View GitHub Repository Elgg

Schedule Inspection
Subscribe
Passed
Push — master ( f13f78...5c1b24 )
by Ismayil
04:22
created

actions/login.php (1 issue)

← previous file next file →

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1 
<?php
2 
/**
3 
 * Elgg login action
4 
 */
5 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
$session = elgg_get_session();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
// set forward url

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
if ($session->has('last_forward_from')) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                
	$forward_url = $session->get('last_forward_from');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
	$forward_source = 'last_forward_from';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
} elseif (get_input('returntoreferer')) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
	$forward_url = REFERER;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
	$forward_source = 'return_to_referer';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
} else {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
	// forward to main index page

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
	$forward_url = '';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
	$forward_source = null;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
$username = get_input('username');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
$password = get_input('password', null, false);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
$persistent = (bool) get_input("persistent");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
$result = false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
if (empty($username) || empty($password)) {

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
	return elgg_error_response(elgg_echo('login:empty'));

            


            
                                                                        
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
}

            


            
                                                                        
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
// check if logging in with email address

            


            
                                                                        
                            
            
                                                                    
                                                                                                        
            
            

                
                    31
                

                                    
                                                    
                
                View Code Duplication
                
if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
1 ignored issue
show
                        


                        

                                                                                        




    

        
            Duplication
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                                
                            
                        

                                        
This code seems to be duplicated across your project.
                                            

                                            
                    
                                            

                            

                            

                                
                                    
                                
                            


                            
Duplicated code is one of the most pungent code smells. If you need to duplicate
the same code in three or more different places, we strongly encourage you to
look into extracting the code into a single class or operation.


You can also find more detailed suggestions in the “Code” section of your repository.


                        

                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                        
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
	$username = $users[0]->username;

            


            
                                                                        
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
$user = get_user_by_username($username);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
$result = elgg_authenticate($username, $password);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
if ($result !== true) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
	// was due to missing hash?

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
	if ($user && !$user->password_hash) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                
		// if we did this in pam_auth_userpass(), visitors could sniff account usernames from

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
		// email addresses. Instead, this lets us give the visitor only the information

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                
		// they provided.

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
		elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
		$output = [

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
			'forward' => 'forgotpassword',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                
		];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
		return elgg_ok_response($output, '', 'forgotpassword');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
	}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    51
                

                                    
                                                    
                
                
                
	return elgg_error_response($result);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    53
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                
if (!$user) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                
	return elgg_error_response(elgg_echo('login:baduser'));

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    56
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    58
                

                                    
                                                    
                
                
                
try {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                
	login($user, $persistent);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                
	// re-register at least the core language file for users with language other than site default

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                
	register_translations(dirname(dirname(__FILE__)) . "/languages/");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    62
                

                                    
                                                    
                
                
                
} catch (LoginException $e) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                
	return elgg_error_response($e->getMessage());

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    64
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    65
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    66
                

                                    
                                                    
                
                
                
$message = elgg_echo('loginok', [], $user->getLanguage(get_current_language()));

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    67
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    68
                

                                    
                                                    
                
                
                
// clear after login in case login fails

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    69
                

                                    
                                                    
                
                
                
$session->remove('last_forward_from');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    70
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    71
                

                                    
                                                    
                
                
                
$params = ['user' => $user, 'source' => $forward_source];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    72
                

                                    
                                                    
                
                
                
$forward_url = elgg_trigger_plugin_hook('login:forward', 'user', $params, $forward_url);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    73
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    74
                

                                    
                                                    
                
                
                
$output = [

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    75
                

                                    
                                                    
                
                
                
	'forward' => $forward_url,

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    76
                

                                    
                                                    
                
                
                
];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    77
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    78
                

                                    
                                                    
                
                
                
if (elgg_is_xhr()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    79
                

                                    
                                                    
                
                
                
	// Hold the system messages until the client refreshes the page.

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    80
                

                                    
                                                    
                
                
                
	set_input('elgg_fetch_messages', 0);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    81
                

                                    
                                                    
                
                
                
}

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    82
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    83
                

                                    
                                                    
                
                
                
return elgg_ok_response($output, $message, $forward_url);

            


            
                                                        
            
                                    
            
            

                
                    84