Issues in account.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/www/include/account.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
//
// Copyright (c) Enalean, 2015. All Rights Reserved.
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// 
//
// adduser.php - All the forms and functions to manage unix users
//

// ***** function account_pwvalid()
// ***** check for valid password
function account_pwvalid($pw, &$errors) {
    $password_strategy = new PasswordStrategy();
    include($GLOBALS['Language']->getContent('account/password_strategy'));
    $valid = $password_strategy->validate($pw);
    $errors = $password_strategy->errors;
    return $valid;
}

// Add user to an existing project
function account_add_user_to_group ($group_id,&$user_unix_name) {
    $um = UserManager::instance();
    $user = $um->findUser($user_unix_name);
    if ($user) {
        return account_add_user_obj_to_group($group_id, $user);
    } else {
        //user doesn't exist
        $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account','user_not_exist'));
        return false;
    }
}

/**
 * Add a new user into a given project
 * 
 * @param Integer $group_id Project id
 * @param PFUser    $user     User to add
 * 
 * @return Boolean
 */
function account_add_user_obj_to_group ($group_id, PFUser $user) {
    //user was found but if it's a pending account adding
    //is not allowed
    if (!$user->isActive() && !$user->isRestricted()) {
        $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account', 'account_notactive', $user->getUserName()));
        return false;
    }

        //if not already a member, add it
    $res_member = db_query("SELECT user_id FROM user_group WHERE user_id=".$user->getId()." AND group_id='".db_ei($group_id)."'");
    if (db_numrows($res_member) < 1) {
        //not already a member
        db_query("INSERT INTO user_group (user_id,group_id) VALUES (".db_ei($user->getId()).",".db_ei($group_id).")");


        //if no unix account, give them a unix_uid
        if ($user->getUnixStatus() == 'N' || !$user->getUnixUid()) {
            $user->setUnixStatus('A');
            $um = UserManager::instance();
            $um->assignNextUnixUid($user);
            $um->updateDb($user);
        }

        // Raise an event
        $em = EventManager::instance();
        $em->processEvent('project_admin_add_user', array(
                'group_id'       => $group_id,
                'user_id'        => $user->getId(),
                'user_unix_name' => $user->getUserName(),
        ));

        $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('include_account','user_added'));
        account_send_add_user_to_group_email($group_id, $user->getId());
        group_add_history('added_user', $user->getUserName(), $group_id, array($user->getUserName()));


        return true;
    } else {
        $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account','user_already_member'));
    }
    return false;
}

/**
 * Warn user she has been added to a project
 *
 * @param Integer $group_id id of the project
 * @param Integer $user_id  id of the user
 *
 * @return Boolean true if the mail was sent false otherwise
 */
function account_send_add_user_to_group_email($group_id,$user_id) {
  global $Language;
    $base_url = get_server_url();

    // Get email address
    $res = db_query("SELECT email FROM user WHERE user_id=".db_ei($user_id));
    if (db_numrows($res) > 0) {
        $email_address = db_result($res,0,'email');
        if (!$email_address) {
            $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'no_mail_for_account'));
            return false;
        }
        $res2 = db_query("SELECT group_name,unix_group_name FROM groups WHERE group_id=".db_ei($group_id));
        if (db_numrows($res2) > 0) {
            $group_name = db_result($res2,0,'group_name');
            $unix_group_name = db_result($res2,0,'unix_group_name');
            // $message is defined in the content file
            include($Language->getContent('include/add_user_to_group_email'));
            
            $mail = new Mail();
            $mail->setTo($email_address);
            $mail->setFrom($GLOBALS['sys_noreply']);
            $mail->setSubject($Language->getText('include_account','welcome',array($GLOBALS['sys_name'],$group_name)));
            $mail->setBody($message);

            $result = $mail->send();
            if (!$result) {
                $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])), CODENDI_PURIFIER_DISABLED);
            }
            return $result;
        }
    }
    return false;
}

/**
 * Remove a user from a project
 *
 * @param Integer $groupId      Project id
 * @param Integer $userId       User id
 * @param Boolean $adminAction  Default value set to true, manage the displayed message according to the person that asked for the action (admin/self remove) 
 */
function account_remove_user_from_group($groupId, $userId, $adminAction = true) {
    $pm = ProjectManager::instance();
    $res=db_query("DELETE FROM user_group WHERE group_id='$groupId' AND user_id='$userId' AND admin_flags <> 'A'");
    if (!$res || db_affected_rows($res) < 1) {
        $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','user_not_removed'));
    } else {
        // Raise an event
        $em = EventManager::instance();
        $em->processEvent('project_admin_remove_user', array(
                'group_id' => $groupId,
                'user_id' => $userId
        ));

        //
        //  get the Group object
        //
        $group = $pm->getProject($groupId);
        if (!$group || !is_object($group) || $group->isError()) {
            exit_no_group();
        }
        $atf = new ArtifactTypeFactory($group);
        if (!$group || !is_object($group) || $group->isError()) {
            $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','not_get_atf'));
        }

        // Get the artfact type list
        $at_arr = $atf->getArtifactTypes();

        if ($at_arr && count($at_arr) > 0) {
            for ($j = 0; $j < count($at_arr); $j++) {
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
                if ( !$at_arr[$j]->deleteUser($userId) ) {
                    $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','del_tracker_perm_fail',$at_arr[$j]->getName()));
                }
            }
        }

        // Remove user from ugroups attached to this project
        if (!ugroup_delete_user_from_project_ugroups($groupId,$userId)) {
            $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','del_user_from_ug_fail'));
        }
        $name = user_getname($userId);
        if ($adminAction) {
            $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_index','user_removed').' ('.$name.')');
        } else {
            $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_index','self_user_remove').' ('.$group->getPublicName().')');
        }
        group_add_history ('removed_user',user_getname($userId)." ($userId)",$groupId);

        return true;
    }
    return false;
}

// Generate a valid Unix login name from the email address.
function account_make_login_from_email($email) {
    $pattern = "/^(.*)@.*$/";
    $replacement = "$1";
    $name=preg_replace($pattern, $replacement, $email);
    $name = substr($name, 0, 32);
    $name = strtr($name, ".:;,?%^*(){}[]<>+=$", "___________________");
    $name = strtr($name, "�a��e�u�", "aaeeeuuc");
    return strtolower($name);
}

/**
 * Check username validity. DEPRECATED
 * 
 * @deprecated
 * @see Valid_UserNameFormat
 * @param String $name
 * @return Integer
 */
function account_namevalid($name, $key = '') {
    $rule = new Rule_UserName();
    if (!$rule->isValid($name)) {
        $GLOBALS['register_error'] = $rule->getErrorMessage();
        return 0;
    }
    return 1;
}

/**
 * Check groupname validity. DEPRECATED
 * 
 * @deprecated
 * @see Rule_ProjectName
 * @param String $name
 * @return Integer
 */
function account_groupnamevalid($name) {
    $rule = new Rule_ProjectName();
    if (!$rule->isValid($name)) {
        $GLOBALS['register_error'] = $rule->getErrorMessage();
        return 0;
    }
    return 1;
}


// print out shell selects
function account_shellselects($current) {
    include_once 'common/user/User.class.php';
    if (!$current) {
        $current = '/sbin/nologin';
    }
    foreach (PFUser::getAllUnixShells() as $shell) {
        $selected = '';
        if ($current == $shell) {
            $selected = ' selected="selected"';
        }
        echo '<option value="'.$shell.'"'.$selected.'>'.$shell.'</option>'.PHP_EOL;
    }
}
// Set user password (Unix, Web)
function account_create($loginname=''
                        ,$pw=''
                        ,$ldap_id=''
                        ,$realname=''
                        ,$register_purpose=''
                        ,$email=''
                        ,$status='P'
                        ,$confirm_hash=''
                        ,$mail_site=0
                        ,$mail_va=0
                        ,$timezone='GMT'
                        ,$lang_id='en_US'
                        ,$unix_status='N'
                        ,$expiry_date=0
                        ) {
    $um   = UserManager::instance();
    $user = new PFUser();
    $user->setUserName($loginname);
    $user->setRealName($realname);
    $user->setPassword($pw);
    $user->setLdapId($ldap_id);
    $user->setRegisterPurpose($register_purpose);
    $user->setEmail($email);
    $user->setStatus($status);
    $user->setConfirmHash($confirm_hash);
    $user->setMailSiteUpdates($mail_site);
    $user->setMailVA($mail_va);
    $user->setTimezone($timezone);
    $user->setLanguageID($lang_id);
    $user->setUnixStatus($unix_status);
    $user->setExpiryDate($expiry_date);
    
    $u = $um->createAccount($user);
    if ($u) {
        return $u->getId();
    } else {
        return $u;
    }
}
function account_create_mypage($user_id) {
    $um   = UserManager::instance();
    return $um->accountCreateMyPage($user_id);
}

function account_redirect_after_login() {
    global $pv;  

    $request = HTTPRequest::instance();

    $em = EventManager::instance();
    $em->processEvent('account_redirect_after_login', array('request' => $request));

    if($request->existAndNonEmpty('return_to')) {
        $returnToToken = parse_url($request->get('return_to'));
        if(preg_match('{/my(/|/index.php|)}i', $returnToToken['path'])) {
            util_return_to('/my/index.php');
        }
        else {
            util_return_to('/my/redirect.php');
        }
    }
    else {
        if (isset($pv) && $pv == 2) {
            util_return_to('/my/index.php?pv=2');
	} else {
	    util_return_to('/my/index.php');
        }
    }
}

?>


GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/www/include/account.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			//
3			// Copyright (c) Enalean, 2015. All Rights Reserved.
4			// SourceForge: Breaking Down the Barriers to Open Source Development
5			// Copyright 1999-2000 (c) The SourceForge Crew
6			// http://sourceforge.net
7			//
8			//
9			//
10			// adduser.php - All the forms and functions to manage unix users
11			//
12
13			// ***** function account_pwvalid()
14			// ***** check for valid password
15			function account_pwvalid($pw, &$errors) {
16			$password_strategy = new PasswordStrategy();
17			include($GLOBALS['Language']->getContent('account/password_strategy'));
18			$valid = $password_strategy->validate($pw);
19			$errors = $password_strategy->errors;
20			return $valid;
21			}
22
23			// Add user to an existing project
24			function account_add_user_to_group ($group_id,&$user_unix_name) {
25			$um = UserManager::instance();
26			$user = $um->findUser($user_unix_name);
27			if ($user) {
28			return account_add_user_obj_to_group($group_id, $user);
29			} else {
30			//user doesn't exist
31			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account','user_not_exist'));
32			return false;
33			}
34			}
35
36			/**
37			* Add a new user into a given project
38			*
39			* @param Integer $group_id Project id
40			* @param PFUser $user User to add
41			*
42			* @return Boolean
43			*/
44			function account_add_user_obj_to_group ($group_id, PFUser $user) {
45			//user was found but if it's a pending account adding
46			//is not allowed
47			if (!$user->isActive() && !$user->isRestricted()) {
48			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account', 'account_notactive', $user->getUserName()));
49			return false;
50			}
51
52			//if not already a member, add it
53			$res_member = db_query("SELECT user_id FROM user_group WHERE user_id=".$user->getId()." AND group_id='".db_ei($group_id)."'");
54			if (db_numrows($res_member) < 1) {
55			//not already a member
56			db_query("INSERT INTO user_group (user_id,group_id) VALUES (".db_ei($user->getId()).",".db_ei($group_id).")");
57
58
59			//if no unix account, give them a unix_uid
60			if ($user->getUnixStatus() == 'N' \|\| !$user->getUnixUid()) {
61			$user->setUnixStatus('A');
62			$um = UserManager::instance();
63			$um->assignNextUnixUid($user);
64			$um->updateDb($user);
65			}
66
67			// Raise an event
68			$em = EventManager::instance();
69			$em->processEvent('project_admin_add_user', array(
70			'group_id' => $group_id,
71			'user_id' => $user->getId(),
72			'user_unix_name' => $user->getUserName(),
73			));
74
75			$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('include_account','user_added'));
76			account_send_add_user_to_group_email($group_id, $user->getId());
77			group_add_history('added_user', $user->getUserName(), $group_id, array($user->getUserName()));
			0 ignored issues – show Deprecated Code introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `group_add_history()` has been deprecated with message: handle the insertion of history for corresponding parameters $args is an array containing a list of parameters to use when the message is to be displayed by the history.php script The array is stored as a string at the end of the field_name with the following format: field_name %% [arg1, arg2...] This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
78
79			return true;
80			} else {
81			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account','user_already_member'));
82			}
83			return false;
84			}
85
86			/**
87			* Warn user she has been added to a project
88			*
89			* @param Integer $group_id id of the project
90			* @param Integer $user_id id of the user
91			*
92			* @return Boolean true if the mail was sent false otherwise
93			*/
94			function account_send_add_user_to_group_email($group_id,$user_id) {
95			global $Language;
96			$base_url = get_server_url();
97
98			// Get email address
99			$res = db_query("SELECT email FROM user WHERE user_id=".db_ei($user_id));
100			if (db_numrows($res) > 0) {
101			$email_address = db_result($res,0,'email');
102			if (!$email_address) {
103			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'no_mail_for_account'));
104			return false;
105			}
106			$res2 = db_query("SELECT group_name,unix_group_name FROM groups WHERE group_id=".db_ei($group_id));
107			if (db_numrows($res2) > 0) {
108			$group_name = db_result($res2,0,'group_name');
109			$unix_group_name = db_result($res2,0,'unix_group_name');
110			// $message is defined in the content file
111			include($Language->getContent('include/add_user_to_group_email'));
112
113			$mail = new Mail();
114			$mail->setTo($email_address);
115			$mail->setFrom($GLOBALS['sys_noreply']);
116			$mail->setSubject($Language->getText('include_account','welcome',array($GLOBALS['sys_name'],$group_name)));
117			$mail->setBody($message);
			0 ignored issues – show Bug introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$message` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
118			$result = $mail->send();
119			if (!$result) {
120			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])), CODENDI_PURIFIER_DISABLED);
121			}
122			return $result;
123			}
124			}
125			return false;
126			}
127
128			/**
129			* Remove a user from a project
130			*
131			* @param Integer $groupId Project id
132			* @param Integer $userId User id
133			* @param Boolean $adminAction Default value set to true, manage the displayed message according to the person that asked for the action (admin/self remove)
134			*/
135			function account_remove_user_from_group($groupId, $userId, $adminAction = true) {
136			$pm = ProjectManager::instance();
137			$res=db_query("DELETE FROM user_group WHERE group_id='$groupId' AND user_id='$userId' AND admin_flags <> 'A'");
138			if (!$res \|\| db_affected_rows($res) < 1) {
139			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','user_not_removed'));
140			} else {
141			// Raise an event
142			$em = EventManager::instance();
143			$em->processEvent('project_admin_remove_user', array(
144			'group_id' => $groupId,
145			'user_id' => $userId
146			));
147
148			//
149			// get the Group object
150			//
151			$group = $pm->getProject($groupId);
152			if (!$group \|\| !is_object($group) \|\| $group->isError()) {
153			exit_no_group();
154			}
155			$atf = new ArtifactTypeFactory($group);
156			if (!$group \|\| !is_object($group) \|\| $group->isError()) {
157			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','not_get_atf'));
158			}
159
160			// Get the artfact type list
161			$at_arr = $atf->getArtifactTypes();
162
163			if ($at_arr && count($at_arr) > 0) {
164			for ($j = 0; $j < count($at_arr); $j++) {
			0 ignored issues – show Performance Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are calling the size function `count()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
165			if ( !$at_arr[$j]->deleteUser($userId) ) {
166			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','del_tracker_perm_fail',$at_arr[$j]->getName()));
167			}
168			}
169			}
170
171			// Remove user from ugroups attached to this project
172			if (!ugroup_delete_user_from_project_ugroups($groupId,$userId)) {
173			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index','del_user_from_ug_fail'));
174			}
175			$name = user_getname($userId);
176			if ($adminAction) {
177			$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_index','user_removed').' ('.$name.')');
178			} else {
179			$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_index','self_user_remove').' ('.$group->getPublicName().')');
180			}
181			group_add_history ('removed_user',user_getname($userId)." ($userId)",$groupId);
			0 ignored issues – show Deprecated Code introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `group_add_history()` has been deprecated with message: handle the insertion of history for corresponding parameters $args is an array containing a list of parameters to use when the message is to be displayed by the history.php script The array is stored as a string at the end of the field_name with the following format: field_name %% [arg1, arg2...] This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
182			return true;
183			}
184			return false;
185			}
186
187			// Generate a valid Unix login name from the email address.
188			function account_make_login_from_email($email) {
189			$pattern = "/^(.)@.$/";
190			$replacement = "$1";
191			$name=preg_replace($pattern, $replacement, $email);
192			$name = substr($name, 0, 32);
193			$name = strtr($name, ".:;,?%^*(){}[]<>+=$", "___________________");
194			$name = strtr($name, "�a��e�u�", "aaeeeuuc");
195			return strtolower($name);
196			}
197
198			/**
199			* Check username validity. DEPRECATED
200			*
201			* @deprecated
202			* @see Valid_UserNameFormat
203			* @param String $name
204			* @return Integer
205			*/
206			function account_namevalid($name, $key = '') {
207			$rule = new Rule_UserName();
208			if (!$rule->isValid($name)) {
209			$GLOBALS['register_error'] = $rule->getErrorMessage();
210			return 0;
211			}
212			return 1;
213			}
214
215			/**
216			* Check groupname validity. DEPRECATED
217			*
218			* @deprecated
219			* @see Rule_ProjectName
220			* @param String $name
221			* @return Integer
222			*/
223			function account_groupnamevalid($name) {
224			$rule = new Rule_ProjectName();
225			if (!$rule->isValid($name)) {
226			$GLOBALS['register_error'] = $rule->getErrorMessage();
227			return 0;
228			}
229			return 1;
230			}
231
232
233			// print out shell selects
234			function account_shellselects($current) {
235			include_once 'common/user/User.class.php';
236			if (!$current) {
237			$current = '/sbin/nologin';
238			}
239			foreach (PFUser::getAllUnixShells() as $shell) {
240			$selected = '';
241			if ($current == $shell) {
242			$selected = ' selected="selected"';
243			}
244			echo '<option value="'.$shell.'"'.$selected.'>'.$shell.'</option>'.PHP_EOL;
245			}
246			}
247			// Set user password (Unix, Web)
248			function account_create($loginname=''
249			,$pw=''
250			,$ldap_id=''
251			,$realname=''
252			,$register_purpose=''
253			,$email=''
254			,$status='P'
255			,$confirm_hash=''
256			,$mail_site=0
257			,$mail_va=0
258			,$timezone='GMT'
259			,$lang_id='en_US'
260			,$unix_status='N'
261			,$expiry_date=0
262			) {
263			$um = UserManager::instance();
264			$user = new PFUser();
265			$user->setUserName($loginname);
266			$user->setRealName($realname);
267			$user->setPassword($pw);
268			$user->setLdapId($ldap_id);
269			$user->setRegisterPurpose($register_purpose);
270			$user->setEmail($email);
271			$user->setStatus($status);
272			$user->setConfirmHash($confirm_hash);
273			$user->setMailSiteUpdates($mail_site);
274			$user->setMailVA($mail_va);
275			$user->setTimezone($timezone);
276			$user->setLanguageID($lang_id);
277			$user->setUnixStatus($unix_status);
278			$user->setExpiryDate($expiry_date);
279
280			$u = $um->createAccount($user);
281			if ($u) {
282			return $u->getId();
283			} else {
284			return $u;
285			}
286			}
287			function account_create_mypage($user_id) {
288			$um = UserManager::instance();
289			return $um->accountCreateMyPage($user_id);
290			}
291
292			function account_redirect_after_login() {
293			global $pv;
294
295			$request = HTTPRequest::instance();
296
297			$em = EventManager::instance();
298			$em->processEvent('account_redirect_after_login', array('request' => $request));
299
300			if($request->existAndNonEmpty('return_to')) {
301			$returnToToken = parse_url($request->get('return_to'));
302			if(preg_match('{/my(/\|/index.php\|)}i', $returnToToken['path'])) {
303			util_return_to('/my/index.php');
304			}
305			else {
306			util_return_to('/my/redirect.php');
307			}
308			}
309			else {
310			if (isset($pv) && $pv == 2) {
311			util_return_to('/my/index.php?pv=2');
312			} else {
313			util_return_to('/my/index.php');
314			}
315			}
316			}
317
318			?>
319

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/www/include/account.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like