ManageSecurity::_moderationSettings() - Code Metrics - Inspection of "More refinements" - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — development (#3838)

by Spuds

created 2026-01-04 16:31 UTC

ManageSecurity::_moderationSettings() A

↳ Parent: ManageSecurity::_spamSettings()

Complexity

Conditions	1
Paths	1

Size

Total Lines	17
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	7
CRAP Score	1

Importance

Changes

Metric	Value
eloc	10
dl	0
loc	17
rs	9.9332
c	0
b	0
f	0
cc	1
nc	1
nop	0
ccs	7
cts	7
cp	1
crap	1

<?php

/**
 * Handles the Security and Moderation pages in the admin panel.  This includes
 * anti-spam, security, and moderation settings
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * This file contains code covered by:
 * copyright: 2011 Simple Machines (http://www.simplemachines.org)
 *
 * @version 2.0 Beta 1
 *
 */

namespace ElkArte\AdminController;

use ElkArte\AbstractController;
use ElkArte\Action;
use ElkArte\Cache\Cache;
use ElkArte\Languages\Txt;
use ElkArte\SettingsForm\SettingsForm;

/**
 * ManageSecurity controller handles the Security and Moderation
 * pages in admin panel.
 *
 * @package Security
 */
class ManageSecurity extends AbstractController
{
	/**
	 * This function passes control through to the relevant security tab.
	 *
	 * @event integrate_sa_modify_security
	 * @see AbstractController::action_index()
	 */
	public function action_index()
	{
		global $context, $txt;

		Txt::load('Help+ManageSettings');

		$subActions = [
			'general' => [$this, 'action_securitySettings_display', 'permission' => 'admin_forum'],
			'spam' => [$this, 'action_spamSettings_display', 'permission' => 'admin_forum'],
		];

		// Action control
		$action = new Action('modify_security');

		// By default, do the basic settings, call integrate_sa_modify_security
		$subAction = $action->initialize($subActions, 'general');

		// Last pieces of the puzzle
		$context['sub_action'] = $subAction;
		$context['page_title'] = $txt['admin_security_moderation'];
		$context['sub_template'] = 'show_settings';

		// Load up all the tabs...
		$context[$context['admin_menu_name']]['object']->prepareTabData([
			'title' => 'admin_security_moderation',
			'help' => 'securitysettings',
			'description' => 'security_settings_desc',
		]);

		// Call the right function for this sub-action.
		$action->dispatch($subAction);
	}

	/**
	 * Handle settings regarding general security of the site.
	 *
	 * - Uses a settings form for security options.
	 *
	 * @event integrate_save_general_security_settings
	 */
	public function action_securitySettings_display(): void
	{
		global $txt, $context;

		// Initialize the form
		$settingsForm = new SettingsForm(SettingsForm::DB_ADAPTER);

		// Initialize it with our settings
		$settingsForm->setConfigVars($this->_securitySettings());

		// Saving?
		if ($this->_req->hasQuery('save'))
		{
			checkSession();

			$settingsForm->setConfigValues((array) $this->_req->post);
			$settingsForm->save();

			call_integration_hook('integrate_save_general_security_settings');

			writeLog();
			redirectexit('action=admin;area=securitysettings;sa=general');
		}

		$context['post_url'] = getUrl('admin', ['action' => 'admin', 'area' => 'securitysettings', 'save', 'sa' => 'general']);
		$context['settings_title'] = $txt['mods_cat_security_general'];

		$settingsForm->prepare();
	}

	/**
	 * Security settings.
	 *
	 * @event integrate_general_security_settings add more security settings
	 */
	private function _securitySettings()
	{
		global $txt, $context, $modSettings;

		// See if they supplied a valid-looking http:BL API Key
		$context['invalid_badbehavior_httpbl_key'] = (!empty($modSettings['badbehavior_httpbl_key']) && (strlen($modSettings['badbehavior_httpbl_key']) !== 12));

		// Set up the config array for use
		$config_vars = [
			['int', 'failed_login_threshold'],
			['int', 'loginHistoryDays'],
			'',
			['int', 'admin_session_lifetime'],
			['check', 'auto_admin_session'],
			['check', 'securityDisable'],
			['check', 'securityDisable_moderate'],
			'',
			['check', 'enableOTP'],
			'',
			// Reactive on email and approve on delete
			['check', 'send_validation_onChange'],
			['check', 'approveAccountDeletion'],
			'',
			// Password strength.
			['select', 'password_strength', [$txt['setting_password_strength_low'], $txt['setting_password_strength_medium'], $txt['setting_password_strength_high']]],
			['check', 'enable_password_conversion'],
			'',
			['select', 'frame_security', ['SAMEORIGIN' => $txt['setting_frame_security_SAMEORIGIN'], 'DENY' => $txt['setting_frame_security_DENY'], 'DISABLE' => $txt['setting_frame_security_DISABLE']]],
			// Bad Behavior
			['title', 'badbehavior_title'],
			['check', 'badbehavior_accept_header'],
			['text', 'badbehavior_httpbl_key', 12, 'invalid' => $context['invalid_badbehavior_httpbl_key']],
			['int', 'badbehavior_httpbl_threat', 'postinput' => $txt['badbehavior_httpbl_threat_desc']],
			['int', 'badbehavior_httpbl_maxage', 'postinput' => $txt['badbehavior_httpbl_maxage_desc']],
		];

		call_integration_hook('integrate_general_security_settings', [&$config_vars]);

		return $config_vars;
	}

	/**
	 * Handles admin security spam settings.
	 *
	 * - Displays a page with settings and eventually allows the admin to change them.
	 *
	 * @event integrate_save_spam_settings
	 */
	public function action_spamSettings_display(): void
	{
		global $txt, $context, $modSettings;

		// Initialize the form
		$settingsForm = new SettingsForm(SettingsForm::DB_ADAPTER);

		// Initialize it with our settings
		$config_vars = $this->_spamSettings();
		$settingsForm->setConfigVars($config_vars);

		// Saving?
		if ($this->_req->hasQuery('save'))
		{
			checkSession();

			// Guest requiring verification!
			if (empty($this->_req->post->posts_require_captcha) && !empty($this->_req->post->guests_require_captcha))
			{
				$this->_req->post->posts_require_captcha = -1;
			}

			unset($config_vars['guest_verify']);

			call_integration_hook('integrate_save_spam_settings');

			// Now save.
			$settingsForm->setConfigValues((array) $this->_req->post);
			$settingsForm->save();
			Cache::instance()->remove('verificationQuestionIds');
			redirectexit('action=admin;area=securitysettings;sa=spam');
		}

		// And the same for guests requiring verification.
		$modSettings['guests_require_captcha'] = !empty($modSettings['posts_require_captcha']);
		$modSettings['posts_require_captcha'] = !isset($modSettings['posts_require_captcha']) || $modSettings['posts_require_captcha'] == -1 ? 0 : $modSettings['posts_require_captcha'];

		// Some minor JavaScript for the guest post setting.
		if ($modSettings['posts_require_captcha'])
		{
			theme()->addInlineJavascript("document.getElementById('guests_require_captcha').disabled = true;", true);
		}

		$context['post_url'] = getUrl('admin', ['action' => 'admin', 'area' => 'securitysettings', 'save', 'sa' => 'spam']);
		$context['settings_title'] = $txt['antispam_Settings'];
		$settingsForm->prepare();
	}

	/**
	 * Spam settings.
	 *
	 * @event integrate_spam_settings mmmm Spam
	 */
	private function _spamSettings()
	{
		global $txt, $modSettings;

		// Build up our options array
		$config_vars = [
			['check', 'reg_verification'],
			['check', 'search_enable_captcha'],
			// This, my friend, is a cheat :p
			'guest_verify' => ['check', 'guests_require_captcha', 'postinput' => $txt['setting_guests_require_captcha_desc']],
			['int', 'posts_require_captcha', 'postinput' => $txt['posts_require_captcha_desc'], 'onchange' => "if (this.value > 0){ document.getElementById('guests_require_captcha').checked = true; document.getElementById('guests_require_captcha').disabled = true;} else {document.getElementById('guests_require_captcha').disabled = false;}"],
			['check', 'guests_report_require_captcha'],
		];

		// Cannot use moderation if post-moderation is not enabled.
		if (!$modSettings['postmod_active'])
		{
			unset($config_vars['moderate']);
		}

		// @todo: it may be removed, it may stay, the two hooks may have different functions
		call_integration_hook('integrate_spam_settings', [&$config_vars]);

		return $config_vars;
	}

	/**
	 * Public method to return security form settings, used in admin search
	 */
	public function securitySettings_search()
	{
		return $this->_securitySettings();
	}

	/**
	 * Public method to return spam settings, used in admin search
	 */
	public function spamSettings_search()
	{
		return $this->_spamSettings();
	}
}


1		<?php
2
3		/**
4		* Handles the Security and Moderation pages in the admin panel. This includes
5		* anti-spam, security, and moderation settings
6		*
7		* @package ElkArte Forum
8		* @copyright ElkArte Forum contributors
9		* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
10		*
11		* This file contains code covered by:
12		* copyright: 2011 Simple Machines (http://www.simplemachines.org)
13		*
14		* @version 2.0 Beta 1
15		*
16		*/
17
18		namespace ElkArte\AdminController;
19
20		use ElkArte\AbstractController;
21		use ElkArte\Action;
22		use ElkArte\Cache\Cache;
23		use ElkArte\Languages\Txt;
24		use ElkArte\SettingsForm\SettingsForm;
25
26		/**
27		* ManageSecurity controller handles the Security and Moderation
28		* pages in admin panel.
29		*
30		* @package Security
31		*/
32		class ManageSecurity extends AbstractController
33		{
34		/**
35		* This function passes control through to the relevant security tab.
36		*
37		* @event integrate_sa_modify_security
38		* @see AbstractController::action_index()
39		*/
40		public function action_index()
41		{
42		global $context, $txt;
43
44		Txt::load('Help+ManageSettings');
45
46		$subActions = [
47		'general' => [$this, 'action_securitySettings_display', 'permission' => 'admin_forum'],
48		'spam' => [$this, 'action_spamSettings_display', 'permission' => 'admin_forum'],
49		];
50
51		// Action control
52		$action = new Action('modify_security');
53
54		// By default, do the basic settings, call integrate_sa_modify_security
55		$subAction = $action->initialize($subActions, 'general');
56
57		// Last pieces of the puzzle
58		$context['sub_action'] = $subAction;
59		$context['page_title'] = $txt['admin_security_moderation'];
60		$context['sub_template'] = 'show_settings';
61
62		// Load up all the tabs...
63		$context[$context['admin_menu_name']]['object']->prepareTabData([
64		'title' => 'admin_security_moderation',
65		'help' => 'securitysettings',
66		'description' => 'security_settings_desc',
67		]);
68
69		// Call the right function for this sub-action.
70		$action->dispatch($subAction);
71		}
72
73		/**
74		* Handle settings regarding general security of the site.
75		*
76		* - Uses a settings form for security options.
77		*
78		* @event integrate_save_general_security_settings
79		*/
80		public function action_securitySettings_display(): void
81		{
82		global $txt, $context;
83
84		// Initialize the form
85		$settingsForm = new SettingsForm(SettingsForm::DB_ADAPTER);
86
87		// Initialize it with our settings
88		$settingsForm->setConfigVars($this->_securitySettings());
89
90		// Saving?
91		if ($this->_req->hasQuery('save'))
92		{
93		checkSession();
94
95		$settingsForm->setConfigValues((array) $this->_req->post);
96		$settingsForm->save();
97
98		call_integration_hook('integrate_save_general_security_settings');
99
100		writeLog();
101		redirectexit('action=admin;area=securitysettings;sa=general');
102		}
103
104		$context['post_url'] = getUrl('admin', ['action' => 'admin', 'area' => 'securitysettings', 'save', 'sa' => 'general']);
105		$context['settings_title'] = $txt['mods_cat_security_general'];
106
107		$settingsForm->prepare();
108		}
109
110		/**
111		* Security settings.
112		*
113		* @event integrate_general_security_settings add more security settings
114		*/
115		private function _securitySettings()
116		{
117		global $txt, $context, $modSettings;
118
119		// See if they supplied a valid-looking http:BL API Key
120		$context['invalid_badbehavior_httpbl_key'] = (!empty($modSettings['badbehavior_httpbl_key']) && (strlen($modSettings['badbehavior_httpbl_key']) !== 12));
121
122		// Set up the config array for use
123		$config_vars = [
124		['int', 'failed_login_threshold'],
125		['int', 'loginHistoryDays'],
126		'',
127		['int', 'admin_session_lifetime'],
128	2	['check', 'auto_admin_session'],
129		['check', 'securityDisable'],
130	2	['check', 'securityDisable_moderate'],
131		'',
132		['check', 'enableOTP'],
133		'',
134	2	// Reactive on email and approve on delete
135		['check', 'send_validation_onChange'],
136	2	['check', 'approveAccountDeletion'],
137		'',
138		// Password strength.
139	2	['select', 'password_strength', [$txt['setting_password_strength_low'], $txt['setting_password_strength_medium'], $txt['setting_password_strength_high']]],
140		['check', 'enable_password_conversion'],
141		'',
142		['select', 'frame_security', ['SAMEORIGIN' => $txt['setting_frame_security_SAMEORIGIN'], 'DENY' => $txt['setting_frame_security_DENY'], 'DISABLE' => $txt['setting_frame_security_DISABLE']]],
143		// Bad Behavior
144	2	['title', 'badbehavior_title'],
145		['check', 'badbehavior_accept_header'],
146	2	['text', 'badbehavior_httpbl_key', 12, 'invalid' => $context['invalid_badbehavior_httpbl_key']],
147		['int', 'badbehavior_httpbl_threat', 'postinput' => $txt['badbehavior_httpbl_threat_desc']],
148		['int', 'badbehavior_httpbl_maxage', 'postinput' => $txt['badbehavior_httpbl_maxage_desc']],
149		];
150	2
151		call_integration_hook('integrate_general_security_settings', [&$config_vars]);
152	2
153		return $config_vars;
154	2	}
155	2
156		/**
157		* Handles admin security spam settings.
158	2	*
159		* - Displays a page with settings and eventually allows the admin to change them.
160	2	*
161		* @event integrate_save_spam_settings
162		*/
163		public function action_spamSettings_display(): void
164		{
165		global $txt, $context, $modSettings;
166
167		// Initialize the form
168		$settingsForm = new SettingsForm(SettingsForm::DB_ADAPTER);
169
170		// Initialize it with our settings
171		$config_vars = $this->_spamSettings();
172		$settingsForm->setConfigVars($config_vars);
173
174		// Saving?
175		if ($this->_req->hasQuery('save'))
176		{
177		checkSession();
178
179		// Guest requiring verification!
180		if (empty($this->_req->post->posts_require_captcha) && !empty($this->_req->post->guests_require_captcha))
181		{
182		$this->_req->post->posts_require_captcha = -1;
183		}
184
185		unset($config_vars['guest_verify']);
186
187		call_integration_hook('integrate_save_spam_settings');
188
189		// Now save.
190		$settingsForm->setConfigValues((array) $this->_req->post);
191		$settingsForm->save();
192		Cache::instance()->remove('verificationQuestionIds');
193		redirectexit('action=admin;area=securitysettings;sa=spam');
194		}
195
196		// And the same for guests requiring verification.
197		$modSettings['guests_require_captcha'] = !empty($modSettings['posts_require_captcha']);
198		$modSettings['posts_require_captcha'] = !isset($modSettings['posts_require_captcha']) \|\| $modSettings['posts_require_captcha'] == -1 ? 0 : $modSettings['posts_require_captcha'];
199
200		// Some minor JavaScript for the guest post setting.
201		if ($modSettings['posts_require_captcha'])
202		{
203		theme()->addInlineJavascript("document.getElementById('guests_require_captcha').disabled = true;", true);
204		}
205
206		$context['post_url'] = getUrl('admin', ['action' => 'admin', 'area' => 'securitysettings', 'save', 'sa' => 'spam']);
207		$context['settings_title'] = $txt['antispam_Settings'];
208		$settingsForm->prepare();
209		}
210
211		/**
212		* Spam settings.
213		*
214		* @event integrate_spam_settings mmmm Spam
215		*/
216		private function _spamSettings()
217		{
218		global $txt, $modSettings;
219
220		// Build up our options array
221		$config_vars = [
222		['check', 'reg_verification'],
223		['check', 'search_enable_captcha'],
224		// This, my friend, is a cheat :p
225		'guest_verify' => ['check', 'guests_require_captcha', 'postinput' => $txt['setting_guests_require_captcha_desc']],
226		['int', 'posts_require_captcha', 'postinput' => $txt['posts_require_captcha_desc'], 'onchange' => "if (this.value > 0){ document.getElementById('guests_require_captcha').checked = true; document.getElementById('guests_require_captcha').disabled = true;} else {document.getElementById('guests_require_captcha').disabled = false;}"],
227		['check', 'guests_report_require_captcha'],
228	2	];
229
230	2	// Cannot use moderation if post-moderation is not enabled.
231		if (!$modSettings['postmod_active'])
232		{
233		unset($config_vars['moderate']);
234	2	}
235	2
236	2	// @todo: it may be removed, it may stay, the two hooks may have different functions
237	2	call_integration_hook('integrate_spam_settings', [&$config_vars]);
238	2
239	2	return $config_vars;
240		}
241
242	2	/**
243		* Public method to return security form settings, used in admin search
244	2	*/
245		public function securitySettings_search()
246		{
247		return $this->_securitySettings();
248		}
249
250		/**
251		* Public method to return spam settings, used in admin search
252		*/
253		public function spamSettings_search()
254		{
255		return $this->_spamSettings();
256		}
257		}
258

elkarte / Elkarte

Pull Request — development (#3838)

ManageSecurity::_moderationSettings() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like