html/inc/email.inc::send_confirm_delete_email() - Code Metrics - Inspection of "Delete Account" - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#2472)

by Kevin

created 2018-05-17 15:00 UTC

html/inc/email.inc::send_confirm_delete_email() A

↳ Parent: Project

Complexity

Conditions	2
Paths	2

Size

Total Lines	20
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	11
nc	2
nop	1
dl	0
loc	20
rs	9.4285
c	0
b	0
f	0

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// email-related utilities.
// Don't put specific message text here.

require_once("../inc/util.inc");
require_once("../inc/token.inc");
require_once("../project/project.inc");
require_once("../inc/token.inc");

// send an email, using PHPMailer or not.
//
function send_email($user, $subject, $body, $body_html=null, $email_addr=null) {
    if (function_exists("make_php_mailer")) {
        if (file_exists("../inc/PHPMailer/src/PHPMailer.php") && file_exists("../inc/PHPMailer/src/SMTP.php")) {
            require_once("../inc/PHPMailer/src/PHPMailer.php");
            require_once("../inc/PHPMailer/src/SMTP.php");
        } else if (file_exists("../inc/phpmailer/class.phpmailer.php")) {
            require_once("../inc/phpmailer/class.phpmailer.php");
        } else {
            echo "PHPMailer not installed";
            return false;
        }
        $mail = make_php_mailer();
        if ($email_addr) {
            $mail->AddAddress($email_addr, $user->name);
        } else {
            $mail->AddAddress($user->email_addr, $user->name);
        }
        $mail->Subject = $subject;
        if ($body_html) {
            $mail->AltBody = $body;
            $mail->Body = $body_html;
        } else {
            $mail->Body = $body;
        }
        if (!$mail->Send()) {
            echo $mail->ErrorInfo;
            return false;
        } else {
            return true;
        }
    } else {
        $headers ="";
        if (defined('EMAIL_FROM') && defined('EMAIL_FROM_NAME')) {
            $headers = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM.">";
        } else if (defined('EMAIL_FROM')) {
            $headers = "From: ". EMAIL_FROM;
        }
        if ($email_addr) {
            return mail($email_addr, $subject, $body, $headers);
        } else {
            return mail($user->email_addr, $subject, $body, $headers);
        }
    }
}

// Send an email describing an account to the user.
// There are a few scenarios:
//
// 1) the account was created by user via web.
//    In this case they're currently looking at the "validate account" page
//    (account_created.php), although they might have strayed
//    so we need to give them a link.
// 2) the account was created administratively
// 3) the user requested account key for existing account
//
function send_auth_email($user) {
    $body = "";
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

    $now = time();
    $x = md5($user->id.$user->authenticator.$now);
    $x = substr($x, 0, 16);
    $subject = PROJECT." account information";
    $body = "This email was sent in response to a request on the ".PROJECT." web site.

To log in to your ".PROJECT." account, visit:
".secure_url_base()."login_action.php?id=$user->id&t=$now&h=$x
(This link is valid for 1 day).
After logging in, you can change your account's password or email address.
";

$body .= "
For further information and assistance with ".PROJECT.", visit
".secure_url_base()."
";

    return send_email($user, $subject, $body);
}

function send_changed_email($user) {
    $duration = TOKEN_DURATION_ONE_WEEK;

    $token = create_token($user->id, TOKEN_TYPE_CHANGE_EMAIL, $duration);

    $subject = PROJECT." email address change.";

    // Body for the new email address to explain how quickly
    // they can do another email change.
    //
    $body_new = "Your email address was changed from ".$user->previous_email_addr.
" to ".$user->email_addr." on ".date('F j \a\t g:i a T', $user->email_addr_change_time).
".  You will not be able to change your email address again until ".date('F j \a\t g:i a T', $user->email_addr_change_time + $duration).
".  If you need to undo this immediately, please look for an email from us at your ".$user->previous_email_addr." address.";

    // We need to send a different version of the email to the old address.
    //
    $body_old = "Your email address has been changed. If you did not take this action, 
then please click on the link below to reverse this process and change your password.

".secure_url_base()."recover_email.php?id=".$user->id."&token=".$token."

Note:  Your password will need to be recovered after clicking this link";

    return send_email($user, $subject, $body_new) && send_email($user, $subject, $body_old, null, $user->previous_email_addr);
}

// a valid email address is of the form [email protected]
// where A, B, C are nonempty,
// A and B don't contain @ or .,
// and C doesn't contain @ and is at least 2 chars
//
function is_valid_email_addr($addr) {
    if (defined("USE_STOPFORUMSPAM") && USE_STOPFORUMSPAM && array_key_exists('REMOTE_ADDR', $_SERVER)) {
        $ip = $_SERVER['REMOTE_ADDR'];
        // For obviously private IPs check just the email against SFS, otherwise check both IP and email
        if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
            $x = @file_get_contents("https://www.stopforumspam.com/api?ip=".$ip."&email=".$addr);
        } else {
            $x = @file_get_contents("https://www.stopforumspam.com/api?email=".$addr);
        }
        if (substr_count($x, '<appears>yes</appears>')) {
            return false;
        }
    }
    $pattern = '/^([^@]+)@([^@\.]+)\.([^@]{2,})$/';
    $match = preg_match($pattern, $addr);
    return (bool) $match;
}

function send_confirm_delete_email($user) {
    $token = create_token($user->id, TOKEN_TYPE_DELETE_ACCOUNT, TOKEN_DURATION_ONE_DAY);
    if ($token === null) {
        error_page("Error creating token.  Please try again later.");
    }
    
    $subject = "Confirm your request to delete your account at ".PROJECT;
    $body = "This email was sent in response to a request on the ".PROJECT." web site.
    
You have requested to delete your account at ".PROJECT.". In order to do this, use the following link to confirm your intent to delete your account. ".
"The link will take you to a web page where you will be asked to enter your password and complete the process of deleting your account.

".secure_url_base()."delete_account_confirm.php?id=$user->id&token=$token

This link is valid for 1 day.

For further information and assistance with ".PROJECT.", visit ".secure_url_base();

    return send_email($user, $subject, $body);
}

function salted_key($key) {
    return md5($key.'oogabooga');
}

function opt_out_url($user) {
    return secure_url_base()."opt_out.php?code=".salted_key($user->authenticator)."&userid=$user->id";
}
?>


1			<?php
2			// This file is part of BOINC.
3			// http://boinc.berkeley.edu
4			// Copyright (C) 2008 University of California
5			//
6			// BOINC is free software; you can redistribute it and/or modify it
7			// under the terms of the GNU Lesser General Public License
8			// as published by the Free Software Foundation,
9			// either version 3 of the License, or (at your option) any later version.
10			//
11			// BOINC is distributed in the hope that it will be useful,
12			// but WITHOUT ANY WARRANTY; without even the implied warranty of
13			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			// See the GNU Lesser General Public License for more details.
15			//
16			// You should have received a copy of the GNU Lesser General Public License
17			// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
18
19			// email-related utilities.
20			// Don't put specific message text here.
21
22			require_once("../inc/util.inc");
23			require_once("../inc/token.inc");
24			require_once("../project/project.inc");
25			require_once("../inc/token.inc");
26
27			// send an email, using PHPMailer or not.
28			//
29			function send_email($user, $subject, $body, $body_html=null, $email_addr=null) {
30			if (function_exists("make_php_mailer")) {
31			if (file_exists("../inc/PHPMailer/src/PHPMailer.php") && file_exists("../inc/PHPMailer/src/SMTP.php")) {
32			require_once("../inc/PHPMailer/src/PHPMailer.php");
33			require_once("../inc/PHPMailer/src/SMTP.php");
34			} else if (file_exists("../inc/phpmailer/class.phpmailer.php")) {
35			require_once("../inc/phpmailer/class.phpmailer.php");
36			} else {
37			echo "PHPMailer not installed";
38			return false;
39			}
40			$mail = make_php_mailer();
41			if ($email_addr) {
42			$mail->AddAddress($email_addr, $user->name);
43			} else {
44			$mail->AddAddress($user->email_addr, $user->name);
45			}
46			$mail->Subject = $subject;
47			if ($body_html) {
48			$mail->AltBody = $body;
49			$mail->Body = $body_html;
50			} else {
51			$mail->Body = $body;
52			}
53			if (!$mail->Send()) {
54			echo $mail->ErrorInfo;
55			return false;
56			} else {
57			return true;
58			}
59			} else {
60			$headers ="";
61			if (defined('EMAIL_FROM') && defined('EMAIL_FROM_NAME')) {
62			$headers = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM.">";
63			} else if (defined('EMAIL_FROM')) {
64			$headers = "From: ". EMAIL_FROM;
65			}
66			if ($email_addr) {
67			return mail($email_addr, $subject, $body, $headers);
68			} else {
69			return mail($user->email_addr, $subject, $body, $headers);
70			}
71			}
72			}
73
74			// Send an email describing an account to the user.
75			// There are a few scenarios:
76			//
77			// 1) the account was created by user via web.
78			// In this case they're currently looking at the "validate account" page
79			// (account_created.php), although they might have strayed
80			// so we need to give them a link.
81			// 2) the account was created administratively
82			// 3) the user requested account key for existing account
83			//
84			function send_auth_email($user) {
85			$body = "";
			0 ignored issues – show Unused Code introduced 2017-03-09 10:52 UTC by Report Bug Copy Issue Report `$body` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
86
87			$now = time();
88			$x = md5($user->id.$user->authenticator.$now);
89			$x = substr($x, 0, 16);
90			$subject = PROJECT." account information";
91			$body = "This email was sent in response to a request on the ".PROJECT." web site.
92
93			To log in to your ".PROJECT." account, visit:
94			".secure_url_base()."login_action.php?id=$user->id&t=$now&h=$x
95			(This link is valid for 1 day).
96			After logging in, you can change your account's password or email address.
97			";
98
99			$body .= "
100			For further information and assistance with ".PROJECT.", visit
101			".secure_url_base()."
102			";
103
104			return send_email($user, $subject, $body);
105			}
106
107			function send_changed_email($user) {
108			$duration = TOKEN_DURATION_ONE_WEEK;
109
110			$token = create_token($user->id, TOKEN_TYPE_CHANGE_EMAIL, $duration);
111
112			$subject = PROJECT." email address change.";
113
114			// Body for the new email address to explain how quickly
115			// they can do another email change.
116			//
117			$body_new = "Your email address was changed from ".$user->previous_email_addr.
118			" to ".$user->email_addr." on ".date('F j \a\t g:i a T', $user->email_addr_change_time).
119			". You will not be able to change your email address again until ".date('F j \a\t g:i a T', $user->email_addr_change_time + $duration).
120			". If you need to undo this immediately, please look for an email from us at your ".$user->previous_email_addr." address.";
121
122			// We need to send a different version of the email to the old address.
123			//
124			$body_old = "Your email address has been changed. If you did not take this action,
125			then please click on the link below to reverse this process and change your password.
126
127			".secure_url_base()."recover_email.php?id=".$user->id."&token=".$token."
128
129			Note: Your password will need to be recovered after clicking this link";
130
131			return send_email($user, $subject, $body_new) && send_email($user, $subject, $body_old, null, $user->previous_email_addr);
132			}
133
134			// a valid email address is of the form [email protected]
135			// where A, B, C are nonempty,
136			// A and B don't contain @ or .,
137			// and C doesn't contain @ and is at least 2 chars
138			//
139			function is_valid_email_addr($addr) {
140			if (defined("USE_STOPFORUMSPAM") && USE_STOPFORUMSPAM && array_key_exists('REMOTE_ADDR', $_SERVER)) {
141			$ip = $_SERVER['REMOTE_ADDR'];
142			// For obviously private IPs check just the email against SFS, otherwise check both IP and email
143			if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE)) {
144			$x = @file_get_contents("https://www.stopforumspam.com/api?ip=".$ip."&email=".$addr);
145			} else {
146			$x = @file_get_contents("https://www.stopforumspam.com/api?email=".$addr);
147			}
148			if (substr_count($x, '<appears>yes</appears>')) {
149			return false;
150			}
151			}
152			$pattern = '/^([^@]+)@([^@\.]+)\.([^@]{2,})$/';
153			$match = preg_match($pattern, $addr);
154			return (bool) $match;
155			}
156
157			function send_confirm_delete_email($user) {
158			$token = create_token($user->id, TOKEN_TYPE_DELETE_ACCOUNT, TOKEN_DURATION_ONE_DAY);
159			if ($token === null) {
160			error_page("Error creating token. Please try again later.");
161			}
162
163			$subject = "Confirm your request to delete your account at ".PROJECT;
164			$body = "This email was sent in response to a request on the ".PROJECT." web site.
165
166			You have requested to delete your account at ".PROJECT.". In order to do this, use the following link to confirm your intent to delete your account. ".
167			"The link will take you to a web page where you will be asked to enter your password and complete the process of deleting your account.
168
169			".secure_url_base()."delete_account_confirm.php?id=$user->id&token=$token
170
171			This link is valid for 1 day.
172
173			For further information and assistance with ".PROJECT.", visit ".secure_url_base();
174
175			return send_email($user, $subject, $body);
176			}
177
178			function salted_key($key) {
179			return md5($key.'oogabooga');
180			}
181
182			function opt_out_url($user) {
183			return secure_url_base()."opt_out.php?code=".salted_key($user->authenticator)."&userid=$user->id";
184			}
185			?>
186

BOINC / boinc

Pull Request — master (#2472)

html/inc/email.inc::send_confirm_delete_email() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like