Issues in login.class.php - All Issues - Inspection of "Merge pull request #696 from teiling88/adding-php-..." - OpencachingDeutschland/oc-server3 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( 1b87d2...43bb99 )

by Thomas

created 2017-11-23 14:36 UTC

htdocs/lib/login.class.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/***************************************************************************
 * For license information see LICENSE.md
 * see lib2/login.class.php. !!
 ***************************************************************************/

// unknown error occurred
define('LOGIN_UNKNOWN_ERROR', -1);
// login succeeded
define('LOGIN_OK', 0);
// bad username or password
define('LOGIN_BADUSERPW', 1);
// too many login attempts in short time
define('LOGIN_TOOMUCHLOGINS', 2);
// the user account locked
define('LOGIN_USERNOTACTIVE', 3);
// given username/password was empty
define('LOGIN_EMPTY_USERPASSWORD', 4);
// logout was successfully
define('LOGIN_LOGOUT_OK', 5);

// login times in seconds
define('LOGIN_TIME', 60 * 60);
define('LOGIN_TIME_PERMANENT', 90 * 24 * 60 * 60);

$login = new login();

class login
namespace YourVendor;

class YourClass { }
{
    public $userid = 0;
    public $username = '';
    public $permanent = false;
    public $lastlogin = '';
    public $sessionid = '';
    public $admin = 0;
    public $verified = false;

    public function __construct()
    {
        global $cookie;

        if ($cookie->is_set('userid') && $cookie->is_set('username')) {
            $this->userid = $cookie->get('userid') + 0;
            $this->username = $cookie->get('username');
            $this->permanent = (($cookie->get('permanent') + 0) == 1);
            $this->lastlogin = $cookie->get('lastlogin');
            $this->sessionid = $cookie->get('sessionid');
            $this->verified = false;

            $this->verify();
        } else {
            $this->pClear();
        }
    }

    public function pClear()
    {
        // set to no valid login
        $this->userid = 0;
        $this->username = '';
        $this->permanent = false;
        $this->lastlogin = '';
        $this->sessionid = '';
        $this->admin = 0;
        $this->verified = true;

        $this->pStoreCookie();
    }

    public function pStoreCookie()
    {
        global $cookie;
        $cookie->set('userid', $this->userid);
        $cookie->set('username', $this->username);
        $cookie->set('permanent', ($this->permanent == true ? 1 : 0));
        $cookie->set('lastlogin', $this->lastlogin);
        $cookie->set('sessionid', $this->sessionid);
    }

    public function verify()
    {
        global $locale, $opt;

        if ($this->verified == true) {
            return;
        }

        if ($this->userid == 0) {
            $this->pClear();

            return;
        }

        if ($this->checkLoginsCount() == false) {
            $this->pClear();

            return;
        }

        $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
        $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);

        $rs = sql(
            "SELECT `sys_sessions`.`last_login`, `user`.`admin`
             FROM &db.`sys_sessions`, &db.`user`
             WHERE `sys_sessions`.`user_id`=`user`.`user_id`
             AND `user`.`is_active_flag`=1
             AND `sys_sessions`.`uuid`='&1'
             AND `sys_sessions`.`user_id`='&2'
             AND ((`sys_sessions`.`permanent`=1
             AND `sys_sessions`.`last_login`>'&3')
             OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))
             ",
            $this->sessionid,
            $this->userid,
            $min_lastlogin_permanent,
            $min_lastlogin
        );

        // sys_session.last_login controls the automatic logout of users at the OC website.
        // user.last_login gives the overall last login date, including OKAPI logins.

        if ($rUser = sql_fetch_assoc($rs)) {
            if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT  / 2 < time())) ||
                (($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME / 2 < time()))
            ) {
                sql(
                    "UPDATE `sys_sessions`
                     SET `sys_sessions`.`last_login`=NOW()
                     WHERE `sys_sessions`.`uuid`='&1'
                     AND `sys_sessions`.`user_id`='&2'",
                    $this->sessionid,
                    $this->userid
                );
                $rUser['last_login'] = date('Y-m-d H:i:s');
            }

            if (isset($locale)) {
                sql(
                    "UPDATE `user`
                     SET `last_login`=NOW(),
                         `language`='&2',
                         `language_guessed` = 0,
                         `domain`='&3'
                     WHERE `user_id`='&1'",
                    $this->userid,
                    $locale,
                    $opt['page']['domain']
                );
            } else {
                sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $this->userid);
            }

            $this->lastlogin = $rUser['last_login'];
            $this->admin = $rUser['admin'];
            $this->verified = true;
        } else {
            // prevent bruteforce
            sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);

            $this->pClear();
        }
        sql_free_result($rs);

        $this->pStoreCookie();
    }

    /**
     * @param int|bool $privilege
     * @return bool
     */
    public function hasAdminPriv($privilege = false)
    {
        $this->verify();

        if ($privilege === false) {
            return $this->admin > 0;
        }

        return ($this->admin & $privilege) == $privilege;
    }

    public function listingAdmin()
    {
        global $opt;

        return $this->hasAdminPriv(ADMIN_LISTING) && $opt['logic']['admin']['enable_listing_admins'];
    }

    public function checkLoginsCount()
    {
        global $opt;

        // cleanup old entries
        // (execute only every 50 search calls)
        if (mt_rand(1, 50) === 1) {
            sql("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600));
        }

        // check the number of login attempts in the last hour ...
        $loginCount = sqlValue(
            "SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape(
                $_SERVER['REMOTE_ADDR']
            ) . "' AND `date_created`>'" . sql_escape(date('Y-m-d H:i:s', time() - 3600)) . "'",
            0
        );
        if ($loginCount > $opt['page']['max_logins_per_hour']) {
            return false;
        }

        return true;
    }
}


1		<?php
2		/***************************************************************************
3		* For license information see LICENSE.md
4		* see lib2/login.class.php. !!
5		***************************************************************************/
6
7		// unknown error occurred
8		define('LOGIN_UNKNOWN_ERROR', -1);
9		// login succeeded
10		define('LOGIN_OK', 0);
11		// bad username or password
12		define('LOGIN_BADUSERPW', 1);
13		// too many login attempts in short time
14		define('LOGIN_TOOMUCHLOGINS', 2);
15		// the user account locked
16		define('LOGIN_USERNOTACTIVE', 3);
17		// given username/password was empty
18		define('LOGIN_EMPTY_USERPASSWORD', 4);
19		// logout was successfully
20		define('LOGIN_LOGOUT_OK', 5);
21
22		// login times in seconds
23		define('LOGIN_TIME', 60 * 60);
24		define('LOGIN_TIME_PERMANENT', 90 * 24 * 60 * 60);
25
26		$login = new login();
27
28		class login
		0 ignored issues – show Coding Style Compatibility introduced 2016-05-24 20:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
29		{
30		public $userid = 0;
31		public $username = '';
32		public $permanent = false;
33		public $lastlogin = '';
34		public $sessionid = '';
35		public $admin = 0;
36		public $verified = false;
37
38	View Code Duplication	public function __construct()
39		{
40		global $cookie;
41
42		if ($cookie->is_set('userid') && $cookie->is_set('username')) {
43		$this->userid = $cookie->get('userid') + 0;
44		$this->username = $cookie->get('username');
45		$this->permanent = (($cookie->get('permanent') + 0) == 1);
46		$this->lastlogin = $cookie->get('lastlogin');
47		$this->sessionid = $cookie->get('sessionid');
48		$this->verified = false;
49
50		$this->verify();
51		} else {
52		$this->pClear();
53		}
54		}
55
56	View Code Duplication	public function pClear()
57		{
58		// set to no valid login
59		$this->userid = 0;
60		$this->username = '';
61		$this->permanent = false;
62		$this->lastlogin = '';
63		$this->sessionid = '';
64		$this->admin = 0;
65		$this->verified = true;
66
67		$this->pStoreCookie();
68		}
69
70	View Code Duplication	public function pStoreCookie()
71		{
72		global $cookie;
73		$cookie->set('userid', $this->userid);
74		$cookie->set('username', $this->username);
75		$cookie->set('permanent', ($this->permanent == true ? 1 : 0));
76		$cookie->set('lastlogin', $this->lastlogin);
77		$cookie->set('sessionid', $this->sessionid);
78		}
79
80		public function verify()
81		{
82		global $locale, $opt;
83
84		if ($this->verified == true) {
85		return;
86		}
87
88		if ($this->userid == 0) {
89		$this->pClear();
90
91		return;
92		}
93
94		if ($this->checkLoginsCount() == false) {
95		$this->pClear();
96
97		return;
98		}
99
100		$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
101		$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
102
103		$rs = sql(
104		"SELECT `sys_sessions`.`last_login`, `user`.`admin`
105		FROM &db.`sys_sessions`, &db.`user`
106		WHERE `sys_sessions`.`user_id`=`user`.`user_id`
107		AND `user`.`is_active_flag`=1
108		AND `sys_sessions`.`uuid`='&1'
109		AND `sys_sessions`.`user_id`='&2'
110		AND ((`sys_sessions`.`permanent`=1
111		AND `sys_sessions`.`last_login`>'&3')
112		OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))
113		",
114		$this->sessionid,
115		$this->userid,
116		$min_lastlogin_permanent,
117		$min_lastlogin
118		);
119
120		// sys_session.last_login controls the automatic logout of users at the OC website.
121		// user.last_login gives the overall last login date, including OKAPI logins.
122
123		if ($rUser = sql_fetch_assoc($rs)) {
124	View Code Duplication	if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT / 2 < time())) \|\|
125		(($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME / 2 < time()))
126		) {
127		sql(
128		"UPDATE `sys_sessions`
129		SET `sys_sessions`.`last_login`=NOW()
130		WHERE `sys_sessions`.`uuid`='&1'
131		AND `sys_sessions`.`user_id`='&2'",
132		$this->sessionid,
133		$this->userid
134		);
135		$rUser['last_login'] = date('Y-m-d H:i:s');
136		}
137
138		if (isset($locale)) {
139		sql(
140		"UPDATE `user`
141		SET `last_login`=NOW(),
142		`language`='&2',
143		`language_guessed` = 0,
144		`domain`='&3'
145		WHERE `user_id`='&1'",
146		$this->userid,
147		$locale,
148		$opt['page']['domain']
149		);
150		} else {
151		sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $this->userid);
152		}
153
154		$this->lastlogin = $rUser['last_login'];
155		$this->admin = $rUser['admin'];
156		$this->verified = true;
157		} else {
158		// prevent bruteforce
159		sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
160
161		$this->pClear();
162		}
163		sql_free_result($rs);
164
165		$this->pStoreCookie();
166		}
167
168		/**
169		* @param int\|bool $privilege
170		* @return bool
171		*/
172	View Code Duplication	public function hasAdminPriv($privilege = false)
173		{
174		$this->verify();
175
176		if ($privilege === false) {
177		return $this->admin > 0;
178		}
179
180		return ($this->admin & $privilege) == $privilege;
181		}
182
183		public function listingAdmin()
184		{
185		global $opt;
186
187		return $this->hasAdminPriv(ADMIN_LISTING) && $opt['logic']['admin']['enable_listing_admins'];
188		}
189
190		public function checkLoginsCount()
191		{
192		global $opt;
193
194		// cleanup old entries
195		// (execute only every 50 search calls)
196	View Code Duplication	if (mt_rand(1, 50) === 1) {
197		sql("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600));
198		}
199
200		// check the number of login attempts in the last hour ...
201		$loginCount = sqlValue(
202		"SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape(
203		$_SERVER['REMOTE_ADDR']
204		) . "' AND `date_created`>'" . sql_escape(date('Y-m-d H:i:s', time() - 3600)) . "'",
205		0
206		);
207		if ($loginCount > $opt['page']['max_logins_per_hour']) {
208		return false;
209		}
210
211		return true;
212		}
213		}
214

OpencachingDeutschland / oc-server3

Push — development ( 1b87d2...43bb99 )

htdocs/lib/login.class.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like