codysnider /
tt-rss
| Conditions | 19 |
| Paths | 71 |
| Total Lines | 159 |
| Code Lines | 80 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 3 | ||
| Bugs | 1 | Features | 1 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 21 | public function authenticate($login, $password, $service = '') { |
||
| 22 | |||
| 23 | $pwd_hash1 = encrypt_password($password); |
||
| 24 | $pwd_hash2 = encrypt_password($password, $login); |
||
| 25 | $otp = $_REQUEST["otp"]; |
||
| 26 | |||
| 27 | if (get_schema_version() > 96) { |
||
| 28 | |||
| 29 | $sth = $this->pdo->prepare("SELECT otp_enabled,salt FROM ttrss_users WHERE |
||
| 30 | login = ?"); |
||
| 31 | $sth->execute([$login]); |
||
| 32 | |||
| 33 | if ($row = $sth->fetch()) { |
||
| 34 | $otp_enabled = $row['otp_enabled']; |
||
| 35 | |||
| 36 | if ($otp_enabled) { |
||
| 37 | |||
| 38 | // only allow app password checking if OTP is enabled |
||
| 39 | if ($service && get_schema_version() > 138) { |
||
| 40 | return $this->check_app_password($login, $password, $service); |
||
| 41 | } |
||
| 42 | |||
| 43 | if ($otp) { |
||
| 44 | $base32 = new \OTPHP\Base32(); |
||
|
|
|||
| 45 | |||
| 46 | $secret = $base32->encode(mb_substr(sha1($row["salt"]), 0, 12), false); |
||
| 47 | $secret_legacy = $base32->encode(sha1($row["salt"])); |
||
| 48 | |||
| 49 | $totp = new \OTPHP\TOTP($secret); |
||
| 50 | $otp_check = $totp->now(); |
||
| 51 | |||
| 52 | $totp_legacy = new \OTPHP\TOTP($secret_legacy); |
||
| 53 | $otp_check_legacy = $totp_legacy->now(); |
||
| 54 | |||
| 55 | if ($otp != $otp_check && $otp != $otp_check_legacy) { |
||
| 56 | return false; |
||
| 57 | } |
||
| 58 | } else { |
||
| 59 | $return = urlencode($_REQUEST["return"]); |
||
| 60 | ?> |
||
| 61 | <!DOCTYPE html> |
||
| 62 | <html> |
||
| 63 | <head> |
||
| 64 | <title>Tiny Tiny RSS</title> |
||
| 65 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
||
| 66 | </head> |
||
| 67 | <?php echo stylesheet_tag("css/default.css") ?> |
||
| 68 | <body class="ttrss_utility otp"> |
||
| 69 | <h1><?php echo __("Authentication") ?></h1> |
||
| 70 | <div class="content"> |
||
| 71 | <form action="public.php?return=<?php echo $return ?>" |
||
| 72 | method="POST" class="otpform"> |
||
| 73 | <input type="hidden" name="op" value="login"> |
||
| 74 | <input type="hidden" name="login" value="<?php echo htmlspecialchars($login) ?>"> |
||
| 75 | <input type="hidden" name="password" value="<?php echo htmlspecialchars($password) ?>"> |
||
| 76 | <input type="hidden" name="bw_limit" value="<?php echo htmlspecialchars($_POST["bw_limit"]) ?>"> |
||
| 77 | <input type="hidden" name="remember_me" value="<?php echo htmlspecialchars($_POST["remember_me"]) ?>"> |
||
| 78 | <input type="hidden" name="profile" value="<?php echo htmlspecialchars($_POST["profile"]) ?>"> |
||
| 79 | |||
| 80 | <fieldset> |
||
| 81 | <label><?php echo __("Please enter your one time password:") ?></label> |
||
| 82 | <input autocomplete="off" size="6" name="otp" value=""/> |
||
| 83 | <input type="submit" value="Continue"/> |
||
| 84 | </fieldset> |
||
| 85 | </form></div> |
||
| 86 | <script type="text/javascript"> |
||
| 87 | document.forms[0].otp.focus(); |
||
| 88 | </script> |
||
| 89 | <?php |
||
| 90 | exit; |
||
| 91 | } |
||
| 92 | } |
||
| 93 | } |
||
| 94 | } |
||
| 95 | |||
| 96 | // check app passwords first but allow regular password as a fallback for the time being |
||
| 97 | // if OTP is not enabled |
||
| 98 | |||
| 99 | if ($service && get_schema_version() > 138) { |
||
| 100 | $user_id = $this->check_app_password($login, $password, $service); |
||
| 101 | |||
| 102 | if ($user_id) { |
||
| 103 | return $user_id; |
||
| 104 | } |
||
| 105 | } |
||
| 106 | |||
| 107 | if (get_schema_version() > 87) { |
||
| 108 | |||
| 109 | $sth = $this->pdo->prepare("SELECT salt FROM ttrss_users WHERE login = ?"); |
||
| 110 | $sth->execute([$login]); |
||
| 111 | |||
| 112 | if ($row = $sth->fetch()) { |
||
| 113 | $salt = $row['salt']; |
||
| 114 | |||
| 115 | if ($salt == "") { |
||
| 116 | |||
| 117 | $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE |
||
| 118 | login = ? AND (pwd_hash = ? OR pwd_hash = ?)"); |
||
| 119 | |||
| 120 | $sth->execute([$login, $pwd_hash1, $pwd_hash2]); |
||
| 121 | |||
| 122 | // verify and upgrade password to new salt base |
||
| 123 | |||
| 124 | if ($row = $sth->fetch()) { |
||
| 125 | // upgrade password to MODE2 |
||
| 126 | |||
| 127 | $user_id = $row['id']; |
||
| 128 | |||
| 129 | $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); |
||
| 130 | $pwd_hash = encrypt_password($password, $salt, true); |
||
| 131 | |||
| 132 | $sth = $this->pdo->prepare("UPDATE ttrss_users SET |
||
| 133 | pwd_hash = ?, salt = ? WHERE login = ?"); |
||
| 134 | |||
| 135 | $sth->execute([$pwd_hash, $salt, $login]); |
||
| 136 | |||
| 137 | return $user_id; |
||
| 138 | |||
| 139 | } else { |
||
| 140 | return false; |
||
| 141 | } |
||
| 142 | |||
| 143 | } else { |
||
| 144 | $pwd_hash = encrypt_password($password, $salt, true); |
||
| 145 | |||
| 146 | $sth = $this->pdo->prepare("SELECT id |
||
| 147 | FROM ttrss_users WHERE |
||
| 148 | login = ? AND pwd_hash = ?"); |
||
| 149 | $sth->execute([$login, $pwd_hash]); |
||
| 150 | |||
| 151 | if ($row = $sth->fetch()) { |
||
| 152 | return $row['id']; |
||
| 153 | } |
||
| 154 | } |
||
| 155 | |||
| 156 | } else { |
||
| 157 | $sth = $this->pdo->prepare("SELECT id |
||
| 158 | FROM ttrss_users WHERE |
||
| 159 | login = ? AND (pwd_hash = ? OR pwd_hash = ?)"); |
||
| 160 | |||
| 161 | $sth->execute([$login, $pwd_hash1, $pwd_hash2]); |
||
| 162 | |||
| 163 | if ($row = $sth->fetch()) { |
||
| 164 | return $row['id']; |
||
| 165 | } |
||
| 166 | } |
||
| 167 | } else { |
||
| 168 | $sth = $this->pdo->prepare("SELECT id |
||
| 169 | FROM ttrss_users WHERE |
||
| 170 | login = ? AND (pwd_hash = ? OR pwd_hash = ?)"); |
||
| 171 | |||
| 172 | $sth->execute([$login, $pwd_hash1, $pwd_hash2]); |
||
| 173 | |||
| 174 | if ($row = $sth->fetch()) { |
||
| 175 | return $row['id']; |
||
| 176 | } |
||
| 177 | } |
||
| 178 | |||
| 179 | return false; |
||
| 180 | } |
||
| 296 |
Loading history...
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"], you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths