SecurityUtils::checkAdminPasswordIsDefault() - Code Metrics - Inspection of "Feature/291 admin password reset warning banner" - alphadevx/alpha - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#293)

by John

created 2016-07-21 21:06 UTC

SecurityUtils::checkAdminPasswordIsDefault() A

↳ Parent: SecurityUtils

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
c	1
b	0
f	1
dl	0
loc	6
rs	9.4285
cc	1
eloc	3
nc	1
nop	1

<?php

namespace Alpha\Util\Security;

use Alpha\Util\Config\ConfigProvider;

/**
 * A utility class for carrying out various security tasks.
 *
 * @since 1.2.2
 *
 * @author John Collins <[email protected]>
 * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 * @copyright Copyright (c) 2016, John Collins (founder of Alpha Framework).
 * All rights reserved.
 *
 * <pre>
 * Redistribution and use in source and binary forms, with or
 * without modification, are permitted provided that the
 * following conditions are met:
 *
 * * Redistributions of source code must retain the above
 *   copyright notice, this list of conditions and the
 *   following disclaimer.
 * * Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the
 *   following disclaimer in the documentation and/or other
 *   materials provided with the distribution.
 * * Neither the name of the Alpha Framework nor the names
 *   of its contributors may be used to endorse or promote
 *   products derived from this software without specific
 *   prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 * </pre>
 */
class SecurityUtils
{
    /**
     * Encrypt provided data using mcrypt() with the TripleDES algorithm and the security.encryption.key.
     *
     * @param string $data
     *
     * @return string
     *
     * @since 1.2.2
     */
    public static function encrypt($data)
    {
        $config = ConfigProvider::getInstance();

        $td = mcrypt_module_open('tripledes', '', 'ecb', '');
        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
        mcrypt_generic_init($td, $config->get('security.encryption.key'), $iv);
        $encryptedData = mcrypt_generic($td, $data);
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);

        return $encryptedData;
    }

    /**
     * Decrypt provided data using mcrypt() with the TripleDES algorithm and the security.encryption.key.
     *
     * @param string $data
     *
     * @return string
     *
     * @since 1.2.2
     */
    public static function decrypt($data)
    {
        $config = ConfigProvider::getInstance();

        $td = mcrypt_module_open('tripledes', '', 'ecb', '');
        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);

        return mcrypt_decrypt('tripledes', $config->get('security.encryption.key'), $data, 'ecb', $iv);
    }

    /**
     * Checks to see if the admin password provided matches the default admin password in the config file.
     *
     * @param string $password The encrypted admin password stored in the database.
     *
     * @return boolean
     *
     * @since 2.0.2
     */
    public static function checkAdminPasswordIsDefault($password)
    {
        $config = ConfigProvider::getInstance();

        return password_verify($config->get('app.install.password'), $password);
    }
}


1			<?php
2
3			namespace Alpha\Util\Security;
4
5			use Alpha\Util\Config\ConfigProvider;
6
7			/**
8			* A utility class for carrying out various security tasks.
9			*
10			* @since 1.2.2
11			*
12			* @author John Collins <[email protected]>
13			* @license http://www.opensource.org/licenses/bsd-license.php The BSD License
14			* @copyright Copyright (c) 2016, John Collins (founder of Alpha Framework).
15			* All rights reserved.
16			*
17			* <pre>
18			* Redistribution and use in source and binary forms, with or
19			* without modification, are permitted provided that the
20			* following conditions are met:
21			*
22			* * Redistributions of source code must retain the above
23			* copyright notice, this list of conditions and the
24			* following disclaimer.
25			* * Redistributions in binary form must reproduce the above
26			* copyright notice, this list of conditions and the
27			* following disclaimer in the documentation and/or other
28			* materials provided with the distribution.
29			* * Neither the name of the Alpha Framework nor the names
30			* of its contributors may be used to endorse or promote
31			* products derived from this software without specific
32			* prior written permission.
33			*
34			* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
35			* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
36			* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
37			* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38			* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
39			* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
44			* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
45			* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
46			* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47			* </pre>
48			*/
49			class SecurityUtils
50			{
51			/**
52			* Encrypt provided data using mcrypt() with the TripleDES algorithm and the security.encryption.key.
53			*
54			* @param string $data
55			*
56			* @return string
57			*
58			* @since 1.2.2
59			*/
60			public static function encrypt($data)
61			{
62			$config = ConfigProvider::getInstance();
63
64			$td = mcrypt_module_open('tripledes', '', 'ecb', '');
65			$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
66			mcrypt_generic_init($td, $config->get('security.encryption.key'), $iv);
67			$encryptedData = mcrypt_generic($td, $data);
68			mcrypt_generic_deinit($td);
69			mcrypt_module_close($td);
70
71			return $encryptedData;
72			}
73
74			/**
75			* Decrypt provided data using mcrypt() with the TripleDES algorithm and the security.encryption.key.
76			*
77			* @param string $data
78			*
79			* @return string
80			*
81			* @since 1.2.2
82			*/
83			public static function decrypt($data)
84			{
85			$config = ConfigProvider::getInstance();
86
87			$td = mcrypt_module_open('tripledes', '', 'ecb', '');
88			$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
89
90			return mcrypt_decrypt('tripledes', $config->get('security.encryption.key'), $data, 'ecb', $iv);
91			}
92
93			/**
94			* Checks to see if the admin password provided matches the default admin password in the config file.
95			*
96			* @param string $password The encrypted admin password stored in the database.
97			*
98			* @return boolean
99			*
100			* @since 2.0.2
101			*/
102			public static function checkAdminPasswordIsDefault($password)
103			{
104			$config = ConfigProvider::getInstance();
105
106			return password_verify($config->get('app.install.password'), $password);
107			}
108			}
109

alphadevx / alpha

Pull Request — develop (#293)

SecurityUtils::checkAdminPasswordIsDefault() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like