Issues in cm_webservice.php (1.11.x) - Issues in 1.11.x - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2160)

main/webservices/cm_webservice.php (2 issues)

Severity

Unknown 2

<?php

/* For licensing terms, see /license.txt */

use Chamilo\UserBundle\Entity\User;

require_once __DIR__.'/../inc/global.inc.php';

api_protect_webservices();

/**
 * Error returned by one of the methods of the web service. Contains an error code and an error message.
 */
class WSCMError
{
    /**
     * Error code.
     *
     * @var int
     */
    public $code;

    /**
     * Error message.
     *
     * @var string
     */
    public $message;
    /**
     * Error handler. This needs to be a class that implements the interface WSErrorHandler.
     *
     * @var WSErrorHandler
     */
    protected static $_handler;

    /**
     * Constructor.
     *
     * @param int Error code
     * @param string Error message
     */
    public function __construct($code, $message)
    {
        $this->code = $code;
        $this->message = $message;
    }

    /**
     * Sets the error handler.
     *
     * @param WSErrorHandler $handler Error handler
     */
    public static function setErrorHandler($handler)
    {
        if ($handler instanceof WSErrorHandler) {

            self::$_handler = $handler;
        }
    }

    /**
     * Returns the error handler.
     *
     * @return WSErrorHandler Error handler
     */
    public static function getErrorHandler()
    {
        return self::$_handler;
    }

    /**
     * Transforms the error into an array.
     *
     * @return array Associative array with code and message
     */
    public function toArray()
    {
        return ['code' => $this->code, 'message' => $this->message];
    }
}

/**
 * Interface that must be implemented by any error handler.
 */
interface WSCMErrorHandler
{
    /**
     * Handle method.
     *
     * @param WSError $error Error
     */
    public function handle($error);
}

/**
 * Main class of the webservice. Webservice classes extend this class.
 */
class WSCM
{
    /**
     * Chamilo configuration.
     *
     * @var array
     */
    protected $_configuration;

    /**
     * Constructor.
     */
    public function __construct()
    {
        $this->_configuration = $GLOBALS['_configuration'];
    }

    /**
     * Verifies if the user is valid.
     *
     * @param string $username of the user in chamilo
     * @param string $pass     of the same user (in MD5 of SHA)
     *
     * @return mixed "valid" if username e password are correct! Else, return a message error
     */
    public function verifyUserPass($username, $pass)
    {
        $login = $username;
        $password = $pass;

        $userRepo = UserManager::getRepository();
        /** @var User $uData */
        $uData = $userRepo->findOneBy([
            'username' => trim(addslashes($login)),
        ]);

        if ($uData) {

            if ($uData->getAuthSource() == PLATFORM_AUTH_SOURCE) {
                $passwordEncoded = UserManager::encryptPassword($password, $uData);
                // Check the user's password
                if ($passwordEncoded == $uData->getPassword() && (trim($login) == $uData->getUsername())) {
                    // Check if the account is active (not locked)
                    if ($uData->getActive()) {
                        // Check if the expiration date has not been reached
                        $now = new DateTime();
                        if ($uData->getExpirationDate() > $now || !$uData->getExpirationDate()) {
                            return "valid";
                        } else {
                            return get_lang('AccountExpired');
                        }
                    } else {
                        return get_lang('AccountInactive');
                    }
                } else {
                    return get_lang('InvalidId');
                }
            } else {
                return get_lang('AccountURLInactive');
            }
        }

        return get_lang('InvalidId');
    }

    /**
     * Test function. Returns the string success.
     *
     * @return string Success
     */
    public function test()
    {
        return "success";
    }

    /**
     * *Strictly* reverts PHP's nl2br() effects (whether it was used in XHTML mode or not).
     *
     * @param string $string
     *
     * @return string
     */
    public function nl2br_revert($string)
    {
        return preg_replace('`<br(?: /)?>([\\n\\r])`', '$1', $string);
    }

    /**
     * Verifies the API key.
     *
     * @param string $secret_key Secret key
     *
     * @return mixed WSError in case of failure, null in case of success
     */
    protected function verifyKey($secret_key)
    {
        $ip = trim($_SERVER['REMOTE_ADDR']);
        // if we are behind a reverse proxy, assume it will send the
        // HTTP_X_FORWARDED_FOR header and use this IP instead
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            list($ip1, $ip2) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
            $ip = trim($ip1);
        }
        $security_key = $ip.$this->_configuration['security_key'];

        if (!api_is_valid_secret_key($secret_key, $security_key)) {
            return new WSCMError(1, "API key is invalid");
        } else {
            return null;
        }
    }

    /**
     * Gets the real user id based on the user id field name and value.
     * Note that if the user id field name is "chamilo_user_id", it will use the user id
     * in the system database.
     *
     * @param string $user_id_field_name User id field name
     * @param string $user_id_value      User id value
     *
     * @return mixed System user id if the user was found, WSError otherwise
     */
    protected function getUserId($user_id_field_name, $user_id_value)
    {
        if ($user_id_field_name == "chamilo_user_id") {
            if (UserManager::is_user_id_valid(intval($user_id_value))) {
                return intval($user_id_value);
            } else {
                return new WSCMError(100, "User not found");
            }
        } else {
            $user_id = UserManager::get_user_id_from_original_id(
                $user_id_value,
                $user_id_field_name
            );
            if ($user_id == 0) {
                return new WSCMError(100, "User not found");
            } else {
                return $user_id;
            }
        }
    }

    /**
     * Gets the real course id based on the course id field name and value.
     * Note that if the course id field name is "chamilo_course_id", it will use the course id
     * in the system database.
     *
     * @param string $course_id_field_name Course id field name
     * @param string $course_id_value      Course id value
     *
     * @return mixed System course id if the course was found, WSError otherwise
     */
    protected function getCourseId($course_id_field_name, $course_id_value)
    {
        if ($course_id_field_name == "chamilo_course_id") {
            if (CourseManager::get_course_code_from_course_id($course_id_value) != null) {
                return intval($course_id_value);
            } else {
                return new WSCMError(200, "Course not found");
            }
        } else {
            $courseId = CourseManager::get_course_code_from_original_id(
                $course_id_value,
                $course_id_field_name
            );
            if (empty($courseId)) {
                return new WSCMError(200, "Course not found");
            } else {
                return $courseId;
            }
        }
    }

    /**
     * Gets the real session id based on the session id field name and value.
     * Note that if the session id field name is "chamilo_session_id", it will use the session id
     * in the system database.
     *
     * @param string $session_id_field_name Session id field name
     * @param string $session_id_value      Session id value
     *
     * @return mixed System session id if the session was found, WSError otherwise
     */
    protected function getSessionId($session_id_field_name, $session_id_value)
    {
        if ($session_id_field_name == "chamilo_session_id") {
            $session = SessionManager::fetch((int) $session_id_value);
            if (!empty($session)) {
                return intval($session_id_value);
            } else {
                return new WSCMError(300, "Session not found");
            }
        } else {
            $session_id = SessionManager::getSessionIdFromOriginalId(
                $session_id_value,
                $session_id_field_name
            );
            if ($session_id == 0) {
                return new WSCMError(300, "Session not found");
            } else {
                return $session_id;
            }
        }
    }

    /**
     * Handles an error by calling the WSError error handler.
     *
     * @param WSError $error Error
     */
    protected function handleError($error)
    {
        $handler = WSCMError::getErrorHandler();
        $handler->handle($error);
    }

    /**
     * Gets a successful result.
     *
     * @return array Array with a code of 0 and a message 'Operation was successful'
     */
    protected function getSuccessfulResult()
    {
        return ['code' => 0, 'message' => 'Operation was successful'];
    }
}


1			<?php
2
3			/* For licensing terms, see /license.txt */
4
5			use Chamilo\UserBundle\Entity\User;
6
7			require_once __DIR__.'/../inc/global.inc.php';
8
9			api_protect_webservices();
10
11			/**
12			* Error returned by one of the methods of the web service. Contains an error code and an error message.
13			*/
14			class WSCMError
15			{
16			/**
17			* Error code.
18			*
19			* @var int
20			*/
21			public $code;
22
23			/**
24			* Error message.
25			*
26			* @var string
27			*/
28			public $message;
29			/**
30			* Error handler. This needs to be a class that implements the interface WSErrorHandler.
31			*
32			* @var WSErrorHandler
33			*/
34			protected static $_handler;
35
36			/**
37			* Constructor.
38			*
39			* @param int Error code
40			* @param string Error message
41			*/
42			public function __construct($code, $message)
43			{
44			$this->code = $code;
45			$this->message = $message;
46			}
47
48			/**
49			* Sets the error handler.
50			*
51			* @param WSErrorHandler $handler Error handler
52			*/
53			public static function setErrorHandler($handler)
54			{
55			if ($handler instanceof WSErrorHandler) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$handler` is always a sub-type of `WSErrorHandler`. Loading history...
56			self::$_handler = $handler;
57			}
58			}
59
60			/**
61			* Returns the error handler.
62			*
63			* @return WSErrorHandler Error handler
64			*/
65			public static function getErrorHandler()
66			{
67			return self::$_handler;
68			}
69
70			/**
71			* Transforms the error into an array.
72			*
73			* @return array Associative array with code and message
74			*/
75			public function toArray()
76			{
77			return ['code' => $this->code, 'message' => $this->message];
78			}
79			}
80
81			/**
82			* Interface that must be implemented by any error handler.
83			*/
84			interface WSCMErrorHandler
85			{
86			/**
87			* Handle method.
88			*
89			* @param WSError $error Error
90			*/
91			public function handle($error);
92			}
93
94			/**
95			* Main class of the webservice. Webservice classes extend this class.
96			*/
97			class WSCM
98			{
99			/**
100			* Chamilo configuration.
101			*
102			* @var array
103			*/
104			protected $_configuration;
105
106			/**
107			* Constructor.
108			*/
109			public function __construct()
110			{
111			$this->_configuration = $GLOBALS['_configuration'];
112			}
113
114			/**
115			* Verifies if the user is valid.
116			*
117			* @param string $username of the user in chamilo
118			* @param string $pass of the same user (in MD5 of SHA)
119			*
120			* @return mixed "valid" if username e password are correct! Else, return a message error
121			*/
122			public function verifyUserPass($username, $pass)
123			{
124			$login = $username;
125			$password = $pass;
126
127			$userRepo = UserManager::getRepository();
128			/** @var User $uData */
129			$uData = $userRepo->findOneBy([
130			'username' => trim(addslashes($login)),
131			]);
132
133			if ($uData) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$uData` is of type `Chamilo\UserBundle\Entity\User`, thus it always evaluated to `true`. Loading history...
134			if ($uData->getAuthSource() == PLATFORM_AUTH_SOURCE) {
135			$passwordEncoded = UserManager::encryptPassword($password, $uData);
136			// Check the user's password
137			if ($passwordEncoded == $uData->getPassword() && (trim($login) == $uData->getUsername())) {
138			// Check if the account is active (not locked)
139			if ($uData->getActive()) {
140			// Check if the expiration date has not been reached
141			$now = new DateTime();
142			if ($uData->getExpirationDate() > $now \|\| !$uData->getExpirationDate()) {
143			return "valid";
144			} else {
145			return get_lang('AccountExpired');
146			}
147			} else {
148			return get_lang('AccountInactive');
149			}
150			} else {
151			return get_lang('InvalidId');
152			}
153			} else {
154			return get_lang('AccountURLInactive');
155			}
156			}
157
158			return get_lang('InvalidId');
159			}
160
161			/**
162			* Test function. Returns the string success.
163			*
164			* @return string Success
165			*/
166			public function test()
167			{
168			return "success";
169			}
170
171			/**
172			* Strictly reverts PHP's nl2br() effects (whether it was used in XHTML mode or not).
173			*
174			* @param string $string
175			*
176			* @return string
177			*/
178			public function nl2br_revert($string)
179			{
180			return preg_replace('`<br(?: /)?>([\\n\\r])`', '$1', $string);
181			}
182
183			/**
184			* Verifies the API key.
185			*
186			* @param string $secret_key Secret key
187			*
188			* @return mixed WSError in case of failure, null in case of success
189			*/
190			protected function verifyKey($secret_key)
191			{
192			$ip = trim($_SERVER['REMOTE_ADDR']);
193			// if we are behind a reverse proxy, assume it will send the
194			// HTTP_X_FORWARDED_FOR header and use this IP instead
195			if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
196			list($ip1, $ip2) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
197			$ip = trim($ip1);
198			}
199			$security_key = $ip.$this->_configuration['security_key'];
200
201			if (!api_is_valid_secret_key($secret_key, $security_key)) {
202			return new WSCMError(1, "API key is invalid");
203			} else {
204			return null;
205			}
206			}
207
208			/**
209			* Gets the real user id based on the user id field name and value.
210			* Note that if the user id field name is "chamilo_user_id", it will use the user id
211			* in the system database.
212			*
213			* @param string $user_id_field_name User id field name
214			* @param string $user_id_value User id value
215			*
216			* @return mixed System user id if the user was found, WSError otherwise
217			*/
218			protected function getUserId($user_id_field_name, $user_id_value)
219			{
220			if ($user_id_field_name == "chamilo_user_id") {
221			if (UserManager::is_user_id_valid(intval($user_id_value))) {
222			return intval($user_id_value);
223			} else {
224			return new WSCMError(100, "User not found");
225			}
226			} else {
227			$user_id = UserManager::get_user_id_from_original_id(
228			$user_id_value,
229			$user_id_field_name
230			);
231			if ($user_id == 0) {
232			return new WSCMError(100, "User not found");
233			} else {
234			return $user_id;
235			}
236			}
237			}
238
239			/**
240			* Gets the real course id based on the course id field name and value.
241			* Note that if the course id field name is "chamilo_course_id", it will use the course id
242			* in the system database.
243			*
244			* @param string $course_id_field_name Course id field name
245			* @param string $course_id_value Course id value
246			*
247			* @return mixed System course id if the course was found, WSError otherwise
248			*/
249			protected function getCourseId($course_id_field_name, $course_id_value)
250			{
251			if ($course_id_field_name == "chamilo_course_id") {
252			if (CourseManager::get_course_code_from_course_id($course_id_value) != null) {
253			return intval($course_id_value);
254			} else {
255			return new WSCMError(200, "Course not found");
256			}
257			} else {
258			$courseId = CourseManager::get_course_code_from_original_id(
259			$course_id_value,
260			$course_id_field_name
261			);
262			if (empty($courseId)) {
263			return new WSCMError(200, "Course not found");
264			} else {
265			return $courseId;
266			}
267			}
268			}
269
270			/**
271			* Gets the real session id based on the session id field name and value.
272			* Note that if the session id field name is "chamilo_session_id", it will use the session id
273			* in the system database.
274			*
275			* @param string $session_id_field_name Session id field name
276			* @param string $session_id_value Session id value
277			*
278			* @return mixed System session id if the session was found, WSError otherwise
279			*/
280			protected function getSessionId($session_id_field_name, $session_id_value)
281			{
282			if ($session_id_field_name == "chamilo_session_id") {
283			$session = SessionManager::fetch((int) $session_id_value);
284			if (!empty($session)) {
285			return intval($session_id_value);
286			} else {
287			return new WSCMError(300, "Session not found");
288			}
289			} else {
290			$session_id = SessionManager::getSessionIdFromOriginalId(
291			$session_id_value,
292			$session_id_field_name
293			);
294			if ($session_id == 0) {
295			return new WSCMError(300, "Session not found");
296			} else {
297			return $session_id;
298			}
299			}
300			}
301
302			/**
303			* Handles an error by calling the WSError error handler.
304			*
305			* @param WSError $error Error
306			*/
307			protected function handleError($error)
308			{
309			$handler = WSCMError::getErrorHandler();
310			$handler->handle($error);
311			}
312
313			/**
314			* Gets a successful result.
315			*
316			* @return array Array with a code of 0 and a message 'Operation was successful'
317			*/
318			protected function getSuccessfulResult()
319			{
320			return ['code' => 0, 'message' => 'Operation was successful'];
321			}
322			}
323

chamilo / chamilo-lms

Issues (2160)

main/webservices/cm_webservice.php (2 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like