD_ERR_ACCESS;
			}
			return $result;
		}

		function getUser($login, $ARUserDir="/system/users/") {
			global $store, $AR;
			if (!$ARUserDir) {
				$ARUserDir = "/system/users/";
			}

			$criteria = array();
			$criteria["object"]["implements"]["="]="puser";
			$criteria["login"]["value"]["="]=$login;

			$user = current(
				$store->call(
					"system.get.phtml",
					Array(),
					$store->find($ARUserDir, $criteria)
				)
			);

			if ($user) {
				if ((!$user->data->config || !$user->data->config->disabled)) {
					$AR->user = $user;
					$result = true;
				} else {
					debug("getUser: user('$login') has been disabled", "all");
					$result = LD_ERR_ACCESS;
				}

			} else {
				debug("getUser: user('$login') not found", "all");
				$result = LD_ERR_ACCESS;
			}
			return $result;
		}

		function checkLogin($login, $password, $requestedPath="/") {
		global $ARCurrent, $AR;
			debug("checkLogin($login, [password])", "all");
			$result = null;
			if ($login) {
				debug("checkLogin: initiating new login ($login)", "all");
				if ($ARCurrent->session) {
					$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
					if (!$ARUserDir) {
						$ARUserDir = "/system/users/";
					}

					if (!$ARCurrent->session->get("ARLogin") ||
							$ARCurrent->session->get("ARLogin") == "public") {
						debug("checkLogin: logging into a public session (".$ARCurrent->session->id.")", "all");
						$result = $this->authUser($login, $password, $requestedPath);
						if ($result !== true) {
							$this->getUser('public');
						}
					} else {
						if (ldCheckCredentials($login)) {

							debug("checkLogin: succesfully logged into private session (".$ARCurrent->session->id.")", "all");
							$result = $this->getUser($login, $ARUserDir);
						} else {
							if ($ARCurrent->session->get("ARLogin") == $login) {
								debug("checkLogin: user ($login) tries to login to his session without a cookie set @ $ARUserDir", "all");
								$result = $this->authUser($login, $password, $ARUserDir);
								if ($result !== true) {
									$this->getUser('public');
								}
							} else
							if (ldCheckCredentials($ARCurrent->session->get("ARLogin")))  {

								debug("checkLogin: user tries to login as another user", "all");
								$result = $this->authUser($login, $password, $requestedPath);
								if ($result !== true) {
									$this->getUser('public');
								}
							} else {
								debug("checkLogin: could not login to private session (".$ARCurrent->session->id."): creating a new one", "all");
								ldStartSession();
								$result = $this->authUser($login, $password, $ARUserDir);
								if ($result !== true) {
									$this->getUser('public');
								}
							}
						}
					}
				} else {
					debug("checkLogin: trying to log on", "all");
					$result = $this->authUser($login, $password, $requestedPath);
					if ($result !== true) {
						$this->getUser('public');
					}

				}
			} else {
				if ($ARCurrent->session) {
					$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
					if (!$ARUserDir) {
						$ARUserDir = "/system/users/";
					}

					if (!$ARCurrent->session->get("ARLogin")) {
						if ($ARCurrent->session->get("ARSessionTimedout", 1)) {
							$ARCurrent->session->put("ARSessionTimedout", 0, 1);
						}
						debug("checkLogin: logging in with public session (".$ARCurrent->session->id.")", "all");
						$result = $this->checkLogin("public", "none");
					} else
					if ($ARCurrent->session->get("ARSessionTimedout", 1)) {
						debug("checkLogin: session has been timedout, forcing login", "all");
						// become public
						$this->getUser('public');
						$result = LD_ERR_SESSION;
					} else {
						$login = $ARCurrent->session->get("ARLogin");
						if (ldCheckCredentials($login)) {

							debug("checkLogin: logging ($login) into a private session (".$ARCurrent->session->id.") with credentials from cookie", "all");
							$result = $this->getUser($login, $ARUserDir);
						} else {
							debug("checkLogin: could not login ($login) on private session (".$ARCurrent->session->id.") with credentials from cookie: removing cookie", "all");
							// FIXME: only the loader should know about cookies for sessions

							setcookie("ARSessionCookie[".$ARCurrent->session->id."]", false);
							$this->getUser('public');
							$result = LD_ERR_ACCESS;
						}
					}
				} else {
					if ($AR->arSessionRespawn) {
						debug("checkLogin: trying to respawn a session", "all");
						$cookies = ldGetCredentials();
						if (is_array($cookies)) {
							reset($cookies);
							while (!$result && (list($sid, $sval)=each($cookies))) {
								ldStartSession($sid);
								$login = $ARCurrent->session->get("ARLogin");
								debug("checkLogin: trying to respawn session ($sid) for user ($login)", "all");
								if (ldCheckCredentials($login)) {

									$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
									if (!$ARUserDir) {
										$ARUserDir = "/system/users/";
									}

									debug("checkLogin: credentials matched, loading user", "all");
									$result = $this->getUser($login, $ARUserDir);
								} else {
									debug("checkLogin: credentials didn't match", "all");
								}
							}
						}
					}
					if (!$result) {
						debug("checkLogin: normal public login", "all");
						$result = $this->authUser("public", "none");
					}
				}
			}
			return $result;
		}
	}


Push — master ( 35a619...c36a21 )

mod_auth_default::checkLogin() D

Complexity

Size

Duplication

Code Coverage

How to fix Long Method Complexity

Long Method

Available Fixes

Available Fixes

1		<?php
2		class mod_auth_default {
3
4		function __construct($config=Array()) {
5		$this->config = $config;
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The property `config` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
6		}
7
8		function authExternalUser($login, $password, $requestedPath = "/") {
		0 ignored issues – show Unused Code introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The parameter `$requestedPath` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
9		return false;
10		}
11
12		function loadConfig($requestedPath = "/") {
13		global $ARConfig, $store;
14		if (!$requestedPath) {
15		$requestedPath = "/";
16		}
17		$_cache = $ARConfig->cache;
18	View Code Duplication	while ( $requestedPath && $requestedPath!='/' && !$store->exists($requestedPath) ) {
19		$requestedPath = $store->make_path( $requestedPath, '..' );
20		}
21		$site = current($store->call("system.get.phtml", "", $store->get($requestedPath)));
22		if ($site) {
23		$site_config = $site->loadUserConfig();
24		$this->config['siteConfig'] = $site_config['authentication'];
25		}
26		$ARConfig->cache = $_cache;
27		return $this->config['siteConfig'];
28		}
29
30		function authUser($login, $password, $ARLoginPath="") {
31		global $store, $AR;
32		// Make sure we always have a user.
33		$this->getUser('public');
34
35		$criteria = array();
36		$criteria["object"]["implements"]["="]="puser";
37		$criteria["login"]["value"]["="]=$login;
38
39		$siteConfig = $this->loadConfig($ARLoginPath);
40		foreach ($siteConfig['userdirs'] as $userdir) {
41
42		$user = current($store->call("system.authenticate.phtml", array("ARPassword" => $password),
43		$store->find($userdir, $criteria, 1, 0)));
44		if ($user) {
45		$ARUserDir = $userdir;
46		break;
47		}
48		}
49
50		if (!$user) {
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The variable `$user` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
51		$user = $this->authExternalUser($login, $password, $ARLoginPath);
52		$ARUserDir = $user->parent;
53		}
54
55		if ($user) {
56		if ((!$user->data->config \|\| !$user->data->config->disabled)) {
57		if ($login !== "public") {
58		/* welcome to Ariadne :) */
59		ldSetCredentials($login, $ARUserDir);
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The variable `$ARUserDir` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
60		}
61		$ARLogin = $user->data->login;
		0 ignored issues – show Unused Code introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report `$ARLogin` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
62		$ARPassword = 0;
		0 ignored issues – show Unused Code introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report `$ARPassword` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
63		$AR->user = $user;
64		$result = true;
65		} else {
66		debug("getUser: user('$login') has been disabled", "all");
67		$result = LD_ERR_ACCESS;
68		}
69		} else {
70		debug("authUser: user('$login') could not authenticate", "all");
71		$result = LD_ERR_ACCESS;
72		}
73		return $result;
74		}
75
76		function getUser($login, $ARUserDir="/system/users/") {
77		global $store, $AR;
78		if (!$ARUserDir) {
79		$ARUserDir = "/system/users/";
80		}
81
82		$criteria = array();
83		$criteria["object"]["implements"]["="]="puser";
84		$criteria["login"]["value"]["="]=$login;
85
86		$user = current(
87		$store->call(
88		"system.get.phtml",
89		Array(),
90		$store->find($ARUserDir, $criteria)
91		)
92		);
93
94		if ($user) {
95		if ((!$user->data->config \|\| !$user->data->config->disabled)) {
96		$AR->user = $user;
97		$result = true;
98		} else {
99		debug("getUser: user('$login') has been disabled", "all");
100		$result = LD_ERR_ACCESS;
101		}
102
103		} else {
104		debug("getUser: user('$login') not found", "all");
105		$result = LD_ERR_ACCESS;
106		}
107		return $result;
108		}
109
110		function checkLogin($login, $password, $requestedPath="/") {
111		global $ARCurrent, $AR;
112		debug("checkLogin($login, [password])", "all");
113		$result = null;
114		if ($login) {
115		debug("checkLogin: initiating new login ($login)", "all");
116		if ($ARCurrent->session) {
117		$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
118		if (!$ARUserDir) {
119		$ARUserDir = "/system/users/";
120		}
121
122		if (!$ARCurrent->session->get("ARLogin") \|\|
123		$ARCurrent->session->get("ARLogin") == "public") {
124		debug("checkLogin: logging into a public session (".$ARCurrent->session->id.")", "all");
125		$result = $this->authUser($login, $password, $requestedPath);
126		if ($result !== true) {
127		$this->getUser('public');
128		}
129		} else {
130		if (ldCheckCredentials($login)) {
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The call to `ldCheckCredentials()` misses a required argument `$password`. This check looks for function calls that miss required arguments. Loading history...
131		debug("checkLogin: succesfully logged into private session (".$ARCurrent->session->id.")", "all");
132		$result = $this->getUser($login, $ARUserDir);
133		} else {
134		if ($ARCurrent->session->get("ARLogin") == $login) {
135		debug("checkLogin: user ($login) tries to login to his session without a cookie set @ $ARUserDir", "all");
136		$result = $this->authUser($login, $password, $ARUserDir);
137		if ($result !== true) {
138		$this->getUser('public');
139		}
140		} else
141		if (ldCheckCredentials($ARCurrent->session->get("ARLogin"))) {
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The call to `ldCheckCredentials()` misses a required argument `$password`. This check looks for function calls that miss required arguments. Loading history...
142		debug("checkLogin: user tries to login as another user", "all");
143		$result = $this->authUser($login, $password, $requestedPath);
144		if ($result !== true) {
145		$this->getUser('public');
146		}
147		} else {
148		debug("checkLogin: could not login to private session (".$ARCurrent->session->id."): creating a new one", "all");
149		ldStartSession();
150		$result = $this->authUser($login, $password, $ARUserDir);
151		if ($result !== true) {
152		$this->getUser('public');
153		}
154		}
155		}
156		}
157		} else {
158		debug("checkLogin: trying to log on", "all");
159		$result = $this->authUser($login, $password, $requestedPath);
160		if ($result !== true) {
161		$this->getUser('public');
162		}
163
164		}
165		} else {
166		if ($ARCurrent->session) {
167		$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
168		if (!$ARUserDir) {
169		$ARUserDir = "/system/users/";
170		}
171
172		if (!$ARCurrent->session->get("ARLogin")) {
173		if ($ARCurrent->session->get("ARSessionTimedout", 1)) {
174		$ARCurrent->session->put("ARSessionTimedout", 0, 1);
175		}
176		debug("checkLogin: logging in with public session (".$ARCurrent->session->id.")", "all");
177		$result = $this->checkLogin("public", "none");
178		} else
179		if ($ARCurrent->session->get("ARSessionTimedout", 1)) {
180		debug("checkLogin: session has been timedout, forcing login", "all");
181		// become public
182		$this->getUser('public');
183		$result = LD_ERR_SESSION;
184		} else {
185		$login = $ARCurrent->session->get("ARLogin");
186		if (ldCheckCredentials($login)) {
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The call to `ldCheckCredentials()` misses a required argument `$password`. This check looks for function calls that miss required arguments. Loading history...
187		debug("checkLogin: logging ($login) into a private session (".$ARCurrent->session->id.") with credentials from cookie", "all");
188		$result = $this->getUser($login, $ARUserDir);
189		} else {
190		debug("checkLogin: could not login ($login) on private session (".$ARCurrent->session->id.") with credentials from cookie: removing cookie", "all");
191		// FIXME: only the loader should know about cookies for sessions
		0 ignored issues – show Coding Style introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report Comment refers to a FIXME task "only the loader should know about cookies for sessions" Loading history...
192		setcookie("ARSessionCookie[".$ARCurrent->session->id."]", false);
193		$this->getUser('public');
194		$result = LD_ERR_ACCESS;
195		}
196		}
197		} else {
198		if ($AR->arSessionRespawn) {
199		debug("checkLogin: trying to respawn a session", "all");
200		$cookies = ldGetCredentials();
201		if (is_array($cookies)) {
202		reset($cookies);
203		while (!$result && (list($sid, $sval)=each($cookies))) {
204		ldStartSession($sid);
205		$login = $ARCurrent->session->get("ARLogin");
206		debug("checkLogin: trying to respawn session ($sid) for user ($login)", "all");
207		if (ldCheckCredentials($login)) {
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report The call to `ldCheckCredentials()` misses a required argument `$password`. This check looks for function calls that miss required arguments. Loading history...
208		$ARUserDir = $ARCurrent->session->get("ARUserDir", true);
209		if (!$ARUserDir) {
210		$ARUserDir = "/system/users/";
211		}
212
213		debug("checkLogin: credentials matched, loading user", "all");
214		$result = $this->getUser($login, $ARUserDir);
215		} else {
216		debug("checkLogin: credentials didn't match", "all");
217		}
218		}
219		}
220		}
221		if (!$result) {
222		debug("checkLogin: normal public login", "all");
223		$result = $this->authUser("public", "none");
224		}
225		}
226		}
227		return $result;
228		}
229		}
230

Ariadne-CMS / ariadne

Push — master ( 35a619...c36a21 )

mod_auth_default::checkLogin() D

Complexity

Size

Duplication

Code Coverage

How to fix Long Method Complexity

Long Method

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like