enwikipedia-acc / waca

smarty-plugins/modifier.date.php

Indentation +11 added lines, -11 removed lines

@@ -16,16 +16,16 @@
  */
 function smarty_modifier_date($input)
 {
-    if (gettype($input) === 'object'
-        && (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
-    ) {
-        /** @var $date DateTime|DateTimeImmutable */
-        $date = $input;
-        $dateString = $date->format('Y-m-d H:i:s');
+	if (gettype($input) === 'object'
+		&& (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
+	) {
+		/** @var $date DateTime|DateTimeImmutable */
+		$date = $input;
+		$dateString = $date->format('Y-m-d H:i:s');
 
-        return $dateString;
-    }
-    else {
-        return $input;
-    }
+		return $dateString;
+	}
+	else {
+		return $input;
+	}
 }
\ No newline at end of file

includes/Helpers/SearchHelpers/LogSearchHelper.php

Indentation +73 added lines, -73 removed lines

@@ -13,87 +13,87 @@
 
 class LogSearchHelper extends SearchHelperBase
 {
-    /**
-     * LogSearchHelper constructor.
-     *
-     * @param PdoDatabase $database
-     */
-    protected function __construct(PdoDatabase $database)
-    {
-        parent::__construct($database, 'log', Log::class, 'timestamp DESC');
-    }
+	/**
+	 * LogSearchHelper constructor.
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function __construct(PdoDatabase $database)
+	{
+		parent::__construct($database, 'log', Log::class, 'timestamp DESC');
+	}
 
-    /**
-     * Initiates a search for requests
-     *
-     * @param PdoDatabase $database
-     *
-     * @return LogSearchHelper
-     */
-    public static function get(PdoDatabase $database)
-    {
-        $helper = new LogSearchHelper($database);
+	/**
+	 * Initiates a search for requests
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return LogSearchHelper
+	 */
+	public static function get(PdoDatabase $database)
+	{
+		$helper = new LogSearchHelper($database);
 
-        return $helper;
-    }
+		return $helper;
+	}
 
-    /**
-     * Filters the results by user
-     *
-     * @param int $userId
-     *
-     * @return $this
-     */
-    public function byUser($userId)
-    {
-        $this->whereClause .= ' AND user = ?';
-        $this->parameterList[] = $userId;
+	/**
+	 * Filters the results by user
+	 *
+	 * @param int $userId
+	 *
+	 * @return $this
+	 */
+	public function byUser($userId)
+	{
+		$this->whereClause .= ' AND user = ?';
+		$this->parameterList[] = $userId;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by log action
-     *
-     * @param string $action
-     *
-     * @return $this
-     */
-    public function byAction($action)
-    {
-        $this->whereClause .= ' AND action = ?';
-        $this->parameterList[] = $action;
+	/**
+	 * Filters the results by log action
+	 *
+	 * @param string $action
+	 *
+	 * @return $this
+	 */
+	public function byAction($action)
+	{
+		$this->whereClause .= ' AND action = ?';
+		$this->parameterList[] = $action;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param string $objectType
-     *
-     * @return $this
-     */
-    public function byObjectType($objectType)
-    {
-        $this->whereClause .= ' AND objecttype = ?';
-        $this->parameterList[] = $objectType;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param string $objectType
+	 *
+	 * @return $this
+	 */
+	public function byObjectType($objectType)
+	{
+		$this->whereClause .= ' AND objecttype = ?';
+		$this->parameterList[] = $objectType;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param integer $objectId
-     *
-     * @return $this
-     */
-    public function byObjectId($objectId)
-    {
-        $this->whereClause .= ' AND objectid = ?';
-        $this->parameterList[] = $objectId;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param integer $objectId
+	 *
+	 * @return $this
+	 */
+	public function byObjectId($objectId)
+	{
+		$this->whereClause .= ' AND objectid = ?';
+		$this->parameterList[] = $objectId;
 
-        return $this;
-    }
+		return $this;
+	}
 }
\ No newline at end of file

includes/Tasks/PageBase.php

Spacing +6 added lines, -6 removed lines

@@ -219,7 +219,7 @@ 
             $targetScriptName = $currentScriptName;
         }
         else {
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
+            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl().'/'.$script;
         }
 
         $pathInfo = array($targetScriptName);
@@ -233,7 +233,7 @@ 
         $url = implode('/', $pathInfo);
 
         if (is_array($parameters) && count($parameters) > 0) {
-            $url .= '?' . http_build_query($parameters);
+            $url .= '?'.http_build_query($parameters);
         }
 
         $this->redirectUrl($url);
@@ -278,7 +278,7 @@ 
      * @param string $path The path (relative to the application root) of the file
      */
     final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
+        if (in_array($path, $this->extraCss)) {
             // nothing to do
             return;
         }
@@ -291,8 +291,8 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
+    final protected function addJs($path) {
+        if (in_array($path, $this->extraJs)) {
             // nothing to do
             return;
         }
@@ -345,7 +345,7 @@ 
     protected function sendResponseHeaders()
     {
         if (headers_sent()) {
-            throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
+            throw new ApplicationLogicException('Headers have already been sent! This is likely a bug in the application.');
         }
 
         foreach ($this->headerQueue as $item) {

Braces +6 added lines, -4 removed lines

@@ -277,8 +277,9 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
+    final protected function addCss($path)
+    {
+        if(in_array($path, $this->extraCss)) {
             // nothing to do
             return;
         }
@@ -291,8 +292,9 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
+    final protected function addJs($path)
+    {
+        if(in_array($path, $this->extraJs)) {
             // nothing to do
             return;
         }

Indentation +349 added lines, -349 removed lines

@@ -21,353 +21,353 @@
 
 abstract class PageBase extends TaskBase implements IRoutedTask
 {
-    use TemplateOutput;
-    /** @var string Smarty template to display */
-    protected $template = "base.tpl";
-    /** @var string HTML title. Currently unused. */
-    protected $htmlTitle;
-    /** @var bool Determines if the page is a redirect or not */
-    protected $isRedirecting = false;
-    /** @var array Queue of headers to be sent on successful completion */
-    protected $headerQueue = array();
-    /** @var string The name of the route to use, as determined by the request router. */
-    private $routeName = null;
-    /** @var TokenManager */
-    protected $tokenManager;
-    /** @var string[] Extra CSS files to include */
-    private $extraCss = array();
-    /** @var string[] Extra JS files to include */
-    private $extraJs = array();
-
-    /**
-     * Sets the route the request will take. Only should be called from the request router or barrier test.
-     *
-     * @param string $routeName        The name of the route
-     * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function setRoute($routeName, $skipCallableTest = false)
-    {
-        // Test the new route is callable before adopting it.
-        if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
-            throw new Exception("Proposed route '$routeName' is not callable.");
-        }
-
-        // Adopt the new route
-        $this->routeName = $routeName;
-    }
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    final public function getRouteName()
-    {
-        return $this->routeName;
-    }
-
-    /**
-     * Performs generic page setup actions
-     */
-    final protected function setupPage()
-    {
-        $this->setUpSmarty();
-
-        $siteNoticeText = SiteNotice::get($this->getDatabase());
-
-        $this->assign('siteNoticeText', $siteNoticeText);
-
-        $currentUser = User::getCurrent($this->getDatabase());
-        $this->assign('currentUser', $currentUser);
-        $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
-    }
-
-    /**
-     * Runs the page logic as routed by the RequestRouter
-     *
-     * Only should be called after a security barrier! That means only from execute().
-     */
-    final protected function runPage()
-    {
-        $database = $this->getDatabase();
-
-        // initialise a database transaction
-        if (!$database->beginTransaction()) {
-            throw new Exception('Failed to start transaction on primary database.');
-        }
-
-        try {
-            // run the page code
-            $this->{$this->getRouteName()}();
-
-            $database->commit();
-        }
-        catch (ApplicationLogicException $ex) {
-            // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/application-logic.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        catch (OptimisticLockFailedException $ex) {
-            // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/optimistic-lock-failure.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            $this->assign('debugTrace', false);
-
-            if ($this->getSiteConfiguration()->getDebuggingTraceEnabled()) {
-                ob_start();
-                var_dump(ExceptionHandler::getExceptionData($ex));
-                $textErrorData = ob_get_contents();
-                ob_end_clean();
-
-                $this->assign('exceptionData', $textErrorData);
-                $this->assign('debugTrace', true);
-            }
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        finally {
-            // Catch any hanging on transactions
-            if ($database->hasActiveTransaction()) {
-                $database->rollBack();
-            }
-        }
-
-        // run any finalisation code needed before we send the output to the browser.
-        $this->finalisePage();
-
-        // Send the headers
-        $this->sendResponseHeaders();
-
-        // Check we have a template to use!
-        if ($this->template !== null) {
-            $content = $this->fetchTemplate($this->template);
-            ob_clean();
-            print($content);
-            ob_flush();
-
-            return;
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    protected function finalisePage()
-    {
-        if ($this->isRedirecting) {
-            $this->template = null;
-
-            return;
-        }
-
-        $this->assign('extraCss', $this->extraCss);
-        $this->assign('extraJs', $this->extraJs);
-
-        // If we're actually displaying content, we want to add the session alerts here!
-        $this->assign('alerts', SessionAlert::getAlerts());
-        SessionAlert::clearAlerts();
-
-        $this->assign('htmlTitle', $this->htmlTitle);
-    }
-
-    /**
-     * @return TokenManager
-     */
-    public function getTokenManager()
-    {
-        return $this->tokenManager;
-    }
-
-    /**
-     * @param TokenManager $tokenManager
-     */
-    public function setTokenManager($tokenManager)
-    {
-        $this->tokenManager = $tokenManager;
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the destination page.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string      $page   The page to redirect requests to (as used in the UR)
-     * @param null|string $action The action to use on the page.
-     * @param null|array  $parameters
-     * @param null|string $script The script (relative to index.php) to redirect to
-     */
-    final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
-    {
-        $currentScriptName = WebRequest::scriptName();
-
-        // Are we changing script?
-        if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
-            $targetScriptName = $currentScriptName;
-        }
-        else {
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
-        }
-
-        $pathInfo = array($targetScriptName);
-
-        $pathInfo[1] = $page;
-
-        if ($action !== null) {
-            $pathInfo[2] = $action;
-        }
-
-        $url = implode('/', $pathInfo);
-
-        if (is_array($parameters) && count($parameters) > 0) {
-            $url .= '?' . http_build_query($parameters);
-        }
-
-        $this->redirectUrl($url);
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the new address.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string $path URL to redirect to
-     */
-    final protected function redirectUrl($path)
-    {
-        // 303 See Other = re-request at new address with a GET.
-        $this->headerQueue[] = 'HTTP/1.1 303 See Other';
-        $this->headerQueue[] = "Location: $path";
-
-        $this->setTemplate(null);
-        $this->isRedirecting = true;
-    }
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     *
-     * @throws Exception
-     */
-    final protected function setTemplate($name)
-    {
-        if ($this->isRedirecting) {
-            throw new Exception('This page has been set as a redirect, no template can be displayed!');
-        }
-
-        $this->template = $name;
-    }
-
-    /**
-     * Adds an extra CSS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraCss[] = $path;
-    }
-
-    /**
-     * Adds an extra JS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraJs[] = $path;
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    abstract protected function main();
-
-    /**
-     * @param string $title
-     */
-    final protected function setHtmlTitle($title)
-    {
-        $this->htmlTitle = $title;
-    }
-
-    public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception('Request is unrouted.');
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception('Page has no configuration!');
-        }
-
-        $this->setupPage();
-
-        $this->runPage();
-    }
-
-    public function assignCSRFToken()
-    {
-        $token = $this->tokenManager->getNewToken();
-        $this->assign('csrfTokenData', $token->getTokenData());
-    }
-
-    public function validateCSRFToken()
-    {
-        if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
-            throw new ApplicationLogicException('Form token is not valid, please reload and try again');
-        }
-    }
-
-    protected function sendResponseHeaders()
-    {
-        if (headers_sent()) {
-            throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
-        }
-
-        foreach ($this->headerQueue as $item) {
-            if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
-                // Oops. We're not allowed to do this.
-                throw new Exception('Unable to split header');
-            }
-
-            header($item);
-        }
-    }
+	use TemplateOutput;
+	/** @var string Smarty template to display */
+	protected $template = "base.tpl";
+	/** @var string HTML title. Currently unused. */
+	protected $htmlTitle;
+	/** @var bool Determines if the page is a redirect or not */
+	protected $isRedirecting = false;
+	/** @var array Queue of headers to be sent on successful completion */
+	protected $headerQueue = array();
+	/** @var string The name of the route to use, as determined by the request router. */
+	private $routeName = null;
+	/** @var TokenManager */
+	protected $tokenManager;
+	/** @var string[] Extra CSS files to include */
+	private $extraCss = array();
+	/** @var string[] Extra JS files to include */
+	private $extraJs = array();
+
+	/**
+	 * Sets the route the request will take. Only should be called from the request router or barrier test.
+	 *
+	 * @param string $routeName        The name of the route
+	 * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function setRoute($routeName, $skipCallableTest = false)
+	{
+		// Test the new route is callable before adopting it.
+		if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
+			throw new Exception("Proposed route '$routeName' is not callable.");
+		}
+
+		// Adopt the new route
+		$this->routeName = $routeName;
+	}
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	final public function getRouteName()
+	{
+		return $this->routeName;
+	}
+
+	/**
+	 * Performs generic page setup actions
+	 */
+	final protected function setupPage()
+	{
+		$this->setUpSmarty();
+
+		$siteNoticeText = SiteNotice::get($this->getDatabase());
+
+		$this->assign('siteNoticeText', $siteNoticeText);
+
+		$currentUser = User::getCurrent($this->getDatabase());
+		$this->assign('currentUser', $currentUser);
+		$this->assign('loggedIn', (!$currentUser->isCommunityUser()));
+	}
+
+	/**
+	 * Runs the page logic as routed by the RequestRouter
+	 *
+	 * Only should be called after a security barrier! That means only from execute().
+	 */
+	final protected function runPage()
+	{
+		$database = $this->getDatabase();
+
+		// initialise a database transaction
+		if (!$database->beginTransaction()) {
+			throw new Exception('Failed to start transaction on primary database.');
+		}
+
+		try {
+			// run the page code
+			$this->{$this->getRouteName()}();
+
+			$database->commit();
+		}
+		catch (ApplicationLogicException $ex) {
+			// it's an application logic exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/application-logic.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		catch (OptimisticLockFailedException $ex) {
+			// it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/optimistic-lock-failure.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			$this->assign('debugTrace', false);
+
+			if ($this->getSiteConfiguration()->getDebuggingTraceEnabled()) {
+				ob_start();
+				var_dump(ExceptionHandler::getExceptionData($ex));
+				$textErrorData = ob_get_contents();
+				ob_end_clean();
+
+				$this->assign('exceptionData', $textErrorData);
+				$this->assign('debugTrace', true);
+			}
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		finally {
+			// Catch any hanging on transactions
+			if ($database->hasActiveTransaction()) {
+				$database->rollBack();
+			}
+		}
+
+		// run any finalisation code needed before we send the output to the browser.
+		$this->finalisePage();
+
+		// Send the headers
+		$this->sendResponseHeaders();
+
+		// Check we have a template to use!
+		if ($this->template !== null) {
+			$content = $this->fetchTemplate($this->template);
+			ob_clean();
+			print($content);
+			ob_flush();
+
+			return;
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	protected function finalisePage()
+	{
+		if ($this->isRedirecting) {
+			$this->template = null;
+
+			return;
+		}
+
+		$this->assign('extraCss', $this->extraCss);
+		$this->assign('extraJs', $this->extraJs);
+
+		// If we're actually displaying content, we want to add the session alerts here!
+		$this->assign('alerts', SessionAlert::getAlerts());
+		SessionAlert::clearAlerts();
+
+		$this->assign('htmlTitle', $this->htmlTitle);
+	}
+
+	/**
+	 * @return TokenManager
+	 */
+	public function getTokenManager()
+	{
+		return $this->tokenManager;
+	}
+
+	/**
+	 * @param TokenManager $tokenManager
+	 */
+	public function setTokenManager($tokenManager)
+	{
+		$this->tokenManager = $tokenManager;
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the destination page.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string      $page   The page to redirect requests to (as used in the UR)
+	 * @param null|string $action The action to use on the page.
+	 * @param null|array  $parameters
+	 * @param null|string $script The script (relative to index.php) to redirect to
+	 */
+	final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
+	{
+		$currentScriptName = WebRequest::scriptName();
+
+		// Are we changing script?
+		if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
+			$targetScriptName = $currentScriptName;
+		}
+		else {
+			$targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
+		}
+
+		$pathInfo = array($targetScriptName);
+
+		$pathInfo[1] = $page;
+
+		if ($action !== null) {
+			$pathInfo[2] = $action;
+		}
+
+		$url = implode('/', $pathInfo);
+
+		if (is_array($parameters) && count($parameters) > 0) {
+			$url .= '?' . http_build_query($parameters);
+		}
+
+		$this->redirectUrl($url);
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the new address.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string $path URL to redirect to
+	 */
+	final protected function redirectUrl($path)
+	{
+		// 303 See Other = re-request at new address with a GET.
+		$this->headerQueue[] = 'HTTP/1.1 303 See Other';
+		$this->headerQueue[] = "Location: $path";
+
+		$this->setTemplate(null);
+		$this->isRedirecting = true;
+	}
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 *
+	 * @throws Exception
+	 */
+	final protected function setTemplate($name)
+	{
+		if ($this->isRedirecting) {
+			throw new Exception('This page has been set as a redirect, no template can be displayed!');
+		}
+
+		$this->template = $name;
+	}
+
+	/**
+	 * Adds an extra CSS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addCss($path) {
+		if(in_array($path, $this->extraCss)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraCss[] = $path;
+	}
+
+	/**
+	 * Adds an extra JS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addJs($path){
+		if(in_array($path, $this->extraJs)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraJs[] = $path;
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	abstract protected function main();
+
+	/**
+	 * @param string $title
+	 */
+	final protected function setHtmlTitle($title)
+	{
+		$this->htmlTitle = $title;
+	}
+
+	public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception('Request is unrouted.');
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception('Page has no configuration!');
+		}
+
+		$this->setupPage();
+
+		$this->runPage();
+	}
+
+	public function assignCSRFToken()
+	{
+		$token = $this->tokenManager->getNewToken();
+		$this->assign('csrfTokenData', $token->getTokenData());
+	}
+
+	public function validateCSRFToken()
+	{
+		if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
+			throw new ApplicationLogicException('Form token is not valid, please reload and try again');
+		}
+	}
+
+	protected function sendResponseHeaders()
+	{
+		if (headers_sent()) {
+			throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
+		}
+
+		foreach ($this->headerQueue as $item) {
+			if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
+				// Oops. We're not allowed to do this.
+				throw new Exception('Unable to split header');
+			}
+
+			header($item);
+		}
+	}
 }

includes/IdentificationVerifier.php

Braces +2 added lines, -1 removed lines

@@ -187,7 +187,8 @@
             $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
             $response = $this->httpHelper->get($endpoint, $parameters);
             $response = json_decode($response, true);
-        } catch (CurlException $ex) {
+        }
+        catch (CurlException $ex) {
             // failed getting identification status, so throw a nicer error.
             $m = 'Could not contact metawiki API to determine user\' identification status. '
                 . 'This is probably a transient error, so please try again.';

Indentation +160 added lines, -160 removed lines

@@ -26,133 +26,133 @@ 
  */
 class IdentificationVerifier
 {
-    /**
-     * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
-     * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
-     * of these values is *not* necessary; this is done automatically.
-     *
-     * @var string[]
-     * @category Security-Critical
-     */
-    private static $apiQueryParameters = array(
-        'action'   => 'query',
-        'format'   => 'json',
-        'prop'     => 'links',
-        // Populated from SiteConfiguration->getIdentificationNoticeboardPage
-        'titles'   => '',
-        // Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
-        'pltitles' => '',
-    );
-    /** @var HttpHelper */
-    private $httpHelper;
-    /** @var SiteConfiguration */
-    private $siteConfiguration;
-    /** @var PdoDatabase */
-    private $dbObject;
-
-    /**
-     * IdentificationVerifier constructor.
-     *
-     * @param HttpHelper        $httpHelper
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     */
-    public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $this->httpHelper = $httpHelper;
-        $this->siteConfiguration = $siteConfiguration;
-        $this->dbObject = $dbObject;
-    }
-
-    /**
-     * Checks if the given user is identified to the Wikimedia Foundation.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     * @throws EnvironmentException
-     */
-    public function isUserIdentified($onWikiName)
-    {
-        if ($this->checkIdentificationCache($onWikiName)) {
-            return true;
-        }
-        else {
-            if ($this->isIdentifiedOnWiki($onWikiName)) {
-                $this->cacheIdentificationStatus($onWikiName);
-
-                return true;
-            }
-            else {
-                return false;
-            }
-        }
-    }
-
-    /**
-     * Checks if the given user has a valid entry in the idcache table.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    private function checkIdentificationCache($onWikiName)
-    {
-        $interval = $this->siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+	/**
+	 * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
+	 * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
+	 * of these values is *not* necessary; this is done automatically.
+	 *
+	 * @var string[]
+	 * @category Security-Critical
+	 */
+	private static $apiQueryParameters = array(
+		'action'   => 'query',
+		'format'   => 'json',
+		'prop'     => 'links',
+		// Populated from SiteConfiguration->getIdentificationNoticeboardPage
+		'titles'   => '',
+		// Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
+		'pltitles' => '',
+	);
+	/** @var HttpHelper */
+	private $httpHelper;
+	/** @var SiteConfiguration */
+	private $siteConfiguration;
+	/** @var PdoDatabase */
+	private $dbObject;
+
+	/**
+	 * IdentificationVerifier constructor.
+	 *
+	 * @param HttpHelper        $httpHelper
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 */
+	public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$this->httpHelper = $httpHelper;
+		$this->siteConfiguration = $siteConfiguration;
+		$this->dbObject = $dbObject;
+	}
+
+	/**
+	 * Checks if the given user is identified to the Wikimedia Foundation.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 * @throws EnvironmentException
+	 */
+	public function isUserIdentified($onWikiName)
+	{
+		if ($this->checkIdentificationCache($onWikiName)) {
+			return true;
+		}
+		else {
+			if ($this->isIdentifiedOnWiki($onWikiName)) {
+				$this->cacheIdentificationStatus($onWikiName);
+
+				return true;
+			}
+			else {
+				return false;
+			}
+		}
+	}
+
+	/**
+	 * Checks if the given user has a valid entry in the idcache table.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	private function checkIdentificationCache($onWikiName)
+	{
+		$interval = $this->siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			SELECT COUNT(`id`)
 			FROM `idcache`
 			WHERE `onwikiusername` = :onwikiname
 				AND DATE_ADD(`checktime`, INTERVAL {$interval}) >= NOW();
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-
-        // Guaranteed by the query to only return a single row with a single column
-        $results = $stmt->fetch(PDO::FETCH_NUM);
-
-        // I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
-        // unique key - but meh.
-        return $results[0] != 0;
-    }
-
-    /**
-     * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
-     * idcache table.  Meant to be called periodically by a maintenance script.
-     *
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     *
-     * @return void
-     */
-    public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $interval = $siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+
+		// Guaranteed by the query to only return a single row with a single column
+		$results = $stmt->fetch(PDO::FETCH_NUM);
+
+		// I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
+		// unique key - but meh.
+		return $results[0] != 0;
+	}
+
+	/**
+	 * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
+	 * idcache table.  Meant to be called periodically by a maintenance script.
+	 *
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 *
+	 * @return void
+	 */
+	public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$interval = $siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			DELETE FROM `idcache`
 			WHERE DATE_ADD(`checktime`, INTERVAL {$interval}) < NOW();
 SQL;
-        $dbObject->prepare($query)->execute();
-    }
-
-    /**
-     * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
-     * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
-     * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return void
-     * @category Security-Critical
-     */
-    private function cacheIdentificationStatus($onWikiName)
-    {
-        $query = <<<SQL
+		$dbObject->prepare($query)->execute();
+	}
+
+	/**
+	 * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
+	 * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
+	 * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return void
+	 * @category Security-Critical
+	 */
+	private function cacheIdentificationStatus($onWikiName)
+	{
+		$query = <<<SQL
 			INSERT INTO `idcache`
 				(`onwikiusername`)
 			VALUES
@@ -161,45 +161,45 @@ 
 				`onwikiusername` = VALUES(`onwikiusername`),
 				`checktime` = CURRENT_TIMESTAMP;
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-    }
-
-    /**
-     * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @throws EnvironmentException
-     * @category Security-Critical
-     */
-    private function isIdentifiedOnWiki($onWikiName)
-    {
-        $strings = new StringFunctions();
-
-        // First character of Wikipedia usernames is always capitalized.
-        $onWikiName = $strings->ucfirst($onWikiName);
-
-        $parameters = self::$apiQueryParameters;
-        $parameters['pltitles'] = "User:" . $onWikiName;
-        $parameters['titles'] = $this->siteConfiguration->getIdentificationNoticeboardPage();
-
-        try {
-            $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
-            $response = $this->httpHelper->get($endpoint, $parameters);
-            $response = json_decode($response, true);
-        } catch (CurlException $ex) {
-            // failed getting identification status, so throw a nicer error.
-            $m = 'Could not contact metawiki API to determine user\' identification status. '
-                . 'This is probably a transient error, so please try again.';
-
-            throw new EnvironmentException($m, 0, $ex);
-        }
-
-        $page = @array_pop($response['query']['pages']);
-
-        return @$page['links'][0]['title'] === "User:" . $onWikiName;
-    }
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+	}
+
+	/**
+	 * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 * @category Security-Critical
+	 */
+	private function isIdentifiedOnWiki($onWikiName)
+	{
+		$strings = new StringFunctions();
+
+		// First character of Wikipedia usernames is always capitalized.
+		$onWikiName = $strings->ucfirst($onWikiName);
+
+		$parameters = self::$apiQueryParameters;
+		$parameters['pltitles'] = "User:" . $onWikiName;
+		$parameters['titles'] = $this->siteConfiguration->getIdentificationNoticeboardPage();
+
+		try {
+			$endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
+			$response = $this->httpHelper->get($endpoint, $parameters);
+			$response = json_decode($response, true);
+		} catch (CurlException $ex) {
+			// failed getting identification status, so throw a nicer error.
+			$m = 'Could not contact metawiki API to determine user\' identification status. '
+				. 'This is probably a transient error, so please try again.';
+
+			throw new EnvironmentException($m, 0, $ex);
+		}
+
+		$page = @array_pop($response['query']['pages']);
+
+		return @$page['links'][0]['title'] === "User:" . $onWikiName;
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -183,7 +183,7 @@ 
         $onWikiName = $strings->ucfirst($onWikiName);
 
         $parameters = self::$apiQueryParameters;
-        $parameters['pltitles'] = "User:" . $onWikiName;
+        $parameters['pltitles'] = "User:".$onWikiName;
         $parameters['titles'] = $this->siteConfiguration->getIdentificationNoticeboardPage();
 
         try {
@@ -200,6 +200,6 @@ 
 
         $page = @array_pop($response['query']['pages']);
 
-        return @$page['links'][0]['title'] === "User:" . $onWikiName;
+        return @$page['links'][0]['title'] === "User:".$onWikiName;
     }
 }

includes/Security/SecurityManager.php

Indentation +196 added lines, -196 removed lines

@@ -14,200 +14,200 @@
 
 final class SecurityManager
 {
-    const ALLOWED = 1;
-    const ERROR_NOT_IDENTIFIED = 2;
-    const ERROR_DENIED = 3;
-    /** @var IdentificationVerifier */
-    private $identificationVerifier;
-    /**
-     * @var RoleConfiguration
-     */
-    private $roleConfiguration;
-
-    /**
-     * SecurityManager constructor.
-     *
-     * @param IdentificationVerifier $identificationVerifier
-     * @param RoleConfiguration      $roleConfiguration
-     */
-    public function __construct(
-        IdentificationVerifier $identificationVerifier,
-        RoleConfiguration $roleConfiguration
-    ) {
-        $this->identificationVerifier = $identificationVerifier;
-        $this->roleConfiguration = $roleConfiguration;
-    }
-
-    /**
-     * Tests if a user is allowed to perform an action.
-     *
-     * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
-     * that a user should have access to something.
-     *
-     * @param string $page
-     * @param string $route
-     * @param User   $user
-     *
-     * @return int
-     *
-     * @category Security-Critical
-     */
-    public function allows($page, $route, User $user)
-    {
-        $this->getActiveRoles($user, $activeRoles, $inactiveRoles);
-
-        $availableRights = $this->flattenRoles($activeRoles);
-        $testResult = $this->findResult($availableRights, $page, $route);
-
-        if ($testResult !== null) {
-            // We got a firm result here, so just return it.
-            return $testResult;
-        }
-
-        // No firm result yet, so continue testing the inactive roles so we can give a better error.
-        $inactiveRights = $this->flattenRoles($inactiveRoles);
-        $testResult = $this->findResult($inactiveRights, $page, $route);
-
-        if ($testResult === self::ALLOWED) {
-            // The user is allowed to access this, but their role is inactive.
-            return self::ERROR_NOT_IDENTIFIED;
-        }
-
-        // Other options from the secondary test are denied and inconclusive, which at this point defaults to denied.
-        return self::ERROR_DENIED;
-    }
-
-    /**
-     * @param array  $pseudoRole The role (flattened) to check
-     * @param string $page       The page class to check
-     * @param string $route      The page route to check
-     *
-     * @return int|null
-     */
-    private function findResult($pseudoRole, $page, $route)
-    {
-        if (isset($pseudoRole[$page])) {
-            // check for deny on catch-all route
-            if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
-                if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_DENY) {
-                    return self::ERROR_DENIED;
-                }
-            }
-
-            // check normal route
-            if (isset($pseudoRole[$page][$route])) {
-                if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_DENY) {
-                    return self::ERROR_DENIED;
-                }
-
-                if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_ALLOW) {
-                    return self::ALLOWED;
-                }
-            }
-
-            // check for allowed on catch-all route
-            if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
-                if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_ALLOW) {
-                    return self::ALLOWED;
-                }
-            }
-        }
-
-        // return indeterminate result
-        return null;
-    }
-
-    /**
-     * Takes an array of roles and flattens the values to a single set.
-     *
-     * @param array $activeRoles
-     *
-     * @return array
-     */
-    private function flattenRoles($activeRoles)
-    {
-        $result = array();
-
-        $roleConfig = $this->roleConfiguration->getApplicableRoles($activeRoles);
-
-        // Iterate over every page in every role
-        foreach ($roleConfig as $role) {
-            foreach ($role as $page => $pageRights) {
-                // Create holder in result for this page
-                if (!isset($result[$page])) {
-                    $result[$page] = array();
-                }
-
-                foreach ($pageRights as $action => $permission) {
-                    // Deny takes precedence, so if it's set, don't change it.
-                    if (isset($result[$page][$action])) {
-                        if ($result[$page][$action] === RoleConfiguration::ACCESS_DENY) {
-                            continue;
-                        }
-                    }
-
-                    if ($permission === RoleConfiguration::ACCESS_DEFAULT) {
-                        // Configured to do precisely nothing.
-                        continue;
-                    }
-
-                    $result[$page][$action] = $permission;
-                }
-            }
-        }
-
-        return $result;
-    }
-
-    /**
-     * @param User  $user
-     * @param array $activeRoles
-     * @param array $inactiveRoles
-     */
-    public function getActiveRoles(User $user, &$activeRoles, &$inactiveRoles)
-    {
-        // Default to the community user here, because the main user is logged out
-        $identified = false;
-        $userRoles = array('public');
-
-        // if we're not the community user, get our real rights.
-        if (!$user->isCommunityUser()) {
-            // Check the user's status - only active users are allowed the effects of roles
-
-            $userRoles[] = 'loggedIn';
-
-            if ($user->isActive()) {
-                $ur = UserRole::getForUser($user->getId(), $user->getDatabase());
-
-                // NOTE: public is still in this array.
-                foreach ($ur as $r) {
-                    $userRoles[] = $r->getRole();
-                }
-
-                $identified = $user->isIdentified($this->identificationVerifier);
-            }
-        }
-
-        $activeRoles = array();
-        $inactiveRoles = array();
-
-        /** @var string $v */
-        foreach ($userRoles as $v) {
-            if ($this->roleConfiguration->roleNeedsIdentification($v)) {
-                if ($identified) {
-                    $activeRoles[] = $v;
-                }
-                else {
-                    $inactiveRoles[] = $v;
-                }
-            }
-            else {
-                $activeRoles[] = $v;
-            }
-        }
-    }
-
-    public function getRoleConfiguration(){
-        return $this->roleConfiguration;
-    }
+	const ALLOWED = 1;
+	const ERROR_NOT_IDENTIFIED = 2;
+	const ERROR_DENIED = 3;
+	/** @var IdentificationVerifier */
+	private $identificationVerifier;
+	/**
+	 * @var RoleConfiguration
+	 */
+	private $roleConfiguration;
+
+	/**
+	 * SecurityManager constructor.
+	 *
+	 * @param IdentificationVerifier $identificationVerifier
+	 * @param RoleConfiguration      $roleConfiguration
+	 */
+	public function __construct(
+		IdentificationVerifier $identificationVerifier,
+		RoleConfiguration $roleConfiguration
+	) {
+		$this->identificationVerifier = $identificationVerifier;
+		$this->roleConfiguration = $roleConfiguration;
+	}
+
+	/**
+	 * Tests if a user is allowed to perform an action.
+	 *
+	 * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
+	 * that a user should have access to something.
+	 *
+	 * @param string $page
+	 * @param string $route
+	 * @param User   $user
+	 *
+	 * @return int
+	 *
+	 * @category Security-Critical
+	 */
+	public function allows($page, $route, User $user)
+	{
+		$this->getActiveRoles($user, $activeRoles, $inactiveRoles);
+
+		$availableRights = $this->flattenRoles($activeRoles);
+		$testResult = $this->findResult($availableRights, $page, $route);
+
+		if ($testResult !== null) {
+			// We got a firm result here, so just return it.
+			return $testResult;
+		}
+
+		// No firm result yet, so continue testing the inactive roles so we can give a better error.
+		$inactiveRights = $this->flattenRoles($inactiveRoles);
+		$testResult = $this->findResult($inactiveRights, $page, $route);
+
+		if ($testResult === self::ALLOWED) {
+			// The user is allowed to access this, but their role is inactive.
+			return self::ERROR_NOT_IDENTIFIED;
+		}
+
+		// Other options from the secondary test are denied and inconclusive, which at this point defaults to denied.
+		return self::ERROR_DENIED;
+	}
+
+	/**
+	 * @param array  $pseudoRole The role (flattened) to check
+	 * @param string $page       The page class to check
+	 * @param string $route      The page route to check
+	 *
+	 * @return int|null
+	 */
+	private function findResult($pseudoRole, $page, $route)
+	{
+		if (isset($pseudoRole[$page])) {
+			// check for deny on catch-all route
+			if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
+				if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_DENY) {
+					return self::ERROR_DENIED;
+				}
+			}
+
+			// check normal route
+			if (isset($pseudoRole[$page][$route])) {
+				if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_DENY) {
+					return self::ERROR_DENIED;
+				}
+
+				if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_ALLOW) {
+					return self::ALLOWED;
+				}
+			}
+
+			// check for allowed on catch-all route
+			if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
+				if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_ALLOW) {
+					return self::ALLOWED;
+				}
+			}
+		}
+
+		// return indeterminate result
+		return null;
+	}
+
+	/**
+	 * Takes an array of roles and flattens the values to a single set.
+	 *
+	 * @param array $activeRoles
+	 *
+	 * @return array
+	 */
+	private function flattenRoles($activeRoles)
+	{
+		$result = array();
+
+		$roleConfig = $this->roleConfiguration->getApplicableRoles($activeRoles);
+
+		// Iterate over every page in every role
+		foreach ($roleConfig as $role) {
+			foreach ($role as $page => $pageRights) {
+				// Create holder in result for this page
+				if (!isset($result[$page])) {
+					$result[$page] = array();
+				}
+
+				foreach ($pageRights as $action => $permission) {
+					// Deny takes precedence, so if it's set, don't change it.
+					if (isset($result[$page][$action])) {
+						if ($result[$page][$action] === RoleConfiguration::ACCESS_DENY) {
+							continue;
+						}
+					}
+
+					if ($permission === RoleConfiguration::ACCESS_DEFAULT) {
+						// Configured to do precisely nothing.
+						continue;
+					}
+
+					$result[$page][$action] = $permission;
+				}
+			}
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @param User  $user
+	 * @param array $activeRoles
+	 * @param array $inactiveRoles
+	 */
+	public function getActiveRoles(User $user, &$activeRoles, &$inactiveRoles)
+	{
+		// Default to the community user here, because the main user is logged out
+		$identified = false;
+		$userRoles = array('public');
+
+		// if we're not the community user, get our real rights.
+		if (!$user->isCommunityUser()) {
+			// Check the user's status - only active users are allowed the effects of roles
+
+			$userRoles[] = 'loggedIn';
+
+			if ($user->isActive()) {
+				$ur = UserRole::getForUser($user->getId(), $user->getDatabase());
+
+				// NOTE: public is still in this array.
+				foreach ($ur as $r) {
+					$userRoles[] = $r->getRole();
+				}
+
+				$identified = $user->isIdentified($this->identificationVerifier);
+			}
+		}
+
+		$activeRoles = array();
+		$inactiveRoles = array();
+
+		/** @var string $v */
+		foreach ($userRoles as $v) {
+			if ($this->roleConfiguration->roleNeedsIdentification($v)) {
+				if ($identified) {
+					$activeRoles[] = $v;
+				}
+				else {
+					$inactiveRoles[] = $v;
+				}
+			}
+			else {
+				$activeRoles[] = $v;
+			}
+		}
+	}
+
+	public function getRoleConfiguration(){
+		return $this->roleConfiguration;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -207,7 +207,7 @@
         }
     }
 
-    public function getRoleConfiguration(){
+    public function getRoleConfiguration() {
         return $this->roleConfiguration;
     }
 }

Braces +2 added lines, -1 removed lines

@@ -207,7 +207,8 @@
         }
     }
 
-    public function getRoleConfiguration(){
+    public function getRoleConfiguration()
+    {
         return $this->roleConfiguration;
     }
 }

includes/Tasks/InternalPageBase.php

Indentation +221 added lines, -221 removed lines

@@ -22,225 +22,225 @@
 
 abstract class InternalPageBase extends PageBase
 {
-    use NavigationMenuAccessControl;
-
-    /** @var IdentificationVerifier */
-    private $identificationVerifier;
-    /** @var ITypeAheadHelper */
-    private $typeAheadHelper;
-    /** @var SecurityManager */
-    private $securityManager;
-    /** @var IBlacklistHelper */
-    private $blacklistHelper;
-
-    /**
-     * @return ITypeAheadHelper
-     */
-    public function getTypeAheadHelper()
-    {
-        return $this->typeAheadHelper;
-    }
-
-    /**
-     * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
-     *
-     * @param IdentificationVerifier $identificationVerifier
-     *
-     * @return void
-     */
-    public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
-    {
-        $this->identificationVerifier = $identificationVerifier;
-    }
-
-    /**
-     * @param ITypeAheadHelper $typeAheadHelper
-     */
-    public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
-    {
-        $this->typeAheadHelper = $typeAheadHelper;
-    }
-
-    /**
-     * Runs the page code
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception("Request is unrouted.");
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception("Page has no configuration!");
-        }
-
-        $this->setupPage();
-
-        $this->touchUserLastActive();
-
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Hey, this is also a security barrier, in addition to the below. Separated out for readability.
-        if (!$this->isProtectedPage()) {
-            // This page is /not/ a protected page, as such we can just run it.
-            $this->runPage();
-
-            return;
-        }
-
-        // Security barrier.
-        //
-        // This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
-        // away for us
-        $securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
-        if ($securityResult === SecurityManager::ALLOWED) {
-            // We're allowed to run the page, so let's run it.
-            $this->runPage();
-        }
-        else {
-            $this->handleAccessDenied($securityResult);
-
-            // Send the headers
-            $this->sendResponseHeaders();
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    final public function finalisePage()
-    {
-        parent::finalisePage();
-
-        $this->assign('typeAheadBlock', $this->getTypeAheadHelper()->getTypeAheadScriptBlock());
-
-        $database = $this->getDatabase();
-
-        $currentUser = User::getCurrent($database);
-        if (!$currentUser->isCommunityUser()) {
-            $sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
-            $statement = $database->query($sql);
-            $activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
-            $this->assign('onlineusers', $activeUsers);
-        }
-
-        $this->setupNavMenuAccess($currentUser);
-    }
-
-    /**
-     * Configures whether the page respects roles or not. You probably want this to return true.
-     *
-     * Set to false for public pages. You probably want this to return true.
-     *
-     * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
-     * on this page, so you probably want this to return true.
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isProtectedPage()
-    {
-        return true;
-    }
-
-    protected function handleAccessDenied($denyReason)
-    {
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        // Not allowed to access this resource.
-        // Firstly, let's check if we're even logged in.
-        if ($currentUser->isCommunityUser()) {
-            // Not logged in, redirect to login page
-            WebRequest::setPostLoginRedirect();
-            $this->redirect("login");
-
-            return;
-        }
-        else {
-            // Decide whether this was a rights failure, or an identification failure.
-
-            if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
-                // Not identified
-                throw new NotIdentifiedException($this->getSecurityManager());
-            }
-            elseif ($denyReason === SecurityManager::ERROR_DENIED) {
-                // Nope, plain old access denied
-                throw new AccessDeniedException($this->getSecurityManager());
-            }
-            else {
-                throw new Exception('Unknown response from security manager.');
-            }
-        }
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    final public function barrierTest($action, User $user, $pageName = null)
-    {
-        $page = get_called_class();
-        if ($pageName !== null) {
-            $page = $pageName;
-        }
-
-        $securityResult = $this->getSecurityManager()->allows($page, $action, $user);
-
-        return $securityResult === SecurityManager::ALLOWED;
-    }
-
-    /**
-     * Updates the lastactive timestamp
-     */
-    private function touchUserLastActive()
-    {
-        if (WebRequest::getSessionUserId() !== null) {
-            $query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
-            $this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
-        }
-    }
-
-    /**
-     * @return SecurityManager
-     */
-    public function getSecurityManager()
-    {
-        return $this->securityManager;
-    }
-
-    /**
-     * @param SecurityManager $securityManager
-     */
-    public function setSecurityManager(SecurityManager $securityManager)
-    {
-        $this->securityManager = $securityManager;
-    }
-
-    /**
-     * @return IBlacklistHelper
-     */
-    public function getBlacklistHelper()
-    {
-        return $this->blacklistHelper;
-    }
-
-    /**
-     * @param IBlacklistHelper $blacklistHelper
-     */
-    public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
-    {
-        $this->blacklistHelper = $blacklistHelper;
-    }
+	use NavigationMenuAccessControl;
+
+	/** @var IdentificationVerifier */
+	private $identificationVerifier;
+	/** @var ITypeAheadHelper */
+	private $typeAheadHelper;
+	/** @var SecurityManager */
+	private $securityManager;
+	/** @var IBlacklistHelper */
+	private $blacklistHelper;
+
+	/**
+	 * @return ITypeAheadHelper
+	 */
+	public function getTypeAheadHelper()
+	{
+		return $this->typeAheadHelper;
+	}
+
+	/**
+	 * Sets up the internal IdentificationVerifier instance.  Intended to be called from WebStart::setupHelpers().
+	 *
+	 * @param IdentificationVerifier $identificationVerifier
+	 *
+	 * @return void
+	 */
+	public function setIdentificationVerifier(IdentificationVerifier $identificationVerifier)
+	{
+		$this->identificationVerifier = $identificationVerifier;
+	}
+
+	/**
+	 * @param ITypeAheadHelper $typeAheadHelper
+	 */
+	public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
+	{
+		$this->typeAheadHelper = $typeAheadHelper;
+	}
+
+	/**
+	 * Runs the page code
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception("Request is unrouted.");
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception("Page has no configuration!");
+		}
+
+		$this->setupPage();
+
+		$this->touchUserLastActive();
+
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Hey, this is also a security barrier, in addition to the below. Separated out for readability.
+		if (!$this->isProtectedPage()) {
+			// This page is /not/ a protected page, as such we can just run it.
+			$this->runPage();
+
+			return;
+		}
+
+		// Security barrier.
+		//
+		// This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
+		// away for us
+		$securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
+		if ($securityResult === SecurityManager::ALLOWED) {
+			// We're allowed to run the page, so let's run it.
+			$this->runPage();
+		}
+		else {
+			$this->handleAccessDenied($securityResult);
+
+			// Send the headers
+			$this->sendResponseHeaders();
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	final public function finalisePage()
+	{
+		parent::finalisePage();
+
+		$this->assign('typeAheadBlock', $this->getTypeAheadHelper()->getTypeAheadScriptBlock());
+
+		$database = $this->getDatabase();
+
+		$currentUser = User::getCurrent($database);
+		if (!$currentUser->isCommunityUser()) {
+			$sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
+			$statement = $database->query($sql);
+			$activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
+			$this->assign('onlineusers', $activeUsers);
+		}
+
+		$this->setupNavMenuAccess($currentUser);
+	}
+
+	/**
+	 * Configures whether the page respects roles or not. You probably want this to return true.
+	 *
+	 * Set to false for public pages. You probably want this to return true.
+	 *
+	 * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
+	 * on this page, so you probably want this to return true.
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isProtectedPage()
+	{
+		return true;
+	}
+
+	protected function handleAccessDenied($denyReason)
+	{
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		// Not allowed to access this resource.
+		// Firstly, let's check if we're even logged in.
+		if ($currentUser->isCommunityUser()) {
+			// Not logged in, redirect to login page
+			WebRequest::setPostLoginRedirect();
+			$this->redirect("login");
+
+			return;
+		}
+		else {
+			// Decide whether this was a rights failure, or an identification failure.
+
+			if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
+				// Not identified
+				throw new NotIdentifiedException($this->getSecurityManager());
+			}
+			elseif ($denyReason === SecurityManager::ERROR_DENIED) {
+				// Nope, plain old access denied
+				throw new AccessDeniedException($this->getSecurityManager());
+			}
+			else {
+				throw new Exception('Unknown response from security manager.');
+			}
+		}
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	final public function barrierTest($action, User $user, $pageName = null)
+	{
+		$page = get_called_class();
+		if ($pageName !== null) {
+			$page = $pageName;
+		}
+
+		$securityResult = $this->getSecurityManager()->allows($page, $action, $user);
+
+		return $securityResult === SecurityManager::ALLOWED;
+	}
+
+	/**
+	 * Updates the lastactive timestamp
+	 */
+	private function touchUserLastActive()
+	{
+		if (WebRequest::getSessionUserId() !== null) {
+			$query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
+			$this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
+		}
+	}
+
+	/**
+	 * @return SecurityManager
+	 */
+	public function getSecurityManager()
+	{
+		return $this->securityManager;
+	}
+
+	/**
+	 * @param SecurityManager $securityManager
+	 */
+	public function setSecurityManager(SecurityManager $securityManager)
+	{
+		$this->securityManager = $securityManager;
+	}
+
+	/**
+	 * @return IBlacklistHelper
+	 */
+	public function getBlacklistHelper()
+	{
+		return $this->blacklistHelper;
+	}
+
+	/**
+	 * @param IBlacklistHelper $blacklistHelper
+	 */
+	public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
+	{
+		$this->blacklistHelper = $blacklistHelper;
+	}
 }

includes/Exceptions/AccessDeniedException.php

Indentation +85 added lines, -85 removed lines

@@ -26,89 +26,89 @@
  */
 class AccessDeniedException extends ReadableException
 {
-    use NavigationMenuAccessControl;
-
-    /**
-     * @var SecurityManager
-     */
-    private $securityManager;
-
-    /**
-     * AccessDeniedException constructor.
-     *
-     * @param SecurityManager $securityManager
-     */
-    public function __construct(SecurityManager $securityManager = null)
-    {
-        $this->securityManager = $securityManager;
-    }
-
-    public function getReadableError()
-    {
-        if (!headers_sent()) {
-            header("HTTP/1.1 403 Forbidden");
-        }
-
-        $this->setUpSmarty();
-
-        // uck. We should still be able to access the database in this situation though.
-        $database = PdoDatabase::getDatabaseConnection('acc');
-        $currentUser = User::getCurrent($database);
-        $this->assign('currentUser', $currentUser);
-        $this->assign("loggedIn", (!$currentUser->isCommunityUser()));
-
-        if($this->securityManager !== null) {
-            $this->setupNavMenuAccess($currentUser);
-        }
-
-        if ($currentUser->isDeclined()) {
-            $this->assign('htmlTitle', 'Account Declined');
-            $this->assign('declineReason', $this->getLogEntry('Declined', $currentUser, $database));
-
-            return $this->fetchTemplate("exception/account-declined.tpl");
-        }
-
-        if ($currentUser->isSuspended()) {
-            $this->assign('htmlTitle', 'Account Suspended');
-            $this->assign('suspendReason', $this->getLogEntry('Suspended', $currentUser, $database));
-
-            return $this->fetchTemplate("exception/account-suspended.tpl");
-        }
-
-        if ($currentUser->isNewUser()) {
-            $this->assign('htmlTitle', 'Account Pending');
-
-            return $this->fetchTemplate("exception/account-new.tpl");
-        }
-
-        return $this->fetchTemplate("exception/access-denied.tpl");
-    }
-
-    /**
-     * @param string      $action
-     * @param User        $user
-     * @param PdoDatabase $database
-     *
-     * @return null|string
-     */
-    private function getLogEntry($action, User $user, PdoDatabase $database)
-    {
-        /** @var Log[] $logs */
-        $logs = LogSearchHelper::get($database)
-            ->byAction($action)
-            ->byObjectType('User')
-            ->byObjectId($user->getId())
-            ->limit(1)
-            ->fetch();
-
-        return $logs[0]->getComment();
-    }
-
-    /**
-     * @return SecurityManager
-     */
-    protected function getSecurityManager()
-    {
-        return $this->securityManager;
-    }
+	use NavigationMenuAccessControl;
+
+	/**
+	 * @var SecurityManager
+	 */
+	private $securityManager;
+
+	/**
+	 * AccessDeniedException constructor.
+	 *
+	 * @param SecurityManager $securityManager
+	 */
+	public function __construct(SecurityManager $securityManager = null)
+	{
+		$this->securityManager = $securityManager;
+	}
+
+	public function getReadableError()
+	{
+		if (!headers_sent()) {
+			header("HTTP/1.1 403 Forbidden");
+		}
+
+		$this->setUpSmarty();
+
+		// uck. We should still be able to access the database in this situation though.
+		$database = PdoDatabase::getDatabaseConnection('acc');
+		$currentUser = User::getCurrent($database);
+		$this->assign('currentUser', $currentUser);
+		$this->assign("loggedIn", (!$currentUser->isCommunityUser()));
+
+		if($this->securityManager !== null) {
+			$this->setupNavMenuAccess($currentUser);
+		}
+
+		if ($currentUser->isDeclined()) {
+			$this->assign('htmlTitle', 'Account Declined');
+			$this->assign('declineReason', $this->getLogEntry('Declined', $currentUser, $database));
+
+			return $this->fetchTemplate("exception/account-declined.tpl");
+		}
+
+		if ($currentUser->isSuspended()) {
+			$this->assign('htmlTitle', 'Account Suspended');
+			$this->assign('suspendReason', $this->getLogEntry('Suspended', $currentUser, $database));
+
+			return $this->fetchTemplate("exception/account-suspended.tpl");
+		}
+
+		if ($currentUser->isNewUser()) {
+			$this->assign('htmlTitle', 'Account Pending');
+
+			return $this->fetchTemplate("exception/account-new.tpl");
+		}
+
+		return $this->fetchTemplate("exception/access-denied.tpl");
+	}
+
+	/**
+	 * @param string      $action
+	 * @param User        $user
+	 * @param PdoDatabase $database
+	 *
+	 * @return null|string
+	 */
+	private function getLogEntry($action, User $user, PdoDatabase $database)
+	{
+		/** @var Log[] $logs */
+		$logs = LogSearchHelper::get($database)
+			->byAction($action)
+			->byObjectType('User')
+			->byObjectId($user->getId())
+			->limit(1)
+			->fetch();
+
+		return $logs[0]->getComment();
+	}
+
+	/**
+	 * @return SecurityManager
+	 */
+	protected function getSecurityManager()
+	{
+		return $this->securityManager;
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -57,7 +57,7 @@
         $this->assign('currentUser', $currentUser);
         $this->assign("loggedIn", (!$currentUser->isCommunityUser()));
 
-        if($this->securityManager !== null) {
+        if ($this->securityManager !== null) {
             $this->setupNavMenuAccess($currentUser);
         }
 

includes/Exceptions/NotIdentifiedException.php

Indentation +41 added lines, -41 removed lines

@@ -15,52 +15,52 @@
 
 class NotIdentifiedException extends ReadableException
 {
-    use NavigationMenuAccessControl;
-    /**
-     * @var SecurityManager
-     */
-    private $securityManager;
+	use NavigationMenuAccessControl;
+	/**
+	 * @var SecurityManager
+	 */
+	private $securityManager;
 
-    /**
-     * NotIdentifiedException constructor.
-     *
-     * @param SecurityManager $securityManager
-     */
-    public function __construct(SecurityManager $securityManager = null)
-    {
-        $this->securityManager = $securityManager;
-    }
+	/**
+	 * NotIdentifiedException constructor.
+	 *
+	 * @param SecurityManager $securityManager
+	 */
+	public function __construct(SecurityManager $securityManager = null)
+	{
+		$this->securityManager = $securityManager;
+	}
 
-    /**
-     * Returns a readable HTML error message that's displayable to the user using templates.
-     * @return string
-     */
-    public function getReadableError()
-    {
-        if (!headers_sent()) {
-            header("HTTP/1.1 403 Forbidden");
-        }
+	/**
+	 * Returns a readable HTML error message that's displayable to the user using templates.
+	 * @return string
+	 */
+	public function getReadableError()
+	{
+		if (!headers_sent()) {
+			header("HTTP/1.1 403 Forbidden");
+		}
 
-        $this->setUpSmarty();
+		$this->setUpSmarty();
 
-        // uck. We should still be able to access the database in this situation though.
-        $database = PdoDatabase::getDatabaseConnection('acc');
-        $currentUser = User::getCurrent($database);
-        $this->assign('currentUser', $currentUser);
-        $this->assign("loggedIn", (!$currentUser->isCommunityUser()));
+		// uck. We should still be able to access the database in this situation though.
+		$database = PdoDatabase::getDatabaseConnection('acc');
+		$currentUser = User::getCurrent($database);
+		$this->assign('currentUser', $currentUser);
+		$this->assign("loggedIn", (!$currentUser->isCommunityUser()));
 
-        if($this->securityManager !== null) {
-            $this->setupNavMenuAccess($currentUser);
-        }
+		if($this->securityManager !== null) {
+			$this->setupNavMenuAccess($currentUser);
+		}
 
-        return $this->fetchTemplate("exception/not-identified.tpl");
-    }
+		return $this->fetchTemplate("exception/not-identified.tpl");
+	}
 
-    /**
-     * @return SecurityManager
-     */
-    protected function getSecurityManager()
-    {
-        return $this->securityManager;
-    }
+	/**
+	 * @return SecurityManager
+	 */
+	protected function getSecurityManager()
+	{
+		return $this->securityManager;
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -57,7 +57,7 @@
         $this->assign('currentUser', $currentUser);
         $this->assign("loggedIn", (!$currentUser->isCommunityUser()));
 
-        if($this->securityManager !== null) {
+        if ($this->securityManager !== null) {
             $this->setupNavMenuAccess($currentUser);
         }
 

includes/ConsoleTasks/MigrateToRoles.php

Indentation +41 added lines, -41 removed lines

@@ -16,55 +16,55 @@
 
 class MigrateToRoles extends ConsoleTaskBase
 {
-    public function execute()
-    {
-        $communityUser = User::getCommunity();
+	public function execute()
+	{
+		$communityUser = User::getCommunity();
 
-        $database = $this->getDatabase();
-        $statement = $database->query('SELECT id, status, checkuser FROM user;');
-        $update = $database->prepare("UPDATE user SET status = 'Active' WHERE id = :id;");
+		$database = $this->getDatabase();
+		$statement = $database->query('SELECT id, status, checkuser FROM user;');
+		$update = $database->prepare("UPDATE user SET status = 'Active' WHERE id = :id;");
 
-        $users = $statement->fetchAll(PDO::FETCH_ASSOC);
+		$users = $statement->fetchAll(PDO::FETCH_ASSOC);
 
-        foreach ($users as $user) {
-            $toAdd = array('user');
+		foreach ($users as $user) {
+			$toAdd = array('user');
 
-            if($user['status'] === 'Admin'){
-                $toAdd[] = 'admin';
-            }
+			if($user['status'] === 'Admin'){
+				$toAdd[] = 'admin';
+			}
 
-            if($user['checkuser'] == 1){
-                $toAdd[] = 'checkuser';
-            }
+			if($user['checkuser'] == 1){
+				$toAdd[] = 'checkuser';
+			}
 
-            foreach ($toAdd as $x) {
-                $a = new UserRole();
-                $a->setUser($user['id']);
-                $a->setRole($x);
-                $a->setDatabase($database);
-                $a->save();
-            }
+			foreach ($toAdd as $x) {
+				$a = new UserRole();
+				$a->setUser($user['id']);
+				$a->setRole($x);
+				$a->setDatabase($database);
+				$a->save();
+			}
 
-            $logData = serialize(array(
-                'added' => $toAdd,
-                'removed' => array(),
-                'reason' => 'Initial migration'
-            ));
+			$logData = serialize(array(
+				'added' => $toAdd,
+				'removed' => array(),
+				'reason' => 'Initial migration'
+			));
 
-            $log = new Log();
-            $log->setDatabase($database);
-            $log->setAction('RoleChange');
-            $log->setObjectId($user['id']);
-            $log->setObjectType('User');
-            $log->setUser($communityUser);
-            $log->setComment($logData);
-            $log->save();
+			$log = new Log();
+			$log->setDatabase($database);
+			$log->setAction('RoleChange');
+			$log->setObjectId($user['id']);
+			$log->setObjectType('User');
+			$log->setUser($communityUser);
+			$log->setComment($logData);
+			$log->save();
 
-            if($user['status'] === 'Admin' || $user['status'] === 'User'){
-                $update->execute(array('id' => $user['id']));
-            }
-        }
+			if($user['status'] === 'Admin' || $user['status'] === 'User'){
+				$update->execute(array('id' => $user['id']));
+			}
+		}
 
-        $database->exec("UPDATE schemaversion SET version = 25;");
-    }
+		$database->exec("UPDATE schemaversion SET version = 25;");
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -29,11 +29,11 @@ 
         foreach ($users as $user) {
             $toAdd = array('user');
 
-            if($user['status'] === 'Admin'){
+            if ($user['status'] === 'Admin') {
                 $toAdd[] = 'admin';
             }
 
-            if($user['checkuser'] == 1){
+            if ($user['checkuser'] == 1) {
                 $toAdd[] = 'checkuser';
             }
 
@@ -60,7 +60,7 @@ 
             $log->setComment($logData);
             $log->save();
 
-            if($user['status'] === 'Admin' || $user['status'] === 'User'){
+            if ($user['status'] === 'Admin' || $user['status'] === 'User') {
                 $update->execute(array('id' => $user['id']));
             }
         }

Braces +3 added lines, -3 removed lines

@@ -29,11 +29,11 @@ 
         foreach ($users as $user) {
             $toAdd = array('user');
 
-            if($user['status'] === 'Admin'){
+            if($user['status'] === 'Admin') {
                 $toAdd[] = 'admin';
             }
 
-            if($user['checkuser'] == 1){
+            if($user['checkuser'] == 1) {
                 $toAdd[] = 'checkuser';
             }
 
@@ -60,7 +60,7 @@ 
             $log->setComment($logData);
             $log->save();
 
-            if($user['status'] === 'Admin' || $user['status'] === 'User'){
+            if($user['status'] === 'Admin' || $user['status'] === 'User') {
                 $update->execute(array('id' => $user['id']));
             }
         }