This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Check for use of the @return annotation on a constructor.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Login Class Doc Comment |
||
4 | * |
||
5 | * PHP version 5 |
||
6 | * |
||
7 | * @category PHP |
||
8 | * @package Registration-Module |
||
9 | * @author Ankit Jain <[email protected]> |
||
10 | * @license The MIT License (MIT) |
||
11 | * @link https://github.com/ankitjain28may/registration-module |
||
12 | */ |
||
13 | namespace AnkitJain\RegistrationModule; |
||
14 | use AnkitJain\RegistrationModule\Session; |
||
15 | require_once dirname(__DIR__) . '/config/database.php'; |
||
16 | |||
17 | /** |
||
18 | * For Login the User |
||
19 | * |
||
20 | * @category PHP |
||
21 | * @package Registration-Module |
||
22 | * @author Ankit Jain <[email protected]> |
||
23 | * @license The MIT License (MIT) |
||
24 | * @link https://github.com/ankitjain28may/registration-module |
||
25 | */ |
||
26 | class Login |
||
27 | { |
||
28 | /* |
||
29 | |-------------------------------------------------------------------------- |
||
30 | | Login Class |
||
31 | |-------------------------------------------------------------------------- |
||
32 | | |
||
33 | | For Login. |
||
34 | | |
||
35 | */ |
||
36 | |||
37 | protected $flag; |
||
38 | protected $error; |
||
39 | protected $connect; |
||
40 | |||
41 | /** |
||
42 | * Create a new controller instance. |
||
43 | * |
||
44 | * @return void |
||
0 ignored issues
–
show
|
|||
45 | */ |
||
46 | public function __construct() |
||
47 | { |
||
48 | $this->flag = 0; |
||
49 | $this->connect = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); |
||
50 | $this->error = array(); |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * Credentials check for allowing user to login |
||
55 | * |
||
56 | * @param array $data Contains the User Credentials |
||
57 | * |
||
58 | * @return json |
||
59 | */ |
||
60 | public function authLogin($data) |
||
61 | { |
||
62 | $data = $this->emptyValue($data); |
||
63 | |||
64 | $login = $data["login"]; |
||
65 | $password = $data["passLogin"]; |
||
66 | |||
67 | if (preg_match("/^.+[@]{1}.+$/", $login)) { |
||
68 | if (filter_var($login, FILTER_VALIDATE_EMAIL) == false) { |
||
69 | $this->onError("login", " *Enter correct Email address"); |
||
70 | } |
||
71 | } |
||
72 | |||
73 | if ($this->flag == 0) { |
||
74 | $password = md5($password); |
||
75 | $query = " |
||
76 | SELECT * FROM login WHERE email = '$login' or username = '$login' |
||
77 | "; |
||
78 | if ($result = $this->connect->query($query)) { |
||
79 | if ($result->num_rows > 0) { |
||
80 | |||
81 | $row = $result->fetch_assoc(); |
||
82 | $loginID = $row['login_id']; |
||
83 | $query = " |
||
84 | SELECT id FROM register WHERE |
||
85 | id = '$loginID' and |
||
86 | password = '$password' |
||
87 | "; |
||
88 | if ($result = $this->connect->query($query)) { |
||
89 | if ($result->num_rows > 0) { |
||
90 | Session::put('start', $loginID); |
||
91 | return json_encode( |
||
92 | [ |
||
93 | "location" => URL . "/account.php" |
||
94 | ] |
||
95 | ); |
||
96 | } |
||
97 | $this->onError("passLogin", " *Invalid password"); |
||
98 | return json_encode($this->error); |
||
99 | } |
||
100 | return json_encode( |
||
101 | [ |
||
102 | "Error" => "You are not registered, " . $this->connect->error |
||
103 | ] |
||
104 | ); |
||
105 | } |
||
106 | $this->onError("login", " *Invalid username or email"); |
||
107 | return json_encode($this->error); |
||
108 | } |
||
109 | return json_encode( |
||
110 | [ |
||
111 | "Error" => "You are not registered, " . $this->connect->error |
||
112 | ] |
||
113 | ); |
||
114 | } else { |
||
115 | return json_encode($this->error); |
||
116 | } |
||
117 | } |
||
118 | |||
119 | /** |
||
120 | * For generating Error array by key value pair |
||
121 | * |
||
122 | * @param string $key Contains key |
||
123 | * @param string $value Contains the Value for the key |
||
124 | * |
||
125 | * @return void |
||
126 | */ |
||
127 | View Code Duplication | public function onError($key, $value) |
|
128 | { |
||
129 | $this->flag = 1; |
||
130 | $this->error = array_merge( |
||
131 | $this->error, |
||
132 | [ |
||
133 | [ |
||
134 | "key" => $key, |
||
135 | "value" => $value |
||
136 | ] |
||
137 | ] |
||
138 | ); |
||
139 | } |
||
140 | |||
141 | /** |
||
142 | * For checking whether the credentials are empty or not |
||
143 | * |
||
144 | * @param array $data Contains the Credentials |
||
145 | * |
||
146 | * @return array |
||
147 | */ |
||
148 | public function emptyValue($data) |
||
149 | { |
||
150 | $errorCode = array( |
||
151 | "login" => " *Enter the login field", |
||
152 | "passLogin" => " *Enter the password" |
||
153 | ); |
||
154 | |||
155 | View Code Duplication | foreach ($data as $key => $value) { |
|
156 | $data[$key] = trim($data[$key]); |
||
157 | $value = trim($value); |
||
158 | if (empty($value)) { |
||
159 | $this->onError($key, $errorCode[$key]); |
||
160 | } |
||
161 | } |
||
162 | return $data; |
||
163 | } |
||
164 | } |
||
165 |
Adding a
@return
annotation to a constructor is not recommended, since a constructor does not have a meaningful return value.Please refer to the PHP core documentation on constructors.