Issues in auth.php (master) - Issues in master - YOURLS/YOURLS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2756)

includes/auth.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Nic Waller 1

<?php
// No direct call
if( !defined( 'YOURLS_ABSPATH' ) ) die();

$auth = yourls_is_valid_user();

if( $auth !== true ) {

	// API mode, 
	if ( yourls_is_API() ) {
		$format = ( isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml' );
		$callback = ( isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '' );
		yourls_api_output( $format, array(
			'simple' => $auth,
			'message' => $auth,
			'errorCode' => 403,
			'callback' => $callback,
		) );

	// Regular mode
	} else {
		yourls_login_screen( $auth );
	}
	
	die();
}

yourls_do_action( 'auth_successful' );

/*
 * The following code is a shim that helps users store passwords securely in config.php
 * by storing a password hash and removing the plaintext.
 *
 * TODO: Remove this once real user management is implemented
 */
 
// Did we just fail at encrypting passwords ?
if ( isset( $_GET['dismiss'] ) && $_GET['dismiss'] == 'hasherror' ) {

	yourls_update_option( 'defer_hashing_error', time() + 86400 * 7 ); // now + 1 week

} else {

	// Encrypt passwords that are clear text
	if ( !defined( 'YOURLS_NO_HASH_PASSWORD' ) && yourls_has_cleartext_passwords() ) {
		$hash = yourls_hash_passwords_now( YOURLS_CONFIGFILE );
		if ( $hash === true ) {
			// Hashing succesful. Remove flag from DB if any.
			if( yourls_get_option( 'defer_hashing_error' ) )
				yourls_delete_option( 'defer_hashing_error' );
		} else {
			// It failed, display message for first time or if last time was a week ago
			if ( time() > yourls_get_option( 'defer_hashing_error' ) or !yourls_get_option( 'defer_hashing_error' ) ) {
				$message  = yourls_s( 'Could not auto-encrypt passwords. Error was: "%s".', $hash );
				$message .= ' ';
				$message .= yourls_s( '<a href="%s">Get help</a>.', 'http://yourls.org/userpassword' );
				$message .= '</p><p>';
				$message .= yourls_s( '<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror' );
				
				yourls_add_notice( $message );
			}
		}
	}
}

1			<?php
2			// No direct call
3			if( !defined( 'YOURLS_ABSPATH' ) ) die();
4
5			$auth = yourls_is_valid_user();
6
7			if( $auth !== true ) {
8
9			// API mode,
10			if ( yourls_is_API() ) {
11			$format = ( isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml' );
12			$callback = ( isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '' );
13			yourls_api_output( $format, array(
14			'simple' => $auth,
15			'message' => $auth,
16			'errorCode' => 403,
17			'callback' => $callback,
18			) );
19
20			// Regular mode
21			} else {
22			yourls_login_screen( $auth );
23			}
24
25			die();
26			}
27
28			yourls_do_action( 'auth_successful' );
29
30			/*
31			* The following code is a shim that helps users store passwords securely in config.php
32			* by storing a password hash and removing the plaintext.
33			*
34			* TODO: Remove this once real user management is implemented
35			*/
36
37			// Did we just fail at encrypting passwords ?
38			if ( isset( $_GET['dismiss'] ) && $_GET['dismiss'] == 'hasherror' ) {
			0 ignored issues – show Coding Style introduced 2020-06-01 11:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Operator == prohibited; use === instead Loading history...
39			yourls_update_option( 'defer_hashing_error', time() + 86400 * 7 ); // now + 1 week
40
41			} else {
42
43			// Encrypt passwords that are clear text
44			if ( !defined( 'YOURLS_NO_HASH_PASSWORD' ) && yourls_has_cleartext_passwords() ) {
45			$hash = yourls_hash_passwords_now( YOURLS_CONFIGFILE );
46			if ( $hash === true ) {
47			// Hashing succesful. Remove flag from DB if any.
48			if( yourls_get_option( 'defer_hashing_error' ) )
49			yourls_delete_option( 'defer_hashing_error' );
50			} else {
51			// It failed, display message for first time or if last time was a week ago
52			if ( time() > yourls_get_option( 'defer_hashing_error' ) or !yourls_get_option( 'defer_hashing_error' ) ) {
53			$message = yourls_s( 'Could not auto-encrypt passwords. Error was: "%s".', $hash );
54			$message .= ' ';
55			$message .= yourls_s( '<a href="%s">Get help</a>.', 'http://yourls.org/userpassword' );
56			$message .= '</p><p>';
57			$message .= yourls_s( '<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror' );
58
59			yourls_add_notice( $message );
60			}
61			}
62			}
63			}

YOURLS / YOURLS

Issues (2756)

includes/auth.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like