Issues in loginpage.php (master) - Issues in master - JuKu/JuKuCMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (762)

com.jukusoft.cms.user/classes/loginpage.php (5 issues)

Labels

Severity

<?php

/**
 * Copyright (c) 2018 Justin Kuenzel (jukusoft.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


/**
 * Project: RocketCMS
 * License: Apache 2.0 license
 * User: Justin
 * Date: 19.03.2018
 * Time: 12:33
 */

class LoginPage extends PageType {

	public function getContent() : string {
		$show_form = !User::current()->isLoggedIn();

		$template = new Template("pages/login", Registry::singleton());

		if (isset($_REQUEST['action']) && $_REQUEST['action'] === "login") {
			//try to login

			$username_set = false;
			$mail_set = false;
			$password_set = false;

			if (isset($_POST['username']) && !empty($_POST['username'])) {
				$username_set = true;
			}

			if (isset($_POST['mail']) && !empty($_POST['mail'])) {
				$mail_set = true;
			}

			if (isset($_POST['password']) && !empty($_POST['password'])) {
				$password_set = true;
			}

			if (!$username_set && !$mail_set && !$password_set) {
				//form was not submitted
			} else {
				if (!$username_set && !$mail_set) {
					$template->parse("main.no_username");
					$template->parse("main.no_mail");
				}

				if (!$password_set) {
					$template->parse("main.no_password");
				}
			}

			if (($username_set || $mail_set) && $password_set) {
				//check CSRF token
				if (Security::checkCSRFToken()) {
					//check, if user is already logged in
					if (User::current()->isLoggedIn()) {
						$template->assign("ERROR_TEXT", "User is already logged in!");
						$template->parse("main.error_msg");

						//dont show form, because user is already logged in
						$show_form = false;
					} else {
						//try to login
						$user = User::current();

						if ($username_set) {
							$res = $user->loginByUsername($_REQUEST['username'], $_REQUEST['password']);
						} else {
							$res = $user->loginByMail($_REQUEST['mail'], $_REQUEST['password']);
						}

						if ($res['success'] === true) {
							//login successful, show redirect

							if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) {
								//TODO: check for security issues, maybe we should check if redirect_url is a known domain

								header("Location: " . urldecode($_REQUEST['redirect_url']));

								//flush gzip buffer
								ob_end_flush();

								exit;
interface ReturnsInt {
    public function returnsIntHinted(): int;
}

class MyClass implements ReturnsInt {
    public function returnsIntHinted(): int
    {
        if (foo()) {
            return 123;
        }
        // here: null is implicitly returned
    }
}
							} else {
								//redirect to index page

								//get domain
								$domain = Registry::singleton()->getObject("domain");

								//generate index url
								$index_url = DomainUtils::generateURL($domain->getHomePage());

								header("Location: " . $index_url);

								//flush gzip buffer
								ob_end_flush();

								exit;

							}

							$template->parse("login_successful");
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}

							Events::throwEvent("page_login_successful");

							$show_form = false;
						} else {
							if ($res['error'] === "user_not_exists") {
								$template->assign("ERROR_TEXT", /*"Username doesnt exists!"*/"Wrong credentials!");
								$template->parse("main.error_msg");
							} else if ($res['error'] === "wrong_password") {
								$template->assign("ERROR_TEXT", /*"Wrong password!"*/"Wrong credentials!");
								$template->parse("main.error_msg");
							} else if ($res['error'] === "mail_not_valide") {
								$template->assign("ERROR_TEXT", /*"Mail is not valide!"*/"Wrong credentials!");
								$template->parse("main.error_msg");
							} else {
								$template->assign("ERROR_TEXT", "Unknown error message: " . $res['error']);
								$template->parse("main.error_msg");
							}
						}
					}
				} else {
					$template->assign("ERROR_TEXT", "Wrong CSRF token! Please try to login again!");
					$template->parse("main.error_msg");
				}
			}
		}

		if ($show_form) {//show form
			$template->parse("main.form");
		} else if (User::current()->isLoggedIn()) {
			$template->assign("USERID", User::current()->getID());
			$template->assign("USERNAME", User::current()->getUsername());

			$template->parse("main.already_logged_in");
		}

		//get HTML code
		$template->parse();
		return $template->getCode();
	}

}

?>



1			<?php
2
3			/**
4			* Copyright (c) 2018 Justin Kuenzel (jukusoft.com)
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19
20			/**
21			* Project: RocketCMS
22			* License: Apache 2.0 license
23			* User: Justin
24			* Date: 19.03.2018
25			* Time: 12:33
26			*/
27
28			class LoginPage extends PageType {
29
30			public function getContent() : string {
31			$show_form = !User::current()->isLoggedIn();
32
33			$template = new Template("pages/login", Registry::singleton());
34
35			if (isset($_REQUEST['action']) && $_REQUEST['action'] === "login") {
36			//try to login
37
38			$username_set = false;
39			$mail_set = false;
40			$password_set = false;
41
42			if (isset($_POST['username']) && !empty($_POST['username'])) {
43			$username_set = true;
44			}
45
46			if (isset($_POST['mail']) && !empty($_POST['mail'])) {
47			$mail_set = true;
48			}
49
50			if (isset($_POST['password']) && !empty($_POST['password'])) {
51			$password_set = true;
52			}
53
54			if (!$username_set && !$mail_set && !$password_set) {
55			//form was not submitted
56			} else {
57			if (!$username_set && !$mail_set) {
58			$template->parse("main.no_username");
59			$template->parse("main.no_mail");
60			}
61
62			if (!$password_set) {
63			$template->parse("main.no_password");
64			}
65			}
66
67			if (($username_set \|\| $mail_set) && $password_set) {
68			//check CSRF token
69			if (Security::checkCSRFToken()) {
70			//check, if user is already logged in
71			if (User::current()->isLoggedIn()) {
72			$template->assign("ERROR_TEXT", "User is already logged in!");
73			$template->parse("main.error_msg");
74
75			//dont show form, because user is already logged in
76			$show_form = false;
77			} else {
78			//try to login
79			$user = User::current();
80
81			if ($username_set) {
82			$res = $user->loginByUsername($_REQUEST['username'], $_REQUEST['password']);
83			} else {
84			$res = $user->loginByMail($_REQUEST['mail'], $_REQUEST['password']);
85			}
86
87			if ($res['success'] === true) {
88			//login successful, show redirect
89
90			if (isset($_REQUEST['redirect_url']) && !empty($_REQUEST['redirect_url'])) {
91			//TODO: check for security issues, maybe we should check if redirect_url is a known domain
92
93			header("Location: " . urldecode($_REQUEST['redirect_url']));
94
95			//flush gzip buffer
96			ob_end_flush();
97
98			exit;
			0 ignored issues – show Best Practice introduced 2018-04-02 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history... Bug Best Practice introduced 2018-04-02 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this In this branch, the function will implicitly return `null` which is incompatible with the type-hinted return `string`. Consider adding a return statement or allowing `null` as return value. For hinted functions/methods where all return statements with the correct type are only reachable via conditions, ?null? gets implicitly returned which may be incompatible with the hinted type. Let?s take a look at an example: interface ReturnsInt { public function returnsIntHinted(): int; } class MyClass implements ReturnsInt { public function returnsIntHinted(): int { if (foo()) { return 123; } // here: null is implicitly returned } } Loading history...
99			} else {
100			//redirect to index page
101
102			//get domain
103			$domain = Registry::singleton()->getObject("domain");
104
105			//generate index url
106			$index_url = DomainUtils::generateURL($domain->getHomePage());
107
108			header("Location: " . $index_url);
109
110			//flush gzip buffer
111			ob_end_flush();
112
113			exit;
			0 ignored issues – show Best Practice introduced 2018-04-02 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
114			}
115
116			$template->parse("login_successful");
			0 ignored issues – show Unused Code introduced 2018-04-02 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$template->parse('login_successful')` is not reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
117
118			Events::throwEvent("page_login_successful");
119
120			$show_form = false;
121			} else {
122			if ($res['error'] === "user_not_exists") {
123			$template->assign("ERROR_TEXT", /"Username doesnt exists!"/"Wrong credentials!");
124			$template->parse("main.error_msg");
125			} else if ($res['error'] === "wrong_password") {
126			$template->assign("ERROR_TEXT", /"Wrong password!"/"Wrong credentials!");
127			$template->parse("main.error_msg");
128			} else if ($res['error'] === "mail_not_valide") {
129			$template->assign("ERROR_TEXT", /"Mail is not valide!"/"Wrong credentials!");
130			$template->parse("main.error_msg");
131			} else {
132			$template->assign("ERROR_TEXT", "Unknown error message: " . $res['error']);
133			$template->parse("main.error_msg");
134			}
135			}
136			}
137			} else {
138			$template->assign("ERROR_TEXT", "Wrong CSRF token! Please try to login again!");
139			$template->parse("main.error_msg");
140			}
141			}
142			}
143
144			if ($show_form) {//show form
145			$template->parse("main.form");
146			} else if (User::current()->isLoggedIn()) {
147			$template->assign("USERID", User::current()->getID());
148			$template->assign("USERNAME", User::current()->getUsername());
149
150			$template->parse("main.already_logged_in");
151			}
152
153			//get HTML code
154			$template->parse();
155			return $template->getCode();
156			}
157
158			}
159
160			?>
			0 ignored issues – show Best Practice introduced 2018-04-02 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
161

JuKu / JuKuCMS

Issues (762)

com.jukusoft.cms.user/classes/loginpage.php (5 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like