View GitHub Repository tt-rss

Schedule Inspection
Subscribe

Auth_Base::auto_create_user()   A
last analyzed

↳ Parent: Auth_Base

Complexity

Conditions 6
Paths 5

Size

Total Lines 25
Code Lines 13

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 6
eloc 13
c 0
b 0
f 0
nc 5
nop 2
dl 0
loc 25
rs 9.2222
1 
<?php
2 
class Auth_Base {
3 
    private $pdo;
4 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
    const AUTH_SERVICE_API = '_api';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                
    public function __construct() {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
        $this->pdo = Db::pdo();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
    // Auto-creates specified user if allowed by system configuration

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
    // Can be used instead of find_user_by_login() by external auth modules

            


            
                                                                        
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
    public function auto_create_user($login, $password = false) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
        if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
The constant AUTH_AUTO_CREATE was not found. Maybe you did not declare it correctly or list all dependencies?
                                                                                                

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                        
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
            $user_id = $this->find_user_by_login($login);

            


            
                                                                        
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
            if (!$password) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
                $password = make_password();

            


            
                                                                        
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
            }

            


            
                                                                        
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
            if (!$user_id) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
                $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);

            


            
                                                                        
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
                $pwd_hash = encrypt_password($password, $salt, true);

            


            
                                                                        
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
                $sth = $this->pdo->prepare("INSERT INTO ttrss_users

            


            
                                                                        
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
						(login,access_level,last_login,created,pwd_hash,salt)

            


            
                                                                        
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
						VALUES (?, 0, null, NOW(), ?,?)");

            


            
                                                                        
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
                $sth->execute([$login, $pwd_hash, $salt]);

            


            
                                                                        
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
                return $this->find_user_by_login($login);

            


            
                                                                        
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
            } else {

            


            
                                                                        
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
                return $user_id;

            


            
                                                                        
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
            }

            


            
                                                                        
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
        return $this->find_user_by_login($login);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
    public function find_user_by_login($login) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                
        $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
        $sth->execute([$login]);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
        if ($row = $sth->fetch()) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
            return $row["id"];

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
        } else {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                
            return false;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    51