Plugin_HTTPAuth_HTTPAuth::headerEvent() - Code Metrics - JuKu/JuKuCMS - Measure and Improve Code Quality continuously with Scrutinizer

Plugin_HTTPAuth_HTTPAuth::headerEvent() B
last analyzed 2018-09-20 13:04 UTC

↳ Parent: Plugin_HTTPAuth_HTTPAuth

Complexity

Conditions	8
Paths	6

Size

Total Lines	55
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	8
eloc	25
nc	6
nop	0
dl	0
loc	55
rs	8.4444
c	0
b	0
f	0

How to fix Long Method

<?php

/**
 * Copyright (c) 2018 Justin Kuenzel (jukusoft.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


/**
 * Project: RocketCMS
 * License: Apache 2.0 license
 * User: Justin
 * Date: 17.04.2018
 * Time: 14:28
 */

class Plugin_HTTPAuth_HTTPAuth {

	//http://php.net/manual/de/features.http-auth.php

	public static function headerEvent () {
		//get preferences first
		$prefs = new Preferences("plugin_httpauth");

		$activated = $prefs->get("activated", true);

		if (!$activated) {
			return;
		}

		//check, if user is logged in
		if (User::current()->isLoggedIn()) {
			//http auth is not required, because user is already logged in
			return;
		}

		//check, if credentials was already send
		if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
			self::sendHeader($prefs);
		} else {
			$username = $_SERVER['PHP_AUTH_USER'];
			$password = $_SERVER['PHP_AUTH_PW'];

			//try to login
			$res = User::current()->loginByUsername($username, $password);

			if ($res['success'] !== true) {
				//send http header again
				self::sendHeader($prefs);
			} else {
				//login successful, show redirect
				if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) {
					//TODO: check for security issues, maybe we should check if redirect_url is a known domain

					header("Location: " . urldecode($_REQUEST['redirect_url']));

					//flush gzip buffer
					ob_end_flush();

					exit;

				} else {
					//redirect to index page

					//get domain
					$domain = Registry::singleton()->getObject("domain");

					//generate index url
					$index_url = DomainUtils::generateURL($domain->getHomePage());

					header("Location: " . $index_url);

					//flush gzip buffer
					ob_end_flush();

					exit;

				}
			}
		}
	}

	protected static function sendHeader (Preferences $prefs) {
		$realm_name = $prefs->get("realm_name", "Website");

		//send http header, so browser will show a login form
		header('WWW-Authenticate: Basic realm="' . $realm_name . '"');
		header('HTTP/1.0 401 Unauthorized');

		//text which will be sended, if user clicks on abort
		echo $prefs->get("abort_text", "<h1>401 Authorization Required</h1>");

		ob_end_flush();
		exit;

	}

	public static function logoutEvent () {
		//because browser safes http auth credentials by default, we need to do a little trick to clear browser auth cache
		header("Location: " . DomainUtils::getProtocol() . "foo:bar@" . DomainUtils::getBaseURL(true));

		//echo "Location: " . DomainUtils::getProtocol() . "foo:bar@" . DomainUtils::getBaseURL(true);

		exit;
	}

}

?>



1			<?php
2
3			/**
4			* Copyright (c) 2018 Justin Kuenzel (jukusoft.com)
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19
20			/**
21			* Project: RocketCMS
22			* License: Apache 2.0 license
23			* User: Justin
24			* Date: 17.04.2018
25			* Time: 14:28
26			*/
27
28			class Plugin_HTTPAuth_HTTPAuth {
29
30			//http://php.net/manual/de/features.http-auth.php
31
32			public static function headerEvent () {
33			//get preferences first
34			$prefs = new Preferences("plugin_httpauth");
35
36			$activated = $prefs->get("activated", true);
37
38			if (!$activated) {
39			return;
40			}
41
42			//check, if user is logged in
43			if (User::current()->isLoggedIn()) {
44			//http auth is not required, because user is already logged in
45			return;
46			}
47
48			//check, if credentials was already send
49			if (!isset($_SERVER['PHP_AUTH_USER']) \|\| !isset($_SERVER['PHP_AUTH_PW'])) {
50			self::sendHeader($prefs);
51			} else {
52			$username = $_SERVER['PHP_AUTH_USER'];
53			$password = $_SERVER['PHP_AUTH_PW'];
54
55			//try to login
56			$res = User::current()->loginByUsername($username, $password);
57
58			if ($res['success'] !== true) {
59			//send http header again
60			self::sendHeader($prefs);
61			} else {
62			//login successful, show redirect
63			if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) {
64			//TODO: check for security issues, maybe we should check if redirect_url is a known domain
65
66			header("Location: " . urldecode($_REQUEST['redirect_url']));
67
68			//flush gzip buffer
69			ob_end_flush();
70
71			exit;
			0 ignored issues – show Best Practice introduced 2018-04-17 18:10 UTC by Report Bug Copy Issue Report Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
72			} else {
73			//redirect to index page
74
75			//get domain
76			$domain = Registry::singleton()->getObject("domain");
77
78			//generate index url
79			$index_url = DomainUtils::generateURL($domain->getHomePage());
80
81			header("Location: " . $index_url);
82
83			//flush gzip buffer
84			ob_end_flush();
85
86			exit;
			0 ignored issues – show Best Practice introduced 2018-04-17 18:10 UTC by Report Bug Copy Issue Report Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
87			}
88			}
89			}
90			}
91
92			protected static function sendHeader (Preferences $prefs) {
93			$realm_name = $prefs->get("realm_name", "Website");
94
95			//send http header, so browser will show a login form
96			header('WWW-Authenticate: Basic realm="' . $realm_name . '"');
97			header('HTTP/1.0 401 Unauthorized');
98
99			//text which will be sended, if user clicks on abort
100			echo $prefs->get("abort_text", "<h1>401 Authorization Required</h1>");
101
102			ob_end_flush();
103			exit;
			0 ignored issues – show Best Practice introduced 2018-04-17 18:42 UTC by Report Bug Copy Issue Report Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
104			}
105
106			public static function logoutEvent () {
107			//because browser safes http auth credentials by default, we need to do a little trick to clear browser auth cache
108			header("Location: " . DomainUtils::getProtocol() . "foo:bar@" . DomainUtils::getBaseURL(true));
109
110			//echo "Location: " . DomainUtils::getProtocol() . "foo:bar@" . DomainUtils::getBaseURL(true);
111
112			exit;
113			}
114
115			}
116
117			?>
			0 ignored issues – show Best Practice introduced 2018-04-17 18:42 UTC by Report Bug Copy Issue Report It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
118

JuKu / JuKuCMS

Plugin_HTTPAuth_HTTPAuth::headerEvent() B last analyzed 2018-09-20 13:04 UTC

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like

Plugin_HTTPAuth_HTTPAuth::headerEvent() B
last analyzed 2018-09-20 13:04 UTC