start.php ➔ uservalidationbyemail_check_manual_login() - Code Metrics - Inspection of "Testing - Suspend user mod" - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — gcconnex (#1529)

unknown

created 2017-10-20 19:33 UTC

start.php ➔ uservalidationbyemail_check_manual_login() C

↳ Parent: Project

Complexity

Conditions	7
Paths	4

Size

Total Lines	27
Code Lines	12

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	12
nc	4
nop	3
dl	0
loc	27
rs	6.7272
c	0
b	0
f	0

<?php
/**
 * Email user validation plugin.
 * Non-admin accounts are invalid until their email address is confirmed.
 *
 * @package Elgg.Core.Plugin
 * @subpackage UserValidationByEmail
 */

elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init');

function uservalidationbyemail_init() {

	require_once dirname(__FILE__) . '/lib/functions.php';

	// Register page handler to validate users
	// This doesn't need to be an action because security is handled by the validation codes.
	elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');

	// mark users as unvalidated and disable when they register
	elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');

	// forward to uservalidationbyemail/emailsent page after register
	elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url');

	// canEdit override to allow not logged in code to disable a user
	elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');

	// prevent users from logging in if they aren't validated
	register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");

	// when requesting a new password
	elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');

	// prevent the engine from logging in users via login()
	elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login');

	// make admin users always validated
	elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');

	// register Walled Garden public pages
	elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');

	// admin interface to manually validate users
	elgg_register_admin_menu_item('administer', 'unvalidated', 'users');

	elgg_extend_view('css/admin', 'uservalidationbyemail/css');
	elgg_extend_view('js/elgg', 'uservalidationbyemail/js');

	$action_path = dirname(__FILE__) . '/actions';

	elgg_register_action('uservalidationbyemail/validate', "$action_path/validate.php", 'admin');
	elgg_register_action('uservalidationbyemail/resend_validation', "$action_path/resend_validation.php", 'admin');
	elgg_register_action('uservalidationbyemail/delete', "$action_path/delete.php", 'admin');
	elgg_register_action('uservalidationbyemail/bulk_action', "$action_path/bulk_action.php", 'admin');
}

/**
 * Disables a user upon registration.
 *
 * @param string $hook
 * @param string $type
 * @param bool   $value
 * @param array  $params
 * @return bool
 */
function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
	$user = elgg_extract('user', $params);

	// no clue what's going on, so don't react.
	if (!$user instanceof ElggUser) {
		return;
	}

	// another plugin is requesting that registration be terminated
	// no need for uservalidationbyemail
	if (!$value) {
		return $value;
	}

	// has the user already been validated?
	if (elgg_get_user_validation_status($user->guid) == true) {
		return $value;
	}

	// disable user to prevent showing up on the site
	// set context so our canEdit() override works
	elgg_push_context('uservalidationbyemail_new_user');
	$hidden_entities = access_get_show_hidden_status();
	access_show_hidden_entities(TRUE);

	// Don't do a recursive disable.  Any entities owned by the user at this point
	// are products of plugins that hook into create user and might need
	// access to the entities.
	// @todo That ^ sounds like a specific case...would be nice to track it down...
	$user->disable('uservalidationbyemail_new_user', FALSE);

	// set user as unvalidated and send out validation email
	elgg_set_user_validation_status($user->guid, FALSE);
	uservalidationbyemail_request_validation($user->guid);

	elgg_pop_context();
	access_show_hidden_entities($hidden_entities);

	return $value;
}

/**
 * Override the URL to be forwarded after registration
 *
 * @param string $hook
 * @param string $type
 * @param bool   $value
 * @param array  $params
 * @return string
 */
function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) {
	$url = elgg_extract('current_url', $params);
	if ($url == elgg_get_site_url() . 'action/register') {
		$session = elgg_get_session();
		$email = $session->get('emailsent', '');
		if ($email) {
			return elgg_get_site_url() . 'uservalidationbyemail/emailsent';
		}
	}
}

/**
 * Override the canEdit() call for if we're in the context of registering a new user.
 *
 * @param string $hook
 * @param string $type
 * @param bool   $value
 * @param array  $params
 * @return bool|null
 */
function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) {
	// $params['user'] is the user to check permissions for.
	// we want the entity to check, which is a user.
	$user = elgg_extract('entity', $params);

	if (!($user instanceof ElggUser)) {
		return;
	}

	$context = elgg_get_context();
	if ($context == 'uservalidationbyemail_new_user' || $context == 'uservalidationbyemail_validate_user') {
		return TRUE;
	}

	return;
}

/**
 * Checks if an account is validated
 *
 * @params array $credentials The username and password
 * @return bool
 */
function uservalidationbyemail_check_auth_attempt($credentials) {

	if (!isset($credentials['username'])) {
		return;
	}

	$username = $credentials['username'];

	// See if the user exists and isn't validated
	$access_status = access_get_show_hidden_status();
	access_show_hidden_entities(TRUE);

	// check if logging in with email address
	if (strpos($username, '@') !== false) {
		$users = get_user_by_email($username);
		if ($users) {

			$username = $users[0]->username;
		}
	}

	$user = get_user_by_username($username);
	if ($user && isset($user->validated) && !$user->validated) {
		// show an error and resend validation email
		uservalidationbyemail_request_validation($user->guid);
		access_show_hidden_entities($access_status);
		throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
	}

	access_show_hidden_entities($access_status);
}

/**
 * Checks sent passed validation code and user guids and validates the user.
 *
 * @param array $page
 * @return bool
 */
function uservalidationbyemail_page_handler($page) {
	$valid_pages = array('emailsent', 'confirm');

	if (empty($page[0]) || !in_array($page[0], $valid_pages)) {
		forward('', '404');
	}

	// note, safe to include based on input because we validated above.
	require dirname(__FILE__) . "/pages/{$page[0]}.php";
	return true;
}

/**
 * Make sure any admin users are automatically validated
 *
 * @param string   $event
 * @param string   $type
 * @param ElggUser $user
 */
function uservalidationbyemail_validate_new_admin_user($event, $type, $user) {
	if ($user instanceof ElggUser && !$user->validated) {
		elgg_set_user_validation_status($user->guid, TRUE, 'admin_user');
	}
}

/**
 * Registers public pages to allow in the case walled garden has been enabled.
 */
function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) {
	$return_value[] = 'uservalidationbyemail/confirm';
	$return_value[] = 'uservalidationbyemail/emailsent';
	return $return_value;
}

/**
 * Prevent a manual code login with login().
 *
 * @param string   $event
 * @param string   $type
 * @param ElggUser $user
 * @return bool
 *
 * @throws LoginException
 */
function uservalidationbyemail_check_manual_login($event, $type, $user) {
	$access_status = access_get_show_hidden_status();
	access_show_hidden_entities(TRUE);

	if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
		// send new validation email

		// cyu - this sends out 2nd email to the user for validation (already been done back in function check_auth...)
		//uservalidationbyemail_request_validation($user->getGUID());
		// restore hidden entities settings
		access_show_hidden_entities($access_status);
		
		// throw error so we get a nice error message
		throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
	}
	//GCTools - check if the user has deactivated their account, my event hook won't work :(
	if(elgg_is_active_plugin('member_selfdelete')){
		if(($user instanceof ElggUser) && $user->gcdeactivate == true){
			
			forward('gcreactivate');
			system_message('member_selfdelete:gc:youaredeactivated');
			return false;
		}
	}
	
	access_show_hidden_entities($access_status);
}


1		<?php
2		/**
3		* Email user validation plugin.
4		* Non-admin accounts are invalid until their email address is confirmed.
5		*
6		* @package Elgg.Core.Plugin
7		* @subpackage UserValidationByEmail
8		*/
9
10		elgg_register_event_handler('init', 'system', 'uservalidationbyemail_init');
11
12		function uservalidationbyemail_init() {
13
14		require_once dirname(__FILE__) . '/lib/functions.php';
15
16		// Register page handler to validate users
17		// This doesn't need to be an action because security is handled by the validation codes.
18		elgg_register_page_handler('uservalidationbyemail', 'uservalidationbyemail_page_handler');
19
20		// mark users as unvalidated and disable when they register
21		elgg_register_plugin_hook_handler('register', 'user', 'uservalidationbyemail_disable_new_user');
22
23		// forward to uservalidationbyemail/emailsent page after register
24		elgg_register_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url');
25
26		// canEdit override to allow not logged in code to disable a user
27		elgg_register_plugin_hook_handler('permissions_check', 'user', 'uservalidationbyemail_allow_new_user_can_edit');
28
29		// prevent users from logging in if they aren't validated
30		register_pam_handler('uservalidationbyemail_check_auth_attempt', "required");
31
32		// when requesting a new password
33		elgg_register_plugin_hook_handler('action', 'user/requestnewpassword', 'uservalidationbyemail_check_request_password');
34
35		// prevent the engine from logging in users via login()
36		elgg_register_event_handler('login:before', 'user', 'uservalidationbyemail_check_manual_login');
37
38		// make admin users always validated
39		elgg_register_event_handler('make_admin', 'user', 'uservalidationbyemail_validate_new_admin_user');
40
41		// register Walled Garden public pages
42		elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'uservalidationbyemail_public_pages');
43
44		// admin interface to manually validate users
45		elgg_register_admin_menu_item('administer', 'unvalidated', 'users');
46
47		elgg_extend_view('css/admin', 'uservalidationbyemail/css');
48		elgg_extend_view('js/elgg', 'uservalidationbyemail/js');
49
50		$action_path = dirname(__FILE__) . '/actions';
51
52		elgg_register_action('uservalidationbyemail/validate', "$action_path/validate.php", 'admin');
53		elgg_register_action('uservalidationbyemail/resend_validation', "$action_path/resend_validation.php", 'admin');
54		elgg_register_action('uservalidationbyemail/delete', "$action_path/delete.php", 'admin');
55		elgg_register_action('uservalidationbyemail/bulk_action', "$action_path/bulk_action.php", 'admin');
56		}
57
58		/**
59		* Disables a user upon registration.
60		*
61		* @param string $hook
62		* @param string $type
63		* @param bool $value
64		* @param array $params
65		* @return bool
66		*/
67		function uservalidationbyemail_disable_new_user($hook, $type, $value, $params) {
68		$user = elgg_extract('user', $params);
69
70		// no clue what's going on, so don't react.
71		if (!$user instanceof ElggUser) {
72		return;
73		}
74
75		// another plugin is requesting that registration be terminated
76		// no need for uservalidationbyemail
77		if (!$value) {
78		return $value;
79		}
80
81		// has the user already been validated?
82		if (elgg_get_user_validation_status($user->guid) == true) {
83		return $value;
84		}
85
86		// disable user to prevent showing up on the site
87		// set context so our canEdit() override works
88		elgg_push_context('uservalidationbyemail_new_user');
89		$hidden_entities = access_get_show_hidden_status();
90		access_show_hidden_entities(TRUE);
91
92		// Don't do a recursive disable. Any entities owned by the user at this point
93		// are products of plugins that hook into create user and might need
94		// access to the entities.
95		// @todo That ^ sounds like a specific case...would be nice to track it down...
96		$user->disable('uservalidationbyemail_new_user', FALSE);
97
98		// set user as unvalidated and send out validation email
99		elgg_set_user_validation_status($user->guid, FALSE);
100		uservalidationbyemail_request_validation($user->guid);
101
102		elgg_pop_context();
103		access_show_hidden_entities($hidden_entities);
104
105		return $value;
106		}
107
108		/**
109		* Override the URL to be forwarded after registration
110		*
111		* @param string $hook
112		* @param string $type
113		* @param bool $value
114		* @param array $params
115		* @return string
116		*/
117		function uservalidationbyemail_after_registration_url($hook, $type, $value, $params) {
118		$url = elgg_extract('current_url', $params);
119		if ($url == elgg_get_site_url() . 'action/register') {
120		$session = elgg_get_session();
121		$email = $session->get('emailsent', '');
122		if ($email) {
123		return elgg_get_site_url() . 'uservalidationbyemail/emailsent';
124		}
125		}
126		}
127
128		/**
129		* Override the canEdit() call for if we're in the context of registering a new user.
130		*
131		* @param string $hook
132		* @param string $type
133		* @param bool $value
134		* @param array $params
135		* @return bool\|null
136		*/
137		function uservalidationbyemail_allow_new_user_can_edit($hook, $type, $value, $params) {
138		// $params['user'] is the user to check permissions for.
139		// we want the entity to check, which is a user.
140		$user = elgg_extract('entity', $params);
141
142		if (!($user instanceof ElggUser)) {
143		return;
144		}
145
146		$context = elgg_get_context();
147		if ($context == 'uservalidationbyemail_new_user' \|\| $context == 'uservalidationbyemail_validate_user') {
148		return TRUE;
149		}
150
151		return;
152		}
153
154		/**
155		* Checks if an account is validated
156		*
157		* @params array $credentials The username and password
158		* @return bool
159		*/
160		function uservalidationbyemail_check_auth_attempt($credentials) {
161
162		if (!isset($credentials['username'])) {
163		return;
164		}
165
166		$username = $credentials['username'];
167
168		// See if the user exists and isn't validated
169		$access_status = access_get_show_hidden_status();
170		access_show_hidden_entities(TRUE);
171
172		// check if logging in with email address
173	View Code Duplication	if (strpos($username, '@') !== false) {
174		$users = get_user_by_email($username);
175		if ($users) {
		0 ignored issues – show Bug Best Practice introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report The expression `$users` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
176		$username = $users[0]->username;
177		}
178		}
179
180		$user = get_user_by_username($username);
181		if ($user && isset($user->validated) && !$user->validated) {
182		// show an error and resend validation email
183		uservalidationbyemail_request_validation($user->guid);
184		access_show_hidden_entities($access_status);
185		throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
186		}
187
188		access_show_hidden_entities($access_status);
189		}
190
191		/**
192		* Checks sent passed validation code and user guids and validates the user.
193		*
194		* @param array $page
195		* @return bool
196		*/
197		function uservalidationbyemail_page_handler($page) {
198		$valid_pages = array('emailsent', 'confirm');
199
200		if (empty($page[0]) \|\| !in_array($page[0], $valid_pages)) {
201		forward('', '404');
202		}
203
204		// note, safe to include based on input because we validated above.
205		require dirname(__FILE__) . "/pages/{$page[0]}.php";
206		return true;
207		}
208
209		/**
210		* Make sure any admin users are automatically validated
211		*
212		* @param string $event
213		* @param string $type
214		* @param ElggUser $user
215		*/
216		function uservalidationbyemail_validate_new_admin_user($event, $type, $user) {
217		if ($user instanceof ElggUser && !$user->validated) {
218		elgg_set_user_validation_status($user->guid, TRUE, 'admin_user');
219		}
220		}
221
222		/**
223		* Registers public pages to allow in the case walled garden has been enabled.
224		*/
225		function uservalidationbyemail_public_pages($hook, $type, $return_value, $params) {
226		$return_value[] = 'uservalidationbyemail/confirm';
227		$return_value[] = 'uservalidationbyemail/emailsent';
228		return $return_value;
229		}
230
231		/**
232		* Prevent a manual code login with login().
233		*
234		* @param string $event
235		* @param string $type
236		* @param ElggUser $user
237		* @return bool
238		*
239		* @throws LoginException
240		*/
241		function uservalidationbyemail_check_manual_login($event, $type, $user) {
242		$access_status = access_get_show_hidden_status();
243		access_show_hidden_entities(TRUE);
244
245		if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
246		// send new validation email
247
248		// cyu - this sends out 2nd email to the user for validation (already been done back in function check_auth...)
249		//uservalidationbyemail_request_validation($user->getGUID());
250		// restore hidden entities settings
251		access_show_hidden_entities($access_status);
252
253		// throw error so we get a nice error message
254		throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
255		}
256		//GCTools - check if the user has deactivated their account, my event hook won't work :(
257		if(elgg_is_active_plugin('member_selfdelete')){
258		if(($user instanceof ElggUser) && $user->gcdeactivate == true){
259
260		forward('gcreactivate');
261		system_message('member_selfdelete:gc:youaredeactivated');
262		return false;
263		}
264		}
265
266		access_show_hidden_entities($access_status);
267		}
268

gctools-outilsgc / gcconnex

Pull Request — gcconnex (#1529)

start.php ➔ uservalidationbyemail_check_manual_login() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like