Issues in weak_auth.php (master) - Issues in master - BOINC/boinc - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1964)

html/user/weak_auth.php (3 issues)

Labels

Severity

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

require_once("../inc/util.inc");
require_once("../inc/user.inc");

$user = get_logged_in_user();
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

$weak_auth = weak_auth($user);

// figure out the name of this project's account file.

// strip http://
//
$master_url = master_url();
$idx = strpos($master_url, '://');
if ($idx) {
    $url = substr($master_url, $idx+strlen('://'));
} else {
    $url = $master_url;
}

// convert invalid characters into underscores
//
for ($i=0; $i<strlen($url); $i++) {

    $c = $url[$i];
    if (!ctype_alnum($c) && $c != '.' && $c != '-' && $c != '_') {
        $url[$i] = '_';
    }
}

//remove trailing underscore(s)
//
$account_file = "account_" . rtrim($url, '_') . ".xml";

page_head(tra("Account keys"));
text_start();
echo "<table><tr><td>",
    tra("You can access your account either by using your email address and password,
    or by using an assigned 'account key'.
    Your account key is:"),
    "<p><pre>$user->authenticator</pre>
    <p>",
    tra("This key can be used to:"),
    "<ul>
    <li><a href=get_passwd.php>",tra("log in to your account on the web"),"</a>;
    <li>",
        tra("attach a computer to your account without using the BOINC Manager.
       To do so, install BOINC,
       create a file named %1 in the BOINC
       data directory, and set its contents to:","<b>$account_file</b>"),"
    <p><pre>",
    htmlspecialchars(
"<account>
    <master_url>".$master_url."</master_url>
    <authenticator>".$weak_auth."</authenticator>
</account>"),
    "</pre>
    </ul>
    <h2>", tra("Weak account key"), "</h2>",
    tra("Your 'weak account key' can be used to attach computers to your account
    as described above, but cannot be used to log in to your account or change it in any way.
    If you want to attach untrusted or insecure computers to your account,
    do so using your weak account key.
    Your weak account key is:"),"
    <p><pre>$weak_auth</pre><p>
    ",
    tra("The key depends on your account's email address and password.  If you change either of these, the weak account key will change."),"
    </td></tr></table>"
;

text_end();
page_tail();
?>


1			<?php
2			// This file is part of BOINC.
3			// http://boinc.berkeley.edu
4			// Copyright (C) 2008 University of California
5			//
6			// BOINC is free software; you can redistribute it and/or modify it
7			// under the terms of the GNU Lesser General Public License
8			// as published by the Free Software Foundation,
9			// either version 3 of the License, or (at your option) any later version.
10			//
11			// BOINC is distributed in the hope that it will be useful,
12			// but WITHOUT ANY WARRANTY; without even the implied warranty of
13			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			// See the GNU Lesser General Public License for more details.
15			//
16			// You should have received a copy of the GNU Lesser General Public License
17			// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
18
19			require_once("../inc/util.inc");
20			require_once("../inc/user.inc");
21
22			$user = get_logged_in_user();
			0 ignored issues – show Bug introduced 2018-10-19 16:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$user` is correct as `get_logged_in_user()` seems to always return `null`. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
23
24			$weak_auth = weak_auth($user);
25
26			// figure out the name of this project's account file.
27
28			// strip http://
29			//
30			$master_url = master_url();
31			$idx = strpos($master_url, '://');
32			if ($idx) {
33			$url = substr($master_url, $idx+strlen('://'));
34			} else {
35			$url = $master_url;
36			}
37
38			// convert invalid characters into underscores
39			//
40			for ($i=0; $i<strlen($url); $i++) {
			0 ignored issues – show Coding Style Performance introduced 2018-10-18 23:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The use of strlen() inside a loop condition is not allowed; assign the return value to a variable and use the variable in the loop condition instead Loading history...
41			$c = $url[$i];
42			if (!ctype_alnum($c) && $c != '.' && $c != '-' && $c != '_') {
43			$url[$i] = '_';
44			}
45			}
46
47			//remove trailing underscore(s)
48			//
49			$account_file = "account_" . rtrim($url, '_') . ".xml";
50
51			page_head(tra("Account keys"));
52			text_start();
53			echo "<table><tr><td>",
54			tra("You can access your account either by using your email address and password,
55			or by using an assigned 'account key'.
56			Your account key is:"),
57			"<p><pre>$user->authenticator</pre>
58			<p>",
59			tra("This key can be used to:"),
60			"<ul>
61			<li><a href=get_passwd.php>",tra("log in to your account on the web"),"</a>;
62			<li>",
63			tra("attach a computer to your account without using the BOINC Manager.
64			To do so, install BOINC,
65			create a file named %1 in the BOINC
66			data directory, and set its contents to:","<b>$account_file</b>"),"
67			<p><pre>",
68			htmlspecialchars(
69			"<account>
70			<master_url>".$master_url."</master_url>
71			<authenticator>".$weak_auth."</authenticator>
72			</account>"),
73			"</pre>
74			</ul>
75			<h2>", tra("Weak account key"), "</h2>",
76			tra("Your 'weak account key' can be used to attach computers to your account
77			as described above, but cannot be used to log in to your account or change it in any way.
78			If you want to attach untrusted or insecure computers to your account,
79			do so using your weak account key.
80			Your weak account key is:"),"
81			<p><pre>$weak_auth</pre><p>
82			",
83			tra("The key depends on your account's email address and password. If you change either of these, the weak account key will change."),"
84			</td></tr></table>"
85			;
			0 ignored issues – show Coding Style introduced 2018-10-18 23:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Space found before semicolon; expected " </td></tr></table>";" but found " </td></tr></table>" ;" Loading history...
86			text_end();
87			page_tail();
88			?>
89

BOINC / boinc

Issues (1964)

html/user/weak_auth.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like