Issues in reset.php (master) - Issues in master - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2089)

public/main/auth/reset.php (1 issue)

Severity

Unknown 1

<?php
/* For license terms, see /license.txt */

use Chamilo\CoreBundle\Framework\Container;

require_once __DIR__.'/../inc/global.inc.php';

$token = $_GET['token'] ?? '';

if (!ctype_alnum($token)) {
    $token = '';
}

// Build the form
$form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
$form->addElement('header', get_lang('Reset password'));
$form->addHidden('token', $token);
$form->addElement(
    'password',
    'pass1',
    get_lang('Password'),
    [
        'show_hide' => true,
    ]
);
$form->addElement(
    'password',
    'pass2',
    get_lang('Confirm password'),
    ['id' => 'pass2', 'size' => 20, 'autocomplete' => 'off']
);
$form->addRule('pass1', get_lang('Required field'), 'required');
$form->addRule('pass2', get_lang('Required field'), 'required');
$form->addRule(['pass1', 'pass2'], get_lang('You have typed two different passwords'), 'compare');
$form->addButtonSave(get_lang('Update'));

$ttl = api_get_setting('user_reset_password_token_limit');
if (empty($ttl)) {
    $ttl = 3600;
}

if ($form->validate()) {
    $values = $form->exportValues();
    $password = $values['pass1'];
    $token = $values['token'];

    /** @var \Chamilo\CoreBundle\Entity\User $user */
    $user = Container::getUserRepository()->findUserByConfirmationToken($token);
    if ($user) {

        if (!$user->isPasswordRequestNonExpired($ttl)) {
            Display::addFlash(Display::return_message(get_lang('Link expired, please try again.')), 'warning');
            header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
            exit;
        }

        $user->setPlainPassword($password);
        Container::getUserRepository()->updateUser($user, true);

        $user->setConfirmationToken(null);
        $user->setPasswordRequestedAt(null);

        Database::getManager()->persist($user);
        Database::getManager()->flush();

        if ('true' === api_get_setting('security.force_renew_password_at_first_login')) {
            $extraFieldValue = new ExtraFieldValue('user');
            $value = $extraFieldValue->get_values_by_handler_and_field_variable($user->getId(), 'ask_new_password');
            if (!empty($value) && isset($value['value']) && 1 === (int) $value['value']) {
                $extraFieldValue->delete($value['id']);
            }
        }

        Display::addFlash(Display::return_message(get_lang('Update successful')));
        header('Location: '.api_get_path(WEB_PATH));
        exit;
    } else {
        Display::addFlash(
            Display::return_message(get_lang('Link expired, please try again.'))
        );
    }
}

$tpl = new Template(null);
$tpl->assign('content', $form->toHtml());
$tpl->display_one_col_template();


1			<?php
2			/* For license terms, see /license.txt */
3
4			use Chamilo\CoreBundle\Framework\Container;
5
6			require_once __DIR__.'/../inc/global.inc.php';
7
8			$token = $_GET['token'] ?? '';
9
10			if (!ctype_alnum($token)) {
11			$token = '';
12			}
13
14			// Build the form
15			$form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
16			$form->addElement('header', get_lang('Reset password'));
17			$form->addHidden('token', $token);
18			$form->addElement(
19			'password',
20			'pass1',
21			get_lang('Password'),
22			[
23			'show_hide' => true,
24			]
25			);
26			$form->addElement(
27			'password',
28			'pass2',
29			get_lang('Confirm password'),
30			['id' => 'pass2', 'size' => 20, 'autocomplete' => 'off']
31			);
32			$form->addRule('pass1', get_lang('Required field'), 'required');
33			$form->addRule('pass2', get_lang('Required field'), 'required');
34			$form->addRule(['pass1', 'pass2'], get_lang('You have typed two different passwords'), 'compare');
35			$form->addButtonSave(get_lang('Update'));
36
37			$ttl = api_get_setting('user_reset_password_token_limit');
38			if (empty($ttl)) {
39			$ttl = 3600;
40			}
41
42			if ($form->validate()) {
43			$values = $form->exportValues();
44			$password = $values['pass1'];
45			$token = $values['token'];
46
47			/** @var \Chamilo\CoreBundle\Entity\User $user */
48			$user = Container::getUserRepository()->findUserByConfirmationToken($token);
49			if ($user) {
			0 ignored issues – show introduced 2020-05-05 07:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` is of type `Chamilo\CoreBundle\Entity\User`, thus it always evaluated to `true`. Loading history...
50			if (!$user->isPasswordRequestNonExpired($ttl)) {
51			Display::addFlash(Display::return_message(get_lang('Link expired, please try again.')), 'warning');
52			header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
53			exit;
54			}
55
56			$user->setPlainPassword($password);
57			Container::getUserRepository()->updateUser($user, true);
58
59			$user->setConfirmationToken(null);
60			$user->setPasswordRequestedAt(null);
61
62			Database::getManager()->persist($user);
63			Database::getManager()->flush();
64
65			if ('true' === api_get_setting('security.force_renew_password_at_first_login')) {
66			$extraFieldValue = new ExtraFieldValue('user');
67			$value = $extraFieldValue->get_values_by_handler_and_field_variable($user->getId(), 'ask_new_password');
68			if (!empty($value) && isset($value['value']) && 1 === (int) $value['value']) {
69			$extraFieldValue->delete($value['id']);
70			}
71			}
72
73			Display::addFlash(Display::return_message(get_lang('Update successful')));
74			header('Location: '.api_get_path(WEB_PATH));
75			exit;
76			} else {
77			Display::addFlash(
78			Display::return_message(get_lang('Link expired, please try again.'))
79			);
80			}
81			}
82
83			$tpl = new Template(null);
84			$tpl->assign('content', $form->toHtml());
85			$tpl->display_one_col_template();
86

chamilo / chamilo-lms

Issues (2089)

public/main/auth/reset.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like