Issues in LoginController.php - New Issues - Inspection of "Merge pull request #104 from HuasoFoundries/analys..." - HuasoFoundries/phpPgAdmin6 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 442876...4ec1bc )

by Felipe

created 2018-03-09 23:17 UTC

src/controllers/LoginController.php (2 issues)

Labels

Coding Style 2

Severity

Informational 2

<?php


/*
 * PHPPgAdmin v6.0.0-beta.30
 */

namespace PHPPgAdmin\Controller;

/**
 * Login controller class.
 */
class LoginController extends BaseController
{
    protected $container;
    protected $_connection;

    protected $app;
    protected $data;
    protected $database;
    protected $server_id;
    public $appLangFiles     = [];
    public $appThemes        = [];
    public $appName          = '';
    public $appVersion       = '';
    public $form             = '';
    public $href             = '';
    public $lang             = [];
    public $action           = '';
    public $controller_name  = 'LoginController';
    public $controller_title = 'strlogin';

    /**
     * Default method to render the controller according to the action parameter.
     */
    public function render()
    {
        if (null === $this->container->requestobj->getAttribute('route')) {
            echo $this->doLoginForm();
        } else {
            $body = $this->container->responseobj->getBody();
            $body->write($this->doLoginForm());

            return $this->container->responseobj;
        }
    }

    public function doLoginForm($msg = '')
    {
        $lang = $this->lang;

        $this->misc->setNoDBConnection(true);

        $server_id = $this->container->requestobj->getQueryParam('server');

        if (null === $server_id) {
            $this->prtrace('invalid server param');

            return $this->lang['strinvalidserverparam'];
        }

        $login_html = $this->printHeader($lang[$this->controller_title], $this->scripts, false);
        $login_html .= $this->printBody(false);
        $login_html .= $this->printTrail('root', false);

        if (!empty($_POST)) {
            $vars = &$_POST;
        } else {
            $vars = &$_GET;
        }
        foreach ($_REQUEST as $key => $val) {
            if (false !== strpos($key, '?')) {
                $namexploded               = explode('?', $key);
                $_REQUEST[$namexploded[1]] = htmlspecialchars($val);
            }
        }

        $server_info = $this->misc->getServerInfo($server_id);
        $title       = sprintf($lang['strlogintitle'], $server_info['desc']);

        $printTitle = $this->printTitle($title, null, false);

        $login_html .= $printTitle;

        if (isset($msg)) {
            $login_html .= $this->printMsg($msg, false);
        }

        $login_html .= '<form id="login_form"  method="post" name="login_form" action="' . \SUBFOLDER . '/redirect/server?server=' . htmlspecialchars($server_id) . '">';

        $md5_server = md5($server_id);
        // Pass request vars through form (is this a security risk???)
        foreach ($vars as $key => $val) {
            if ('login' == substr($key, 0, 5)) {
                continue;
            }
            if (false !== strpos($key, '?')) {
                $key = explode('?', $key)[1];
            }

            $login_html .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '" />' . "\n";
        }

        $login_html .= '<input type="hidden" name="loginServer" value="' . htmlspecialchars($server_id) . '" />';
        $login_html .= '<table class="navbar" border="0" cellpadding="5" cellspacing="3">';
        $login_html .= '<tr>';
        $login_html .= '<td>' . $lang['strusername'] . '</td>';
        $loginusername = isset($_POST['loginUsername']) ? htmlspecialchars($_POST['loginUsername']) : '';

        $login_html .= '<td><input type="text" name="loginUsername" value="' . $loginusername . '" size="24" /></td>';
        $login_html .= '</tr>';
        $login_html .= '<tr>';
        $login_html .= '<td>' . $lang['strpassword'] . '</td>';
        $login_html .= '<td><input id="loginPassword" type="password" name="loginPassword_' . $md5_server . '" size="24" /></td>';
        $login_html .= '</tr>';
        $login_html .= '</table>';
        if (sizeof($this->conf['servers']) > 1) {
            $checked = isset($_POST['loginShared']) ? 'checked="checked"' : '';
            $login_html .= '<p><input type="checkbox" id="loginShared" name="loginShared" ' . $checked . ' />';
            $login_html .= '<label for="loginShared">' . $lang['strtrycred'] . '</label></p>';
        }
        $login_html .= '<p><input type="submit" name="loginSubmit" value="' . $lang['strlogin'] . '" /></p>';
        $login_html .= '</form>';

        $login_html .= '<script type="text/javascript">';
        $login_html .= '	var uname = document.login_form.loginUsername;';
        $login_html .= '	var pword = document.login_form.loginPassword_' . $md5_server . ';';
        $login_html .= '	if (uname.value == "") {';
        $login_html .= '		uname.focus();';
        $login_html .= '	} else {';
        $login_html .= '		pword.focus();';
        $login_html .= '	}';
        $login_html .= '</script>';

        // Output footer
        $login_html .= $this->printFooter(false);

        return $login_html;
    }
}


1			<?php
2
			0 ignored issues – show Coding Style introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this You must use "/**" style comments for a file comment Loading history...
3			/*
4			* PHPPgAdmin v6.0.0-beta.30
5			*/
6
7			namespace PHPPgAdmin\Controller;
8
9			/**
10			* Login controller class.
11			*/
12			class LoginController extends BaseController
13			{
14			protected $container;
15			protected $_connection;
			1 ignored issue – show Coding Style introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this Protected member variable `_connection` must not be prefixed with an underscore as per coding-style. Loading history...
16			protected $app;
17			protected $data;
18			protected $database;
19			protected $server_id;
20			public $appLangFiles = [];
21			public $appThemes = [];
22			public $appName = '';
23			public $appVersion = '';
24			public $form = '';
25			public $href = '';
26			public $lang = [];
27			public $action = '';
28			public $controller_name = 'LoginController';
29			public $controller_title = 'strlogin';
30
31			/**
32			* Default method to render the controller according to the action parameter.
33			*/
34			public function render()
35			{
36			if (null === $this->container->requestobj->getAttribute('route')) {
37			echo $this->doLoginForm();
38			} else {
39			$body = $this->container->responseobj->getBody();
40			$body->write($this->doLoginForm());
41
42			return $this->container->responseobj;
43			}
44			}
45
46			public function doLoginForm($msg = '')
47			{
48			$lang = $this->lang;
49
50			$this->misc->setNoDBConnection(true);
51
52			$server_id = $this->container->requestobj->getQueryParam('server');
53
54			if (null === $server_id) {
55			$this->prtrace('invalid server param');
56
57			return $this->lang['strinvalidserverparam'];
58			}
59
60			$login_html = $this->printHeader($lang[$this->controller_title], $this->scripts, false);
61			$login_html .= $this->printBody(false);
62			$login_html .= $this->printTrail('root', false);
63
64			if (!empty($_POST)) {
65			$vars = &$_POST;
66			} else {
67			$vars = &$_GET;
68			}
69			foreach ($_REQUEST as $key => $val) {
70			if (false !== strpos($key, '?')) {
71			$namexploded = explode('?', $key);
72			$_REQUEST[$namexploded[1]] = htmlspecialchars($val);
73			}
74			}
75
76			$server_info = $this->misc->getServerInfo($server_id);
77			$title = sprintf($lang['strlogintitle'], $server_info['desc']);
78
79			$printTitle = $this->printTitle($title, null, false);
80
81			$login_html .= $printTitle;
82
83			if (isset($msg)) {
84			$login_html .= $this->printMsg($msg, false);
85			}
86
87			$login_html .= '<form id="login_form" method="post" name="login_form" action="' . \SUBFOLDER . '/redirect/server?server=' . htmlspecialchars($server_id) . '">';
88
89			$md5_server = md5($server_id);
90			// Pass request vars through form (is this a security risk???)
91			foreach ($vars as $key => $val) {
92			if ('login' == substr($key, 0, 5)) {
93			continue;
94			}
95			if (false !== strpos($key, '?')) {
96			$key = explode('?', $key)[1];
97			}
98
99			$login_html .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '" />' . "\n";
100			}
101
102			$login_html .= '<input type="hidden" name="loginServer" value="' . htmlspecialchars($server_id) . '" />';
103			$login_html .= '<table class="navbar" border="0" cellpadding="5" cellspacing="3">';
104			$login_html .= '<tr>';
105			$login_html .= '<td>' . $lang['strusername'] . '</td>';
106			$loginusername = isset($_POST['loginUsername']) ? htmlspecialchars($_POST['loginUsername']) : '';
107
108			$login_html .= '<td><input type="text" name="loginUsername" value="' . $loginusername . '" size="24" /></td>';
109			$login_html .= '</tr>';
110			$login_html .= '<tr>';
111			$login_html .= '<td>' . $lang['strpassword'] . '</td>';
112			$login_html .= '<td><input id="loginPassword" type="password" name="loginPassword_' . $md5_server . '" size="24" /></td>';
113			$login_html .= '</tr>';
114			$login_html .= '</table>';
115			if (sizeof($this->conf['servers']) > 1) {
116			$checked = isset($_POST['loginShared']) ? 'checked="checked"' : '';
117			$login_html .= '<p><input type="checkbox" id="loginShared" name="loginShared" ' . $checked . ' />';
118			$login_html .= '<label for="loginShared">' . $lang['strtrycred'] . '</label></p>';
119			}
120			$login_html .= '<p><input type="submit" name="loginSubmit" value="' . $lang['strlogin'] . '" /></p>';
121			$login_html .= '</form>';
122
123			$login_html .= '<script type="text/javascript">';
124			$login_html .= ' var uname = document.login_form.loginUsername;';
125			$login_html .= ' var pword = document.login_form.loginPassword_' . $md5_server . ';';
126			$login_html .= ' if (uname.value == "") {';
127			$login_html .= ' uname.focus();';
128			$login_html .= ' } else {';
129			$login_html .= ' pword.focus();';
130			$login_html .= ' }';
131			$login_html .= '</script>';
132
133			// Output footer
134			$login_html .= $this->printFooter(false);
135
136			return $login_html;
137			}
138			}
139

HuasoFoundries / phpPgAdmin6

Push — master ( 442876...4ec1bc )

src/controllers/LoginController.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like