chamilo /
chamilo-lms
| Conditions | 19 |
| Paths | 42 |
| Total Lines | 149 |
| Code Lines | 96 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 96 | public function check_user() |
||
| 97 | { |
||
| 98 | global $_user; |
||
| 99 | $loginFailed = false; |
||
| 100 | |||
| 101 | //change the way we recover the cookie depending on how it is formed |
||
| 102 | $sso = $this->decode_cookie($_GET['sso_cookie']); |
||
| 103 | |||
| 104 | //get token that should have been used and delete it |
||
| 105 | //from session since it can only be used once |
||
| 106 | $sso_challenge = ''; |
||
| 107 | if (isset($_SESSION['sso_challenge'])) { |
||
| 108 | $sso_challenge = $_SESSION['sso_challenge']; |
||
| 109 | unset($_SESSION['sso_challenge']); |
||
| 110 | } |
||
| 111 | |||
| 112 | //lookup the user in the main database |
||
| 113 | $user_table = Database::get_main_table(TABLE_MAIN_USER); |
||
| 114 | $sql = "SELECT id, username, password, auth_source, active, expiration_date, status |
||
| 115 | FROM $user_table |
||
| 116 | WHERE username = '".trim(Database::escape_string($sso['username']))."'"; |
||
| 117 | $result = Database::query($sql); |
||
| 118 | if (Database::num_rows($result) > 0) { |
||
| 119 | $uData = Database::fetch_array($result); |
||
| 120 | //Check the user's password |
||
| 121 | if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { |
||
| 122 | if ($sso['secret'] === sha1($uData['username'].$sso_challenge.api_get_security_key()) |
||
| 123 | && ($sso['username'] == $uData['username'])) { |
||
| 124 | //Check if the account is active (not locked) |
||
| 125 | if ($uData['active'] == '1') { |
||
| 126 | // check if the expiration date has not been reached |
||
| 127 | if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { |
||
| 128 | //If Multiple URL is enabled |
||
| 129 | if (api_get_multiple_access_url()) { |
||
| 130 | //Check the access_url configuration setting if the user is registered in the access_url_rel_user table |
||
| 131 | //Getting the current access_url_id of the platform |
||
| 132 | $current_access_url_id = api_get_current_access_url_id(); |
||
| 133 | // my user is subscribed in these |
||
| 134 | //sites: $my_url_list |
||
| 135 | $my_url_list = api_get_access_url_from_user($uData['id']); |
||
| 136 | } else { |
||
| 137 | $current_access_url_id = 1; |
||
| 138 | $my_url_list = [1]; |
||
| 139 | } |
||
| 140 | |||
| 141 | $my_user_is_admin = UserManager::is_admin($uData['id']); |
||
| 142 | |||
| 143 | if ($my_user_is_admin === false) { |
||
| 144 | if (is_array($my_url_list) && count($my_url_list) > 0) { |
||
| 145 | if (in_array($current_access_url_id, $my_url_list)) { |
||
| 146 | // the user has permission to enter at this site |
||
| 147 | $_user['user_id'] = $uData['id']; |
||
| 148 | $_user = api_get_user_info($_user['user_id']); |
||
| 149 | $_user['uidReset'] = true; |
||
| 150 | Session::write('_user', $_user); |
||
| 151 | Event::eventLogin($_user['user_id']); |
||
| 152 | // Redirect to homepage |
||
| 153 | $sso_target = ''; |
||
| 154 | if (!empty($sso['ruri'])) { |
||
| 155 | //The referrer URI is *only* used if |
||
| 156 | // the user credentials are OK, which |
||
| 157 | // should be protection enough |
||
| 158 | // against evil URL spoofing... |
||
| 159 | $sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']); |
||
| 160 | } else { |
||
| 161 | $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php'; |
||
| 162 | } |
||
| 163 | header('Location: '.$sso_target); |
||
| 164 | exit; |
||
| 165 | } else { |
||
| 166 | // user does not have permission for this site |
||
| 167 | $loginFailed = true; |
||
| 168 | Session::erase('_uid'); |
||
| 169 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
||
| 170 | exit; |
||
| 171 | } |
||
| 172 | } else { |
||
| 173 | // there is no URL in the multiple |
||
| 174 | // urls list for this user |
||
| 175 | $loginFailed = true; |
||
| 176 | Session::erase('_uid'); |
||
| 177 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
||
| 178 | exit; |
||
| 179 | } |
||
| 180 | } else { |
||
| 181 | //Only admins of the "main" (first) Chamilo |
||
| 182 | // portal can login wherever they want |
||
| 183 | if (in_array(1, $my_url_list)) { |
||
| 184 | //Check if this admin is admin on the |
||
| 185 | // principal portal |
||
| 186 | $_user['user_id'] = $uData['id']; |
||
| 187 | $_user = api_get_user_info($_user['user_id']); |
||
| 188 | $is_platformAdmin = $uData['status'] == COURSEMANAGER; |
||
| 189 | Session::write('is_platformAdmin', $is_platformAdmin); |
||
| 190 | Session::write('_user', $_user); |
||
| 191 | Event::eventLogin($_user['user_id']); |
||
| 192 | } else { |
||
| 193 | //Secondary URL admin wants to login |
||
| 194 | // so we check as a normal user |
||
| 195 | if (in_array($current_access_url_id, $my_url_list)) { |
||
| 196 | $_user['user_id'] = $uData['user_id']; |
||
| 197 | $_user = api_get_user_info($_user['user_id']); |
||
| 198 | Session::write('_user', $_user); |
||
| 199 | Event::eventLogin($_user['user_id']); |
||
| 200 | } else { |
||
| 201 | $loginFailed = true; |
||
| 202 | Session::erase('_uid'); |
||
| 203 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
||
| 204 | exit; |
||
| 205 | } |
||
| 206 | } |
||
| 207 | } |
||
| 208 | } else { |
||
| 209 | // user account expired |
||
| 210 | $loginFailed = true; |
||
| 211 | Session::erase('_uid'); |
||
| 212 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); |
||
| 213 | exit; |
||
| 214 | } |
||
| 215 | } else { |
||
| 216 | //User not active |
||
| 217 | $loginFailed = true; |
||
| 218 | Session::erase('_uid'); |
||
| 219 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); |
||
| 220 | exit; |
||
| 221 | } |
||
| 222 | } else { |
||
| 223 | //SHA1 of password is wrong |
||
| 224 | $loginFailed = true; |
||
| 225 | Session::erase('_uid'); |
||
| 226 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password'); |
||
| 227 | exit; |
||
| 228 | } |
||
| 229 | } else { |
||
| 230 | //Auth_source is wrong |
||
| 231 | $loginFailed = true; |
||
| 232 | Session::erase('_uid'); |
||
| 233 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_authentication_source'); |
||
| 234 | exit; |
||
| 235 | } |
||
| 236 | } else { |
||
| 237 | //No user by that login |
||
| 238 | $loginFailed = true; |
||
| 239 | Session::erase('_uid'); |
||
| 240 | header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found'); |
||
| 241 | exit; |
||
| 242 | } |
||
| 243 | |||
| 244 | return $loginFailed; |
||
| 245 | } |
||
| 302 |
Loading history...
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.