Issues in LoginController.php - New Issues - Inspection of "Php cs fixer" - HuasoFoundries/phpPgAdmin6 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — develop (#92)

by Felipe

created 2018-02-15 19:18 UTC

src/controllers/LoginController.php (2 issues)

Labels

Coding Style 2

Severity

Informational 2

<?php


/*
 * PHPPgAdmin v6.0.0-beta.30
 */

namespace PHPPgAdmin\Controller;

/**
 * Login controller class.
 */
class LoginController extends BaseController
{
    protected $container;
    protected $_connection;

    protected $app;
    protected $data;
    protected $database;
    protected $server_id;
    public $appLangFiles     = [];
    public $appThemes        = [];
    public $appName          = '';
    public $appVersion       = '';
    public $form             = '';
    public $href             = '';
    public $lang             = [];
    public $action           = '';
    public $controller_name  = 'LoginController';
    public $controller_title = 'strlogin';

    /**
     * Default method to render the controller according to the action parameter.
     */
    public function render()
    {
        if (null === $this->container->requestobj->getAttribute('route')) {
            echo $this->doLoginForm();
        } else {
            $body = $this->container->responseobj->getBody();
            $body->write($this->doLoginForm());

            return $this->container->responseobj;
        }
    }

    public function doLoginForm($msg = '')
    {
        $conf = $this->conf;

        $lang = $this->lang;

        $this->misc->setNoDBConnection(true);

        $server_id = $this->container->requestobj->getQueryParam('server');

        if (null === $server_id) {
            $this->prtrace('invalid server param');

            return $this->lang['strinvalidserverparam'];
        }

        $login_html = $this->printHeader($lang[$this->controller_title], $this->scripts, false);
        $login_html .= $this->printBody(false);
        $login_html .= $this->printTrail('root', false);

        if (!empty($_POST)) {
            $vars = &$_POST;
        } else {
            $vars = &$_GET;
        }
        foreach ($_REQUEST as $key => $val) {
            if (false !== strpos($key, '?')) {
                $namexploded               = explode('?', $key);
                $_REQUEST[$namexploded[1]] = htmlspecialchars($val);
            }
        }

        $server_info = $this->misc->getServerInfo($server_id);
        $title       = sprintf($lang['strlogintitle'], $server_info['desc']);

        $printTitle = $this->printTitle($title, null, false);

        $login_html .= $printTitle;

        if (isset($msg)) {
            $login_html .= $this->printMsg($msg, false);
        }

        $login_html .= '<form id="login_form"  method="post" name="login_form" action="'.\SUBFOLDER.'/redirect/server?server='.htmlspecialchars($server_id).'">';

        $md5_server = md5($server_id);
        // Pass request vars through form (is this a security risk???)
        foreach ($vars as $key => $val) {
            if ('login' == substr($key, 0, 5)) {
                continue;
            }
            if (false !== strpos($key, '?')) {
                $key = explode('?', $key)[1];
            }

            $login_html .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($val).'" />'."\n";
        }

        $login_html .= '<input type="hidden" name="loginServer" value="'.htmlspecialchars($server_id).'" />';
        $login_html .= '<table class="navbar" border="0" cellpadding="5" cellspacing="3">';
        $login_html .= '<tr>';
        $login_html .= '<td>'.$lang['strusername'].'</td>';
        $loginusername = isset($_POST['loginUsername']) ? htmlspecialchars($_POST['loginUsername']) : '';

        $login_html .= '<td><input type="text" name="loginUsername" value="'.$loginusername.'" size="24" /></td>';
        $login_html .= '</tr>';
        $login_html .= '<tr>';
        $login_html .= '<td>'.$lang['strpassword'].'</td>';
        $login_html .= '<td><input id="loginPassword" type="password" name="loginPassword_'.$md5_server.'" size="24" /></td>';
        $login_html .= '</tr>';
        $login_html .= '</table>';
        if (sizeof($conf['servers']) > 1) {
            $checked = isset($_POST['loginShared']) ? 'checked="checked"' : '';
            $login_html .= '<p><input type="checkbox" id="loginShared" name="loginShared" '.$checked.' />';
            $login_html .= '<label for="loginShared">'.$lang['strtrycred'].'</label></p>';
        }
        $login_html .= '<p><input type="submit" name="loginSubmit" value="'.$lang['strlogin'].'" /></p>';
        $login_html .= '</form>';

        $login_html .= '<script type="text/javascript">';
        $login_html .= '	var uname = document.login_form.loginUsername;';
        $login_html .= '	var pword = document.login_form.loginPassword_'.$md5_server.';';
        $login_html .= '	if (uname.value == "") {';
        $login_html .= '		uname.focus();';
        $login_html .= '	} else {';
        $login_html .= '		pword.focus();';
        $login_html .= '	}';
        $login_html .= '</script>';

        // Output footer
        $login_html .= $this->printFooter(false);

        return $login_html;
    }
}


1			<?php
2
			0 ignored issues – show Coding Style introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this You must use "/**" style comments for a file comment Loading history...
3			/*
4			* PHPPgAdmin v6.0.0-beta.30
5			*/
6
7			namespace PHPPgAdmin\Controller;
8
9			/**
10			* Login controller class.
11			*/
12			class LoginController extends BaseController
13			{
14			protected $container;
15			protected $_connection;
			1 ignored issue – show Coding Style introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this Protected member variable `_connection` must not be prefixed with an underscore as per coding-style. Loading history...
16			protected $app;
17			protected $data;
18			protected $database;
19			protected $server_id;
20			public $appLangFiles = [];
21			public $appThemes = [];
22			public $appName = '';
23			public $appVersion = '';
24			public $form = '';
25			public $href = '';
26			public $lang = [];
27			public $action = '';
28			public $controller_name = 'LoginController';
29			public $controller_title = 'strlogin';
30
31			/**
32			* Default method to render the controller according to the action parameter.
33			*/
34			public function render()
35			{
36			if (null === $this->container->requestobj->getAttribute('route')) {
37			echo $this->doLoginForm();
38			} else {
39			$body = $this->container->responseobj->getBody();
40			$body->write($this->doLoginForm());
41
42			return $this->container->responseobj;
43			}
44			}
45
46			public function doLoginForm($msg = '')
47			{
48			$conf = $this->conf;
49
50			$lang = $this->lang;
51
52			$this->misc->setNoDBConnection(true);
53
54			$server_id = $this->container->requestobj->getQueryParam('server');
55
56			if (null === $server_id) {
57			$this->prtrace('invalid server param');
58
59			return $this->lang['strinvalidserverparam'];
60			}
61
62			$login_html = $this->printHeader($lang[$this->controller_title], $this->scripts, false);
63			$login_html .= $this->printBody(false);
64			$login_html .= $this->printTrail('root', false);
65
66			if (!empty($_POST)) {
67			$vars = &$_POST;
68			} else {
69			$vars = &$_GET;
70			}
71			foreach ($_REQUEST as $key => $val) {
72			if (false !== strpos($key, '?')) {
73			$namexploded = explode('?', $key);
74			$_REQUEST[$namexploded[1]] = htmlspecialchars($val);
75			}
76			}
77
78			$server_info = $this->misc->getServerInfo($server_id);
79			$title = sprintf($lang['strlogintitle'], $server_info['desc']);
80
81			$printTitle = $this->printTitle($title, null, false);
82
83			$login_html .= $printTitle;
84
85			if (isset($msg)) {
86			$login_html .= $this->printMsg($msg, false);
87			}
88
89			$login_html .= '<form id="login_form" method="post" name="login_form" action="'.\SUBFOLDER.'/redirect/server?server='.htmlspecialchars($server_id).'">';
90
91			$md5_server = md5($server_id);
92			// Pass request vars through form (is this a security risk???)
93			foreach ($vars as $key => $val) {
94			if ('login' == substr($key, 0, 5)) {
95			continue;
96			}
97			if (false !== strpos($key, '?')) {
98			$key = explode('?', $key)[1];
99			}
100
101			$login_html .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($val).'" />'."\n";
102			}
103
104			$login_html .= '<input type="hidden" name="loginServer" value="'.htmlspecialchars($server_id).'" />';
105			$login_html .= '<table class="navbar" border="0" cellpadding="5" cellspacing="3">';
106			$login_html .= '<tr>';
107			$login_html .= '<td>'.$lang['strusername'].'</td>';
108			$loginusername = isset($_POST['loginUsername']) ? htmlspecialchars($_POST['loginUsername']) : '';
109
110			$login_html .= '<td><input type="text" name="loginUsername" value="'.$loginusername.'" size="24" /></td>';
111			$login_html .= '</tr>';
112			$login_html .= '<tr>';
113			$login_html .= '<td>'.$lang['strpassword'].'</td>';
114			$login_html .= '<td><input id="loginPassword" type="password" name="loginPassword_'.$md5_server.'" size="24" /></td>';
115			$login_html .= '</tr>';
116			$login_html .= '</table>';
117			if (sizeof($conf['servers']) > 1) {
118			$checked = isset($_POST['loginShared']) ? 'checked="checked"' : '';
119			$login_html .= '<p><input type="checkbox" id="loginShared" name="loginShared" '.$checked.' />';
120			$login_html .= '<label for="loginShared">'.$lang['strtrycred'].'</label></p>';
121			}
122			$login_html .= '<p><input type="submit" name="loginSubmit" value="'.$lang['strlogin'].'" /></p>';
123			$login_html .= '</form>';
124
125			$login_html .= '<script type="text/javascript">';
126			$login_html .= ' var uname = document.login_form.loginUsername;';
127			$login_html .= ' var pword = document.login_form.loginPassword_'.$md5_server.';';
128			$login_html .= ' if (uname.value == "") {';
129			$login_html .= ' uname.focus();';
130			$login_html .= ' } else {';
131			$login_html .= ' pword.focus();';
132			$login_html .= ' }';
133			$login_html .= '</script>';
134
135			// Output footer
136			$login_html .= $this->printFooter(false);
137
138			return $login_html;
139			}
140			}
141

HuasoFoundries / phpPgAdmin6

Pull Request — develop (#92)

src/controllers/LoginController.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like