ChangePasswordCustomSqlDriver - Code Metrics - Inspection of "Custom SQL password plugin - SQL injection vulnera..." - RainLoop/rainloop-webmail - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1791)

unknown

created 2018-10-20 16:12 UTC

ChangePasswordCustomSqlDriver A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	235
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	0

Importance

Changes

Metric	Value
dl	0
loc	235
rs	10
c	0
b	0
f	0
wmc	20
lcom	1
cbo	0

9 Methods

Rating	Name	Size	Complexity
A	SetmHost()	5	1
A	SetmUser()	5	1
A	SetmPass()	5	1
A	SetmDatabase()	5	1
A	SetmTable()	5	1
A	SetmSql()	5	1
A	SetLogger()	9	2
A	PasswordChangePossibility()	4	2
C	ChangePassword()	99	10

<?php

class ChangePasswordCustomSqlDriver implements \RainLoop\Providers\ChangePassword\ChangePasswordInterface
{
	/**
	 * @var string
	 */
	private $mHost = '127.0.0.1';

	/**
	 * @var string
	 */
	private $mUser = '';

	/**
	 * @var string
	 */
	private $mPass = '';

	/**
	 * @var string
	 */
	private $mDatabase = '';

	/**
	 * @var string
	 */
	private $mTable = '';

	/**
	 * @var string
	 */
	private $mSql = '';

	/**
	 * @var \MailSo\Log\Logger
	 */
	private $oLogger = null;

	/**
	 * @param string $mHost
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmHost($mHost)
	{
		$this->mHost = $mHost;
		return $this;
	}

	/**
	 * @param string $mUser
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmUser($mUser)
	{
		$this->mUser = $mUser;
		return $this;
	}

	/**
	 * @param string $mPass
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmPass($mPass)
	{
		$this->mPass = $mPass;
		return $this;
	}

	/**
	 * @param string $mDatabase
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmDatabase($mDatabase)
	{
		$this->mDatabase = $mDatabase;
		return $this;
	}

	/**
	 * @param string $mTable
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmTable($mTable)
	{
		$this->mTable = $mTable;
		return $this;
	}

	/**
	 * @param string $mSql
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetmSql($mSql)
	{
		$this->mSql = $mSql;
		return $this;
	}

	/**
	 * @param \MailSo\Log\Logger $oLogger
	 *
	 * @return \ChangePasswordCustomSqlDriver
	 */
	public function SetLogger($oLogger)
	{
		if ($oLogger instanceof \MailSo\Log\Logger)
if ($x instanceof DoesNotExist) {
    // Do something.
}
		{
			$this->oLogger = $oLogger;
		}

		return $this;
	}

	/**
	 * @param \RainLoop\Account $oAccount
	 *
	 * @return bool
	 */
	public function PasswordChangePossibility($oAccount)
	{
		return $oAccount && $oAccount->Email();
	}

	/**
	 * @param \RainLoop\Account $oAccount
	 * @param string $sPrevPassword
	 * @param string $sNewPassword
	 *
	 * @return bool
	 */
	public function ChangePassword(\RainLoop\Account $oAccount, $sPrevPassword, $sNewPassword)
	{
		if ($this->oLogger)
		{
			$this->oLogger->Write('Try to change password for '.$oAccount->Email());
		}

		$bResult = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

		$dsn = 'mysql:host='.$this->mHost.';dbname='.$this->mDatabase.';charset=utf8';
		$options = array(
			PDO::ATTR_EMULATE_PREPARES  => true,
			PDO::ATTR_PERSISTENT        => true,
			PDO::ATTR_ERRMODE           => PDO::ERRMODE_EXCEPTION
		);

		try
		{
			$conn = new PDO($dsn,$this->mUser,$this->mPass,$options);

			//prepare SQL varaibles
			$sEmail = $oAccount->Email();
			$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
			$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);

			// some variables cannot be prepared
			$this->mSql = str_replace(array(
				':table'
			), array(
				$this->mTable
			), $this->mSql);

			$placeholders = array(
				':email' => $sEmail,
				':oldpass' => $sPrevPassword, 
				':newpass' => $sNewPassword, 
				':domain' => $sEmailDomain, 
				':username' => $sEmailUser
			);

			// we have to check that all placehoders are used in the query, passing any unused placeholders will generate an error
			$used_placeholders = array();

			foreach($placeholders as $placeholder => $value) {
				if(preg_match_all('/'.$placeholder . '(?![a-zA-Z0-9\-])'.'/', $this->mSql) === 1) {
					// backwards-compabitibility: remove single and double quotes around placeholders
					$this->mSql = str_replace('`'.$placeholder.'`', $placeholder, $this->mSql);
					$this->mSql = str_replace("'".$placeholder."'", $placeholder, $this->mSql);
					$this->mSql = str_replace('"'.$placeholder.'"', $placeholder, $this->mSql);
					$used_placeholders[$placeholder] = $value;
				}
			}

			$statement = $conn->prepare($this->mSql);

			// everything is ready (hopefully), bind the values
			foreach($used_placeholders as $placeholder => $value) {
				$statement->bindValue($placeholder, $value);
			}

			// and execute
			$mSqlReturn = $statement->execute();

			/* can be used for debugging
			ob_start();
			$statement->debugDumpParams();
			$r = ob_get_contents();
			ob_end_clean();
			$this->oLogger->Write($r);
			*/

			if ($mSqlReturn == true)
			{
				$bResult = true;
				if ($this->oLogger)
				{
					$this->oLogger->Write('Success! Password changed.');
				}
			}
			else
			{
				$bResult = false;
				if ($this->oLogger)
				{
					$this->oLogger->Write('Something went wrong. Either current password is incorrect, or new password does not match criteria.');
				}
			}
		}
		catch (\Exception $oException)
		{
			$bResult = false;
			if ($this->oLogger)
			{
				$this->oLogger->WriteException($oException);
			}
		}

		return $bResult;
	}
}


Pull Request — master (#1791)

ChangePasswordCustomSqlDriver A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

9 Methods

1. Missing dependencies

2. Missing use statement

1			<?php
2
3			class ChangePasswordCustomSqlDriver implements \RainLoop\Providers\ChangePassword\ChangePasswordInterface
4			{
5			/**
6			* @var string
7			*/
8			private $mHost = '127.0.0.1';
9
10			/**
11			* @var string
12			*/
13			private $mUser = '';
14
15			/**
16			* @var string
17			*/
18			private $mPass = '';
19
20			/**
21			* @var string
22			*/
23			private $mDatabase = '';
24
25			/**
26			* @var string
27			*/
28			private $mTable = '';
29
30			/**
31			* @var string
32			*/
33			private $mSql = '';
34
35			/**
36			* @var \MailSo\Log\Logger
37			*/
38			private $oLogger = null;
39
40			/**
41			* @param string $mHost
42			*
43			* @return \ChangePasswordCustomSqlDriver
44			*/
45			public function SetmHost($mHost)
46			{
47			$this->mHost = $mHost;
48			return $this;
49			}
50
51			/**
52			* @param string $mUser
53			*
54			* @return \ChangePasswordCustomSqlDriver
55			*/
56			public function SetmUser($mUser)
57			{
58			$this->mUser = $mUser;
59			return $this;
60			}
61
62			/**
63			* @param string $mPass
64			*
65			* @return \ChangePasswordCustomSqlDriver
66			*/
67			public function SetmPass($mPass)
68			{
69			$this->mPass = $mPass;
70			return $this;
71			}
72
73			/**
74			* @param string $mDatabase
75			*
76			* @return \ChangePasswordCustomSqlDriver
77			*/
78			public function SetmDatabase($mDatabase)
79			{
80			$this->mDatabase = $mDatabase;
81			return $this;
82			}
83
84			/**
85			* @param string $mTable
86			*
87			* @return \ChangePasswordCustomSqlDriver
88			*/
89			public function SetmTable($mTable)
90			{
91			$this->mTable = $mTable;
92			return $this;
93			}
94
95			/**
96			* @param string $mSql
97			*
98			* @return \ChangePasswordCustomSqlDriver
99			*/
100			public function SetmSql($mSql)
101			{
102			$this->mSql = $mSql;
103			return $this;
104			}
105
106			/**
107			* @param \MailSo\Log\Logger $oLogger
108			*
109			* @return \ChangePasswordCustomSqlDriver
110			*/
111			public function SetLogger($oLogger)
112			{
113			if ($oLogger instanceof \MailSo\Log\Logger)
			0 ignored issues – show Bug introduced 2017-10-06 18:56 UTC by Report Bug Copy Issue Report The class `MailSo\Log\Logger` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
114			{
115			$this->oLogger = $oLogger;
116			}
117
118			return $this;
119			}
120
121			/**
122			* @param \RainLoop\Account $oAccount
123			*
124			* @return bool
125			*/
126			public function PasswordChangePossibility($oAccount)
127			{
128			return $oAccount && $oAccount->Email();
129			}
130
131			/**
132			* @param \RainLoop\Account $oAccount
133			* @param string $sPrevPassword
134			* @param string $sNewPassword
135			*
136			* @return bool
137			*/
138			public function ChangePassword(\RainLoop\Account $oAccount, $sPrevPassword, $sNewPassword)
139			{
140			if ($this->oLogger)
141			{
142			$this->oLogger->Write('Try to change password for '.$oAccount->Email());
143			}
144
145			$bResult = false;
			0 ignored issues – show Unused Code introduced 2017-10-06 18:56 UTC by Report Bug Copy Issue Report `$bResult` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
146
147			$dsn = 'mysql:host='.$this->mHost.';dbname='.$this->mDatabase.';charset=utf8';
148			$options = array(
149			PDO::ATTR_EMULATE_PREPARES => true,
150			PDO::ATTR_PERSISTENT => true,
151			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
152			);
153
154			try
155			{
156			$conn = new PDO($dsn,$this->mUser,$this->mPass,$options);
157
158			//prepare SQL varaibles
159			$sEmail = $oAccount->Email();
160			$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
161			$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);
162
163			// some variables cannot be prepared
164			$this->mSql = str_replace(array(
165			':table'
166			), array(
167			$this->mTable
168			), $this->mSql);
169
170			$placeholders = array(
171			':email' => $sEmail,
172			':oldpass' => $sPrevPassword,
173			':newpass' => $sNewPassword,
174			':domain' => $sEmailDomain,
175			':username' => $sEmailUser
176			);
177
178			// we have to check that all placehoders are used in the query, passing any unused placeholders will generate an error
179			$used_placeholders = array();
180
181			foreach($placeholders as $placeholder => $value) {
182			if(preg_match_all('/'.$placeholder . '(?![a-zA-Z0-9\-])'.'/', $this->mSql) === 1) {
183			// backwards-compabitibility: remove single and double quotes around placeholders
184			$this->mSql = str_replace('`'.$placeholder.'`', $placeholder, $this->mSql);
185			$this->mSql = str_replace("'".$placeholder."'", $placeholder, $this->mSql);
186			$this->mSql = str_replace('"'.$placeholder.'"', $placeholder, $this->mSql);
187			$used_placeholders[$placeholder] = $value;
188			}
189			}
190
191			$statement = $conn->prepare($this->mSql);
192
193			// everything is ready (hopefully), bind the values
194			foreach($used_placeholders as $placeholder => $value) {
195			$statement->bindValue($placeholder, $value);
196			}
197
198			// and execute
199			$mSqlReturn = $statement->execute();
200
201			/* can be used for debugging
202			ob_start();
203			$statement->debugDumpParams();
204			$r = ob_get_contents();
205			ob_end_clean();
206			$this->oLogger->Write($r);
207			*/
208
209			if ($mSqlReturn == true)
210			{
211			$bResult = true;
212			if ($this->oLogger)
213			{
214			$this->oLogger->Write('Success! Password changed.');
215			}
216			}
217			else
218			{
219			$bResult = false;
220			if ($this->oLogger)
221			{
222			$this->oLogger->Write('Something went wrong. Either current password is incorrect, or new password does not match criteria.');
223			}
224			}
225			}
226			catch (\Exception $oException)
227			{
228			$bResult = false;
229			if ($this->oLogger)
230			{
231			$this->oLogger->WriteException($oException);
232			}
233			}
234
235			return $bResult;
236			}
237			}
238

RainLoop / rainloop-webmail

Pull Request — master (#1791)

ChangePasswordCustomSqlDriver A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

9 Methods

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like