Issues in lookup_account.php (master) - Issues in master - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1963)

html/user/lookup_account.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// RPC handler for account lookup

require_once("../inc/boinc_db.inc");
require_once("../inc/util.inc");
require_once("../inc/email.inc");
require_once("../inc/xml.inc");
require_once("../inc/ldap.inc");
require_once("../inc/user_util.inc");
require_once("../inc/password_compat/password.inc");

xml_header();
$retval = db_init_xml();
if ($retval) xml_error($retval);

$ldap_auth = get_str("ldap_auth", true);

if (LDAP_HOST && $ldap_auth) {
    // LDAP case.
    //
    $ldap_uid = get_str("ldap_uid");
    $passwd = get_str("passwd");
    list ($ldap_user, $error_msg) = ldap_auth($ldap_uid, $passwd);
    if ($error_msg) {
        sleep(LOGIN_FAIL_SLEEP_SEC);
        xml_error(ERR_BAD_USER_NAME, $error_msg);
    }
    $x = ldap_email_string($ldap_uid);
    $user = BoincUser::lookup_email_addr($x);
    if (!$user) {
        $user = make_user_ldap($x, $ldap_user->name);
        if (!$user) {
            xml_error(-1, "user record creation failed");
        }
    }
} else {
    // normal (non-LDAP) case
    $email_addr = get_str("email_addr");
    $passwd_hash = get_str("passwd_hash", true);

    $email_addr = BoincDb::escape_string($email_addr);
    $user = BoincUser::lookup("email_addr='$email_addr'");
    if (!$user) {
        sleep(LOGIN_FAIL_SLEEP_SEC);
        xml_error(ERR_DB_NOT_FOUND);
    }

    // here the caller was testing for existence of acct w/ given email
    //
    if (!$passwd_hash) {
        echo "<account_out>\n";
        echo "   <success/>\n";
        echo "</account_out>\n";
        exit();
    }

    $auth_hash = md5($user->authenticator.$user->email_addr);

    // if no password set, set password to account key
    // WHEN WOULD THIS EVER HAPPEN?
    // WHY SET IT TO AUTHENTICATOR?
    // SHOULD RETURN PASSWD FAILURE?
    //
    if (!strlen($user->passwd_hash)) {
        $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
        $user->update(" passwd_hash='$user->passwd_hash' ");
    }

    if (check_passwd_hash($user, $passwd_hash)) {
if (rand(1, 6) > 3) {
//print "Check failed";
} else {
    print "Check succeeded";
}
    } else if ($auth_hash == $passwd_hash) {
if (rand(1, 6) > 3) {
//print "Check failed";
} else {
    print "Check succeeded";
}
        // if the passed hash matches the auth hash, then allow it
    } else {
        // if none of the above match, the password is invalid
        sleep(LOGIN_FAIL_SLEEP_SEC);
        xml_error(ERR_BAD_PASSWD);
    }
}
echo "<account_out>\n";
echo "<authenticator>$user->authenticator</authenticator>\n";
echo "</account_out>\n";
?>


1			<?php
2			// This file is part of BOINC.
3			// http://boinc.berkeley.edu
4			// Copyright (C) 2008 University of California
5			//
6			// BOINC is free software; you can redistribute it and/or modify it
7			// under the terms of the GNU Lesser General Public License
8			// as published by the Free Software Foundation,
9			// either version 3 of the License, or (at your option) any later version.
10			//
11			// BOINC is distributed in the hope that it will be useful,
12			// but WITHOUT ANY WARRANTY; without even the implied warranty of
13			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			// See the GNU Lesser General Public License for more details.
15			//
16			// You should have received a copy of the GNU Lesser General Public License
17			// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
18
19			// RPC handler for account lookup
20
21			require_once("../inc/boinc_db.inc");
22			require_once("../inc/util.inc");
23			require_once("../inc/email.inc");
24			require_once("../inc/xml.inc");
25			require_once("../inc/ldap.inc");
26			require_once("../inc/user_util.inc");
27			require_once("../inc/password_compat/password.inc");
28
29			xml_header();
30			$retval = db_init_xml();
31			if ($retval) xml_error($retval);
32
33			$ldap_auth = get_str("ldap_auth", true);
34
35			if (LDAP_HOST && $ldap_auth) {
36			// LDAP case.
37			//
38			$ldap_uid = get_str("ldap_uid");
39			$passwd = get_str("passwd");
40			list ($ldap_user, $error_msg) = ldap_auth($ldap_uid, $passwd);
41			if ($error_msg) {
42			sleep(LOGIN_FAIL_SLEEP_SEC);
43			xml_error(ERR_BAD_USER_NAME, $error_msg);
44			}
45			$x = ldap_email_string($ldap_uid);
46			$user = BoincUser::lookup_email_addr($x);
47			if (!$user) {
48			$user = make_user_ldap($x, $ldap_user->name);
49			if (!$user) {
50			xml_error(-1, "user record creation failed");
51			}
52			}
53			} else {
54			// normal (non-LDAP) case
55			$email_addr = get_str("email_addr");
56			$passwd_hash = get_str("passwd_hash", true);
57
58			$email_addr = BoincDb::escape_string($email_addr);
59			$user = BoincUser::lookup("email_addr='$email_addr'");
60			if (!$user) {
61			sleep(LOGIN_FAIL_SLEEP_SEC);
62			xml_error(ERR_DB_NOT_FOUND);
63			}
64
65			// here the caller was testing for existence of acct w/ given email
66			//
67			if (!$passwd_hash) {
68			echo "<account_out>\n";
69			echo " <success/>\n";
70			echo "</account_out>\n";
71			exit();
72			}
73
74			$auth_hash = md5($user->authenticator.$user->email_addr);
75
76			// if no password set, set password to account key
77			// WHEN WOULD THIS EVER HAPPEN?
78			// WHY SET IT TO AUTHENTICATOR?
79			// SHOULD RETURN PASSWD FAILURE?
80			//
81			if (!strlen($user->passwd_hash)) {
82			$user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
83			$user->update(" passwd_hash='$user->passwd_hash' ");
84			}
85
86			if (check_passwd_hash($user, $passwd_hash)) {
			0 ignored issues – show Unused Code introduced 2018-05-03 03:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `if` statement is empty and can be removed. This check looks for the bodies of `if` statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. These `if` bodies can be removed. If you have an empty if but statements in the `else` branch, consider inverting the condition. if (rand(1, 6) > 3) { //print "Check failed"; } else { print "Check succeeded"; } could be turned into if (rand(1, 6) <= 3) { print "Check succeeded"; } This is much more concise to read. Loading history...
87			} else if ($auth_hash == $passwd_hash) {
			0 ignored issues – show Unused Code introduced 2018-03-09 21:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `if` statement is empty and can be removed. This check looks for the bodies of `if` statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. These `if` bodies can be removed. If you have an empty if but statements in the `else` branch, consider inverting the condition. if (rand(1, 6) > 3) { //print "Check failed"; } else { print "Check succeeded"; } could be turned into if (rand(1, 6) <= 3) { print "Check succeeded"; } This is much more concise to read. Loading history...
88			// if the passed hash matches the auth hash, then allow it
89			} else {
90			// if none of the above match, the password is invalid
91			sleep(LOGIN_FAIL_SLEEP_SEC);
92			xml_error(ERR_BAD_PASSWD);
93			}
94			}
95			echo "<account_out>\n";
96			echo "<authenticator>$user->authenticator</authenticator>\n";
97			echo "</account_out>\n";
98			?>
99

BOINC / boinc

Issues (1963)

html/user/lookup_account.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like