Issues in http-auth.inc.php - Fixed Issues - Inspection of "fix: move user preferences dashboard and twofactor..." - librenms/librenms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#6286)

by Neil

created 2017-03-31 16:42 UTC

html/includes/authentication/http-auth.inc.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

use Phpass\PasswordHash;

if (!isset($_SESSION['username'])) {
    $_SESSION['username'] = '';
}


function authenticate($username, $password)
{
    global $config;

    if (isset($_SERVER['REMOTE_USER']) || isset($_SERVER['PHP_AUTH_USER'])) {
        $_SESSION['username'] = mres($_SERVER['REMOTE_USER']) ?: mres($_SERVER['PHP_AUTH_USER']);

        $row = @dbFetchRow('SELECT username FROM `users` WHERE `username`=?', array($_SESSION['username']));
        if (isset($row['username']) && $row['username'] == $_SESSION['username']) {
            return 1;
        } else {
            $_SESSION['username'] = $config['http_auth_guest'];
            return 1;
        }
    }
    return 0;
}


function reauthenticate($sess_id = '', $token = '')
{
    return 0;
}


function passwordscanchange($username = '')
{
    return 0;
}


function changepassword($username, $newpassword)
{
    // Not supported
}


function auth_usermanagement()
{
    return 1;
}


function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = 1, $description = '', $twofactor = 0)

{
    if (!user_exists($username)) {
        $hasher    = new PasswordHash(8, false);
        $encrypted = $hasher->HashPassword($password);
        $userid    = dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
        if ($userid == false) {
            return false;
        } else {
            foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {
                dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1), 'notifications_attribs');
            }
        }
        return $userid;
    } else {
        return false;
    }
}


function user_exists($username)
{
    // FIXME this doesn't seem right? (adama)
    return dbFetchCell('SELECT * FROM `users` WHERE `username` = ?', array($username));
}


function get_userlevel($username)
{
    return dbFetchCell('SELECT `level` FROM `users` WHERE `username`= ?', array($username));
}


function get_userid($username)
{
    return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username`= ?', array($username));
}


function deluser($username)
{
    // Not supported
    return 0;
}


function get_userlist()
{
    return dbFetchRows('SELECT * FROM `users`');
}


function can_update_users()
{
    // supported so return 1
    return 1;
}


function get_user($user_id)
{
    return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id));
}


function update_user($user_id, $realname, $level, $can_modify_passwd, $email)
{
    dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
}


1		<?php
2
3		use Phpass\PasswordHash;
4
5		if (!isset($_SESSION['username'])) {
6		$_SESSION['username'] = '';
7		}
8
9
10		function authenticate($username, $password)
11		{
12		global $config;
13
14		if (isset($_SERVER['REMOTE_USER']) \|\| isset($_SERVER['PHP_AUTH_USER'])) {
15		$_SESSION['username'] = mres($_SERVER['REMOTE_USER']) ?: mres($_SERVER['PHP_AUTH_USER']);
16
17		$row = @dbFetchRow('SELECT username FROM `users` WHERE `username`=?', array($_SESSION['username']));
18		if (isset($row['username']) && $row['username'] == $_SESSION['username']) {
19		return 1;
20		} else {
21		$_SESSION['username'] = $config['http_auth_guest'];
22		return 1;
23		}
24		}
25		return 0;
26		}
27
28
29		function reauthenticate($sess_id = '', $token = '')
30		{
31		return 0;
32		}
33
34
35		function passwordscanchange($username = '')
36		{
37		return 0;
38		}
39
40
41		function changepassword($username, $newpassword)
42		{
43		// Not supported
44		}
45
46
47		function auth_usermanagement()
48		{
49		return 1;
50		}
51
52
53	View Code Duplication	function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = 1, $description = '', $twofactor = 0)
		0 ignored issues – show Duplication introduced 2015-11-21 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
54		{
55		if (!user_exists($username)) {
56		$hasher = new PasswordHash(8, false);
57		$encrypted = $hasher->HashPassword($password);
58		$userid = dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
59		if ($userid == false) {
60		return false;
61		} else {
62		foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {
63		dbInsert(array('notifications_id'=>$notif['notifications_id'],'user_id'=>$userid,'key'=>'read','value'=>1), 'notifications_attribs');
64		}
65		}
66		return $userid;
67		} else {
68		return false;
69		}
70		}
71
72
73		function user_exists($username)
74		{
75		// FIXME this doesn't seem right? (adama)
76		return dbFetchCell('SELECT * FROM `users` WHERE `username` = ?', array($username));
77		}
78
79
80		function get_userlevel($username)
81		{
82		return dbFetchCell('SELECT `level` FROM `users` WHERE `username`= ?', array($username));
83		}
84
85
86		function get_userid($username)
87		{
88		return dbFetchCell('SELECT `user_id` FROM `users` WHERE `username`= ?', array($username));
89		}
90
91
92		function deluser($username)
93		{
94		// Not supported
95		return 0;
96		}
97
98
99		function get_userlist()
100		{
101		return dbFetchRows('SELECT * FROM `users`');
102		}
103
104
105		function can_update_users()
106		{
107		// supported so return 1
108		return 1;
109		}
110
111
112		function get_user($user_id)
113		{
114		return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id));
115		}
116
117
118		function update_user($user_id, $realname, $level, $can_modify_passwd, $email)
119		{
120		dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
121		}
122

librenms / librenms

Pull Request — master (#6286)

html/includes/authentication/http-auth.inc.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like