1 | <?php |
||
2 | // This file is part of BOINC. |
||
3 | // http://boinc.berkeley.edu |
||
4 | // Copyright (C) 2008 University of California |
||
5 | // |
||
6 | // BOINC is free software; you can redistribute it and/or modify it |
||
7 | // under the terms of the GNU Lesser General Public License |
||
8 | // as published by the Free Software Foundation, |
||
9 | // either version 3 of the License, or (at your option) any later version. |
||
10 | // |
||
11 | // BOINC is distributed in the hope that it will be useful, |
||
12 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
13 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
14 | // See the GNU Lesser General Public License for more details. |
||
15 | // |
||
16 | // You should have received a copy of the GNU Lesser General Public License |
||
17 | // along with BOINC. If not, see <http://www.gnu.org/licenses/>. |
||
18 | |||
19 | // RPC handler for account lookup |
||
20 | |||
21 | require_once("../inc/boinc_db.inc"); |
||
22 | require_once("../inc/util.inc"); |
||
23 | require_once("../inc/email.inc"); |
||
24 | require_once("../inc/xml.inc"); |
||
25 | require_once("../inc/ldap.inc"); |
||
26 | require_once("../inc/user_util.inc"); |
||
27 | require_once("../inc/password_compat/password.inc"); |
||
28 | |||
29 | xml_header(); |
||
30 | $retval = db_init_xml(); |
||
31 | if ($retval) xml_error($retval); |
||
32 | |||
33 | $ldap_auth = get_str("ldap_auth", true); |
||
34 | |||
35 | if (LDAP_HOST && $ldap_auth) { |
||
36 | // LDAP case. |
||
37 | // |
||
38 | $ldap_uid = get_str("ldap_uid"); |
||
39 | $passwd = get_str("passwd"); |
||
40 | list ($ldap_user, $error_msg) = ldap_auth($ldap_uid, $passwd); |
||
41 | if ($error_msg) { |
||
42 | sleep(LOGIN_FAIL_SLEEP_SEC); |
||
43 | xml_error(ERR_BAD_USER_NAME, $error_msg); |
||
44 | } |
||
45 | $x = ldap_email_string($ldap_uid); |
||
46 | $user = BoincUser::lookup_email_addr($x); |
||
47 | if (!$user) { |
||
48 | $user = make_user_ldap($x, $ldap_user->name); |
||
49 | if (!$user) { |
||
50 | xml_error(-1, "user record creation failed"); |
||
51 | } |
||
52 | } |
||
53 | } else { |
||
54 | // normal (non-LDAP) case |
||
55 | $email_addr = get_str("email_addr"); |
||
56 | $passwd_hash = get_str("passwd_hash", true); |
||
57 | |||
58 | $email_addr = BoincDb::escape_string($email_addr); |
||
59 | $user = BoincUser::lookup("email_addr='$email_addr'"); |
||
60 | if (!$user) { |
||
61 | sleep(LOGIN_FAIL_SLEEP_SEC); |
||
62 | xml_error(ERR_DB_NOT_FOUND); |
||
63 | } |
||
64 | |||
65 | // here the caller was testing for existence of acct w/ given email |
||
66 | // |
||
67 | if (!$passwd_hash) { |
||
68 | echo "<account_out>\n"; |
||
69 | echo " <success/>\n"; |
||
70 | echo "</account_out>\n"; |
||
71 | exit(); |
||
72 | } |
||
73 | |||
74 | $auth_hash = md5($user->authenticator.$user->email_addr); |
||
75 | |||
76 | // if no password set, set password to account key |
||
77 | // WHEN WOULD THIS EVER HAPPEN? |
||
78 | // WHY SET IT TO AUTHENTICATOR? |
||
79 | // SHOULD RETURN PASSWD FAILURE? |
||
80 | // |
||
81 | if (!strlen($user->passwd_hash)) { |
||
82 | $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT); |
||
83 | $user->update(" passwd_hash='$user->passwd_hash' "); |
||
84 | } |
||
85 | |||
86 | if (check_passwd_hash($user, $passwd_hash)) { |
||
0 ignored issues
–
show
|
|||
87 | } else if ($auth_hash == $passwd_hash) { |
||
0 ignored issues
–
show
This
if statement is empty and can be removed.
This check looks for the bodies of These if (rand(1, 6) > 3) {
//print "Check failed";
} else {
print "Check succeeded";
}
could be turned into if (rand(1, 6) <= 3) {
print "Check succeeded";
}
This is much more concise to read. ![]() |
|||
88 | // if the passed hash matches the auth hash, then allow it |
||
89 | } else { |
||
90 | // if none of the above match, the password is invalid |
||
91 | sleep(LOGIN_FAIL_SLEEP_SEC); |
||
92 | xml_error(ERR_BAD_PASSWD); |
||
93 | } |
||
94 | } |
||
95 | echo "<account_out>\n"; |
||
96 | echo "<authenticator>$user->authenticator</authenticator>\n"; |
||
97 | echo "</account_out>\n"; |
||
98 | ?> |
||
99 |
This check looks for the bodies of
if
statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete.These
if
bodies can be removed. If you have an empty if but statements in theelse
branch, consider inverting the condition.could be turned into
This is much more concise to read.