mdaniels5757 / waca

includes/Pages/PageBan.php

Indentation +304 added lines, -304 removed lines

@@ -21,308 +21,308 @@
 
 class PageBan extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $this->assignCSRFToken();
-
-        $this->setHtmlTitle('Bans');
-
-        $bans = Ban::getActiveBans(null, $this->getDatabase());
-
-        $userIds = array_map(
-            function(Ban $entry) {
-                return $entry->getUser();
-            },
-            $bans);
-        $userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
-
-        $user = User::getCurrent($this->getDatabase());
-        $this->assign('canSet', $this->barrierTest('set', $user));
-        $this->assign('canRemove', $this->barrierTest('remove', $user));
-
-        $this->assign('usernames', $userList);
-        $this->assign('activebans', $bans);
-        $this->setTemplate('bans/banlist.tpl');
-    }
-
-    /**
-     * Entry point for the ban set action
-     */
-    protected function set()
-    {
-        $this->setHtmlTitle('Bans');
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-        }
-    }
-
-    /**
-     * Entry point for the ban remove action
-     */
-    protected function remove()
-    {
-        $this->setHtmlTitle('Bans');
-
-        $ban = $this->getBanForUnban();
-
-        // dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $unbanReason = WebRequest::postString('unbanreason');
-
-            if ($unbanReason === null || trim($unbanReason) === "") {
-                SessionAlert::error('No unban reason specified');
-                $this->redirect("bans", "remove", array('id' => $ban->getId()));
-            }
-
-            // set optimistic locking from delete form page load
-            $updateVersion = WebRequest::postInt('updateversion');
-            $ban->setUpdateVersion($updateVersion);
-
-            $database = $this->getDatabase();
-            $ban->setActive(false);
-            $ban->save();
-
-            Logger::unbanned($database, $ban, $unbanReason);
-
-            SessionAlert::quick('Disabled ban.');
-            $this->getNotificationHelper()->unbanned($ban, $unbanReason);
-
-            $this->redirect('bans');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('ban', $ban);
-            $this->setTemplate('bans/unban.tpl');
-        }
-    }
-
-    /**
-     * @throws ApplicationLogicException
-     */
-    private function getBanDuration()
-    {
-        $duration = WebRequest::postString('duration');
-        if ($duration === "other") {
-            $duration = strtotime(WebRequest::postString('otherduration'));
-
-            if (!$duration) {
-                throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
-                throw new ApplicationLogicException('Ban time has already expired!');
-            }
-
-            return $duration;
-        }
-        elseif ($duration === "-1") {
-            return null;
-        }
-        else {
-            $duration = WebRequest::postInt('duration') + time();
-
-            return $duration;
-        }
-    }
-
-    /**
-     * @param string $type
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateBanType($type, $target)
-    {
-        switch ($type) {
-            case 'IP':
-                $this->validateIpBan($target);
-
-                return;
-            case 'Name':
-                // No validation needed here.
-                return;
-            case 'EMail':
-                $this->validateEmailBanTarget($target);
-
-                return;
-            default:
-                throw new ApplicationLogicException("Unknown ban type");
-        }
-    }
-
-    /**
-     * Handles the POST method on the set action
-     *
-     * @throws ApplicationLogicException
-     * @throws Exception
-     */
-    private function handlePostMethodForSetBan()
-    {
-        $this->validateCSRFToken();
-        $reason = WebRequest::postString('banreason');
-        $target = WebRequest::postString('target');
-
-        // Checks whether there is a reason entered for ban.
-        if ($reason === null || trim($reason) === "") {
-            throw new ApplicationLogicException('You must specify a ban reason');
-        }
-
-        // Checks whether there is a target entered to ban.
-        if ($target === null || trim($target) === "") {
-            throw new ApplicationLogicException('You must specify a target to be banned');
-        }
-
-        // Validate ban duration
-        $duration = $this->getBanDuration();
-
-        // Validate ban type & target for that type
-        $type = WebRequest::postString('type');
-        $this->validateBanType($type, $target);
-
-        $database = $this->getDatabase();
-
-        if (count(Ban::getActiveBans($target, $database)) > 0) {
-            throw new ApplicationLogicException('This target is already banned!');
-        }
-
-        $ban = new Ban();
-        $ban->setDatabase($database);
-        $ban->setActive(true);
-        $ban->setType($type);
-        $ban->setTarget($target);
-        $ban->setUser(User::getCurrent($database)->getId());
-        $ban->setReason($reason);
-        $ban->setDuration($duration);
-
-        $ban->save();
-
-        Logger::banned($database, $ban, $reason);
-
-        $this->getNotificationHelper()->banned($ban);
-        SessionAlert::quick('Ban has been set.');
-
-        $this->redirect('bans');
-    }
-
-    /**
-     * Handles the GET method on the set action
-     */
-    protected function handleGetMethodForSetBan()
-    {
-        $this->setTemplate('bans/banform.tpl');
-        $this->assignCSRFToken();
-
-        $banType = WebRequest::getString('type');
-        $banTarget = WebRequest::getInt('request');
-
-        $database = $this->getDatabase();
-
-        // if the parameters are null, skip loading a request.
-        if ($banType === null
-            || !in_array($banType, array('IP', 'Name', 'EMail'))
-            || $banTarget === null
-            || $banTarget === 0
-        ) {
-            $this->assign('bantarget', '');
-            $this->assign('bantype', '');
-
-            return;
-        }
-
-        // Set the ban type, which the user has indicated.
-        $this->assign('bantype', $banType);
-
-        // Attempt to resolve the correct target
-        /** @var Request $request */
-        $request = Request::getById($banTarget, $database);
-        if ($request === false) {
-            $this->assign('bantarget', '');
-
-            return;
-        }
-
-        $realTarget = '';
-        switch ($banType) {
-            case 'EMail':
-                $realTarget = $request->getEmail();
-                break;
-            case 'IP':
-                $xffProvider = $this->getXffTrustProvider();
-                $realTarget = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-                break;
-            case 'Name':
-                $realTarget = $request->getName();
-                break;
-        }
-
-        $this->assign('bantarget', $realTarget);
-    }
-
-    /**
-     * Validates an IP ban target
-     *
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateIpBan($target)
-    {
-        $squidIpList = $this->getSiteConfiguration()->getSquidList();
-
-        if (filter_var($target, FILTER_VALIDATE_IP) === false) {
-            throw new ApplicationLogicException('Invalid target - IP address expected.');
-        }
-
-        if (in_array($target, $squidIpList)) {
-            throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
-        }
-    }
-
-    /**
-     * Validates an email address as a ban target
-     *
-     * @param string $target
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateEmailBanTarget($target)
-    {
-        if (filter_var($target, FILTER_VALIDATE_EMAIL) !== $target) {
-            throw new ApplicationLogicException('Invalid target - email address expected.');
-        }
-    }
-
-    /**
-     * @return Ban
-     * @throws ApplicationLogicException
-     */
-    private function getBanForUnban()
-    {
-        $banId = WebRequest::getInt('id');
-        if ($banId === null || $banId === 0) {
-            throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
-        }
-
-        $ban = Ban::getActiveId($banId, $this->getDatabase());
-
-        if ($ban === false) {
-            throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-        }
-
-        return $ban;
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$this->assignCSRFToken();
+
+		$this->setHtmlTitle('Bans');
+
+		$bans = Ban::getActiveBans(null, $this->getDatabase());
+
+		$userIds = array_map(
+			function(Ban $entry) {
+				return $entry->getUser();
+			},
+			$bans);
+		$userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
+
+		$user = User::getCurrent($this->getDatabase());
+		$this->assign('canSet', $this->barrierTest('set', $user));
+		$this->assign('canRemove', $this->barrierTest('remove', $user));
+
+		$this->assign('usernames', $userList);
+		$this->assign('activebans', $bans);
+		$this->setTemplate('bans/banlist.tpl');
+	}
+
+	/**
+	 * Entry point for the ban set action
+	 */
+	protected function set()
+	{
+		$this->setHtmlTitle('Bans');
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+		}
+	}
+
+	/**
+	 * Entry point for the ban remove action
+	 */
+	protected function remove()
+	{
+		$this->setHtmlTitle('Bans');
+
+		$ban = $this->getBanForUnban();
+
+		// dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$unbanReason = WebRequest::postString('unbanreason');
+
+			if ($unbanReason === null || trim($unbanReason) === "") {
+				SessionAlert::error('No unban reason specified');
+				$this->redirect("bans", "remove", array('id' => $ban->getId()));
+			}
+
+			// set optimistic locking from delete form page load
+			$updateVersion = WebRequest::postInt('updateversion');
+			$ban->setUpdateVersion($updateVersion);
+
+			$database = $this->getDatabase();
+			$ban->setActive(false);
+			$ban->save();
+
+			Logger::unbanned($database, $ban, $unbanReason);
+
+			SessionAlert::quick('Disabled ban.');
+			$this->getNotificationHelper()->unbanned($ban, $unbanReason);
+
+			$this->redirect('bans');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('ban', $ban);
+			$this->setTemplate('bans/unban.tpl');
+		}
+	}
+
+	/**
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanDuration()
+	{
+		$duration = WebRequest::postString('duration');
+		if ($duration === "other") {
+			$duration = strtotime(WebRequest::postString('otherduration'));
+
+			if (!$duration) {
+				throw new ApplicationLogicException('Invalid ban time');
+			}
+			elseif (time() > $duration) {
+				throw new ApplicationLogicException('Ban time has already expired!');
+			}
+
+			return $duration;
+		}
+		elseif ($duration === "-1") {
+			return null;
+		}
+		else {
+			$duration = WebRequest::postInt('duration') + time();
+
+			return $duration;
+		}
+	}
+
+	/**
+	 * @param string $type
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateBanType($type, $target)
+	{
+		switch ($type) {
+			case 'IP':
+				$this->validateIpBan($target);
+
+				return;
+			case 'Name':
+				// No validation needed here.
+				return;
+			case 'EMail':
+				$this->validateEmailBanTarget($target);
+
+				return;
+			default:
+				throw new ApplicationLogicException("Unknown ban type");
+		}
+	}
+
+	/**
+	 * Handles the POST method on the set action
+	 *
+	 * @throws ApplicationLogicException
+	 * @throws Exception
+	 */
+	private function handlePostMethodForSetBan()
+	{
+		$this->validateCSRFToken();
+		$reason = WebRequest::postString('banreason');
+		$target = WebRequest::postString('target');
+
+		// Checks whether there is a reason entered for ban.
+		if ($reason === null || trim($reason) === "") {
+			throw new ApplicationLogicException('You must specify a ban reason');
+		}
+
+		// Checks whether there is a target entered to ban.
+		if ($target === null || trim($target) === "") {
+			throw new ApplicationLogicException('You must specify a target to be banned');
+		}
+
+		// Validate ban duration
+		$duration = $this->getBanDuration();
+
+		// Validate ban type & target for that type
+		$type = WebRequest::postString('type');
+		$this->validateBanType($type, $target);
+
+		$database = $this->getDatabase();
+
+		if (count(Ban::getActiveBans($target, $database)) > 0) {
+			throw new ApplicationLogicException('This target is already banned!');
+		}
+
+		$ban = new Ban();
+		$ban->setDatabase($database);
+		$ban->setActive(true);
+		$ban->setType($type);
+		$ban->setTarget($target);
+		$ban->setUser(User::getCurrent($database)->getId());
+		$ban->setReason($reason);
+		$ban->setDuration($duration);
+
+		$ban->save();
+
+		Logger::banned($database, $ban, $reason);
+
+		$this->getNotificationHelper()->banned($ban);
+		SessionAlert::quick('Ban has been set.');
+
+		$this->redirect('bans');
+	}
+
+	/**
+	 * Handles the GET method on the set action
+	 */
+	protected function handleGetMethodForSetBan()
+	{
+		$this->setTemplate('bans/banform.tpl');
+		$this->assignCSRFToken();
+
+		$banType = WebRequest::getString('type');
+		$banTarget = WebRequest::getInt('request');
+
+		$database = $this->getDatabase();
+
+		// if the parameters are null, skip loading a request.
+		if ($banType === null
+			|| !in_array($banType, array('IP', 'Name', 'EMail'))
+			|| $banTarget === null
+			|| $banTarget === 0
+		) {
+			$this->assign('bantarget', '');
+			$this->assign('bantype', '');
+
+			return;
+		}
+
+		// Set the ban type, which the user has indicated.
+		$this->assign('bantype', $banType);
+
+		// Attempt to resolve the correct target
+		/** @var Request $request */
+		$request = Request::getById($banTarget, $database);
+		if ($request === false) {
+			$this->assign('bantarget', '');
+
+			return;
+		}
+
+		$realTarget = '';
+		switch ($banType) {
+			case 'EMail':
+				$realTarget = $request->getEmail();
+				break;
+			case 'IP':
+				$xffProvider = $this->getXffTrustProvider();
+				$realTarget = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+				break;
+			case 'Name':
+				$realTarget = $request->getName();
+				break;
+		}
+
+		$this->assign('bantarget', $realTarget);
+	}
+
+	/**
+	 * Validates an IP ban target
+	 *
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateIpBan($target)
+	{
+		$squidIpList = $this->getSiteConfiguration()->getSquidList();
+
+		if (filter_var($target, FILTER_VALIDATE_IP) === false) {
+			throw new ApplicationLogicException('Invalid target - IP address expected.');
+		}
+
+		if (in_array($target, $squidIpList)) {
+			throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
+		}
+	}
+
+	/**
+	 * Validates an email address as a ban target
+	 *
+	 * @param string $target
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateEmailBanTarget($target)
+	{
+		if (filter_var($target, FILTER_VALIDATE_EMAIL) !== $target) {
+			throw new ApplicationLogicException('Invalid target - email address expected.');
+		}
+	}
+
+	/**
+	 * @return Ban
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanForUnban()
+	{
+		$banId = WebRequest::getInt('id');
+		if ($banId === null || $banId === 0) {
+			throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
+		}
+
+		$ban = Ban::getActiveId($banId, $this->getDatabase());
+
+		if ($ban === false) {
+			throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+		}
+
+		return $ban;
+	}
 }

Braces +7 added lines, -11 removed lines

@@ -33,7 +33,8 @@ 
         $bans = Ban::getActiveBans(null, $this->getDatabase());
 
         $userIds = array_map(
-            function(Ban $entry) {
+            function(Ban $entry)
+            {
                 return $entry->getUser();
             },
             $bans);
@@ -64,8 +65,7 @@ 
                 SessionAlert::error($ex->getMessage());
                 $this->redirect("bans", "set");
             }
-        }
-        else {
+        } else {
             $this->handleGetMethodForSetBan();
         }
     }
@@ -103,8 +103,7 @@ 
             $this->getNotificationHelper()->unbanned($ban, $unbanReason);
 
             $this->redirect('bans');
-        }
-        else {
+        } else {
             $this->assignCSRFToken();
             $this->assign('ban', $ban);
             $this->setTemplate('bans/unban.tpl');
@@ -122,17 +121,14 @@ 
 
             if (!$duration) {
                 throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
+            } elseif (time() > $duration) {
                 throw new ApplicationLogicException('Ban time has already expired!');
             }
 
             return $duration;
-        }
-        elseif ($duration === "-1") {
+        } elseif ($duration === "-1") {
             return null;
-        }
-        else {
+        } else {
             $duration = WebRequest::postInt('duration') + time();
 
             return $duration;

includes/Pages/PageSearch.php

Indentation +139 added lines, -139 removed lines

@@ -18,143 +18,143 @@
 
 class PageSearch extends InternalPageBase
 {
-    use RequestListData;
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Search');
-
-        // Dual-mode page
-        if (WebRequest::wasPosted()) {
-            $searchType = WebRequest::postString('type');
-            $searchTerm = WebRequest::postString('term');
-
-            $validationError = "";
-            if (!$this->validateSearchParameters($searchType, $searchTerm, $validationError)) {
-                SessionAlert::error($validationError, "Search error");
-                $this->redirect("search");
-
-                return;
-            }
-
-            $results = array();
-
-            switch ($searchType) {
-                case 'name':
-                    $results = $this->getNameSearchResults($searchTerm);
-                    break;
-                case 'email':
-                    $results = $this->getEmailSearchResults($searchTerm);
-                    break;
-                case 'ip':
-                    $results = $this->getIpSearchResults($searchTerm);
-                    break;
-            }
-
-            // deal with results
-            $this->assign('requests', $this->prepareRequestData($results));
-            $this->assign('resultCount', count($results));
-            $this->assign('term', $searchTerm);
-            $this->assign('target', $searchType);
-
-            $this->assignCSRFToken();
-            $this->setTemplate('search/searchResult.tpl');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('search/searchForm.tpl');
-        }
-    }
-
-    /**
-     * Gets search results by name
-     *
-     * @param string $searchTerm
-     *
-     * @return Request[]
-     */
-    private function getNameSearchResults($searchTerm)
-    {
-        $padded = '%' . $searchTerm . '%';
-
-        /** @var Request[] $requests */
-        $requests = RequestSearchHelper::get($this->getDatabase())
-            ->byName($padded)
-            ->fetch();
-
-        return $requests;
-    }
-
-    /**
-     * Gets search results by email
-     *
-     * @param string $searchTerm
-     *
-     * @return Request[]
-     * @throws ApplicationLogicException
-     */
-    private function getEmailSearchResults($searchTerm)
-    {
-        if ($searchTerm === "@") {
-            throw new ApplicationLogicException('The search term "@" is not valid for email address searches!');
-        }
-
-        $padded = '%' . $searchTerm . '%';
-
-        /** @var Request[] $requests */
-        $requests = RequestSearchHelper::get($this->getDatabase())
-            ->byEmailAddress($padded)
-            ->excludingPurgedData($this->getSiteConfiguration())
-            ->fetch();
-
-        return $requests;
-    }
-
-    /**
-     * Gets search results by IP address or XFF IP address
-     *
-     * @param string $searchTerm
-     *
-     * @return Request[]
-     */
-    private function getIpSearchResults($searchTerm)
-    {
-        /** @var Request[] $requests */
-        $requests = RequestSearchHelper::get($this->getDatabase())
-            ->byIp($searchTerm)
-            ->excludingPurgedData($this->getSiteConfiguration())
-            ->fetch();
-
-        return $requests;
-    }
-
-    /**
-     * @param string $searchType
-     * @param string $searchTerm
-     *
-     * @param string $errorMessage
-     *
-     * @return bool true if parameters are valid
-     */
-    protected function validateSearchParameters($searchType, $searchTerm, &$errorMessage)
-    {
-        if (!in_array($searchType, array('name', 'email', 'ip'))) {
-            $errorMessage = 'Unknown search type';
-
-            return false;
-        }
-
-        if ($searchTerm === '%' || $searchTerm === '' || $searchTerm === null) {
-            $errorMessage = 'No search term specified entered';
-
-            return false;
-        }
-
-        $errorMessage = "";
-
-        return true;
-    }
+	use RequestListData;
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Search');
+
+		// Dual-mode page
+		if (WebRequest::wasPosted()) {
+			$searchType = WebRequest::postString('type');
+			$searchTerm = WebRequest::postString('term');
+
+			$validationError = "";
+			if (!$this->validateSearchParameters($searchType, $searchTerm, $validationError)) {
+				SessionAlert::error($validationError, "Search error");
+				$this->redirect("search");
+
+				return;
+			}
+
+			$results = array();
+
+			switch ($searchType) {
+				case 'name':
+					$results = $this->getNameSearchResults($searchTerm);
+					break;
+				case 'email':
+					$results = $this->getEmailSearchResults($searchTerm);
+					break;
+				case 'ip':
+					$results = $this->getIpSearchResults($searchTerm);
+					break;
+			}
+
+			// deal with results
+			$this->assign('requests', $this->prepareRequestData($results));
+			$this->assign('resultCount', count($results));
+			$this->assign('term', $searchTerm);
+			$this->assign('target', $searchType);
+
+			$this->assignCSRFToken();
+			$this->setTemplate('search/searchResult.tpl');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('search/searchForm.tpl');
+		}
+	}
+
+	/**
+	 * Gets search results by name
+	 *
+	 * @param string $searchTerm
+	 *
+	 * @return Request[]
+	 */
+	private function getNameSearchResults($searchTerm)
+	{
+		$padded = '%' . $searchTerm . '%';
+
+		/** @var Request[] $requests */
+		$requests = RequestSearchHelper::get($this->getDatabase())
+			->byName($padded)
+			->fetch();
+
+		return $requests;
+	}
+
+	/**
+	 * Gets search results by email
+	 *
+	 * @param string $searchTerm
+	 *
+	 * @return Request[]
+	 * @throws ApplicationLogicException
+	 */
+	private function getEmailSearchResults($searchTerm)
+	{
+		if ($searchTerm === "@") {
+			throw new ApplicationLogicException('The search term "@" is not valid for email address searches!');
+		}
+
+		$padded = '%' . $searchTerm . '%';
+
+		/** @var Request[] $requests */
+		$requests = RequestSearchHelper::get($this->getDatabase())
+			->byEmailAddress($padded)
+			->excludingPurgedData($this->getSiteConfiguration())
+			->fetch();
+
+		return $requests;
+	}
+
+	/**
+	 * Gets search results by IP address or XFF IP address
+	 *
+	 * @param string $searchTerm
+	 *
+	 * @return Request[]
+	 */
+	private function getIpSearchResults($searchTerm)
+	{
+		/** @var Request[] $requests */
+		$requests = RequestSearchHelper::get($this->getDatabase())
+			->byIp($searchTerm)
+			->excludingPurgedData($this->getSiteConfiguration())
+			->fetch();
+
+		return $requests;
+	}
+
+	/**
+	 * @param string $searchType
+	 * @param string $searchTerm
+	 *
+	 * @param string $errorMessage
+	 *
+	 * @return bool true if parameters are valid
+	 */
+	protected function validateSearchParameters($searchType, $searchTerm, &$errorMessage)
+	{
+		if (!in_array($searchType, array('name', 'email', 'ip'))) {
+			$errorMessage = 'Unknown search type';
+
+			return false;
+		}
+
+		if ($searchTerm === '%' || $searchTerm === '' || $searchTerm === null) {
+			$errorMessage = 'No search term specified entered';
+
+			return false;
+		}
+
+		$errorMessage = "";
+
+		return true;
+	}
 }

Braces +1 added lines, -2 removed lines

@@ -62,8 +62,7 @@
 
             $this->assignCSRFToken();
             $this->setTemplate('search/searchResult.tpl');
-        }
-        else {
+        } else {
             $this->assignCSRFToken();
             $this->setTemplate('search/searchForm.tpl');
         }

includes/Pages/PageMain.php

Indentation +157 added lines, -157 removed lines

@@ -20,54 +20,54 @@ 
 
 class PageMain extends InternalPageBase
 {
-    use RequestListData;
-
-    /**
-     * Main function for this page, when no actions are called.
-     */
-    protected function main()
-    {
-        $this->assignCSRFToken();
-
-        $config = $this->getSiteConfiguration();
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        // general template configuration
-        $this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
-        $this->assign('requestLimitShowOnly', $config->getMiserModeLimit());
-
-        $seeAllRequests = $this->barrierTest('seeAllRequests', $currentUser, PageViewRequest::class);
-
-        // Fetch request data
-        $requestSectionData = array();
-        if ($seeAllRequests) {
-            $this->setupStatusSections($database, $config, $requestSectionData);
-            $this->setupHospitalQueue($database, $config, $requestSectionData);
-            $this->setupJobQueue($database, $config, $requestSectionData);
-        }
-        $this->setupLastFiveClosedData($database, $seeAllRequests);
-
-        // Assign data to template
-        $this->assign('requestSectionData', $requestSectionData);
-
-        $this->setTemplate('mainpage/mainpage.tpl');
-    }
-
-    /**
-     * @param PdoDatabase $database
-     * @param bool        $seeAllRequests
-     *
-     * @internal param User $currentUser
-     */
-    private function setupLastFiveClosedData(PdoDatabase $database, $seeAllRequests)
-    {
-        $this->assign('showLastFive', $seeAllRequests);
-        if (!$seeAllRequests) {
-            return;
-        }
-
-        $query = <<<SQL
+	use RequestListData;
+
+	/**
+	 * Main function for this page, when no actions are called.
+	 */
+	protected function main()
+	{
+		$this->assignCSRFToken();
+
+		$config = $this->getSiteConfiguration();
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		// general template configuration
+		$this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
+		$this->assign('requestLimitShowOnly', $config->getMiserModeLimit());
+
+		$seeAllRequests = $this->barrierTest('seeAllRequests', $currentUser, PageViewRequest::class);
+
+		// Fetch request data
+		$requestSectionData = array();
+		if ($seeAllRequests) {
+			$this->setupStatusSections($database, $config, $requestSectionData);
+			$this->setupHospitalQueue($database, $config, $requestSectionData);
+			$this->setupJobQueue($database, $config, $requestSectionData);
+		}
+		$this->setupLastFiveClosedData($database, $seeAllRequests);
+
+		// Assign data to template
+		$this->assign('requestSectionData', $requestSectionData);
+
+		$this->setTemplate('mainpage/mainpage.tpl');
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 * @param bool        $seeAllRequests
+	 *
+	 * @internal param User $currentUser
+	 */
+	private function setupLastFiveClosedData(PdoDatabase $database, $seeAllRequests)
+	{
+		$this->assign('showLastFive', $seeAllRequests);
+		if (!$seeAllRequests) {
+			return;
+		}
+
+		$query = <<<SQL
 		SELECT request.id, request.name, request.updateversion
 		FROM request /* PageMain::main() */
 		JOIN log ON log.objectid = request.id AND log.objecttype = 'Request'
@@ -76,113 +76,113 @@ 
 		LIMIT 5;
 SQL;
 
-        $statement = $database->prepare($query);
-        $statement->execute();
-
-        $last5result = $statement->fetchAll(PDO::FETCH_ASSOC);
-
-        $this->assign('lastFive', $last5result);
-    }
-
-    /**
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $config
-     * @param                   $requestSectionData
-     */
-    private function setupHospitalQueue(
-        PdoDatabase $database,
-        SiteConfiguration $config,
-        &$requestSectionData
-    ) {
-        $search = RequestSearchHelper::get($database)
-            ->limit($config->getMiserModeLimit())
-            ->excludingStatus('Closed')
-            ->isHospitalised();
-
-        if ($config->getEmailConfirmationEnabled()) {
-            $search->withConfirmedEmail();
-        }
-
-        /** @var Request[] $results */
-        $results = $search->getRecordCount($requestCount)->fetch();
-
-        if($requestCount > 0) {
-            $requestSectionData['Hospital - Requests failed auto-creation'] = array(
-                'requests' => $this->prepareRequestData($results),
-                'total'    => $requestCount,
-                'api'      => 'hospital',
-                'type'     => 'hospital',
-                'special'  => 'Job Queue',
-                'help'     => 'This queue lists all the requests which have been attempted to be created in the background, but for which this has failed for one reason or another. Check the job queue to find the error. Requests here may need to be created manually, or it may be possible to re-queue the request for auto-creation by the tool, or it may have been created already. Use your own technical discretion here.',
-                'showAll'  => false
-            );
-        }
-    }
-
-    /**
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $config
-     * @param                   $requestSectionData
-     */
-    private function setupJobQueue(
-        PdoDatabase $database,
-        SiteConfiguration $config,
-        &$requestSectionData
-    ) {
-        $search = RequestSearchHelper::get($database)
-            ->limit($config->getMiserModeLimit())
-            ->byStatus(RequestStatus::JOBQUEUE);
-
-        if ($config->getEmailConfirmationEnabled()) {
-            $search->withConfirmedEmail();
-        }
-
-        /** @var Request[] $results */
-        $results = $search->getRecordCount($requestCount)->fetch();
-
-        if($requestCount > 0) {
-            $requestSectionData['Requests queued in the Job Queue'] = array(
-                'requests' => $this->prepareRequestData($results),
-                'total'    => $requestCount,
-                'api'      => 'JobQueue',
-                'type'     => 'JobQueue',
-                'special'  => 'Job Queue',
-                'help'     => 'This section lists all the requests which are currently waiting to be created by the tool. Requests should automatically disappear from here within a few minutes.',
-                'showAll'  => false
-            );
-        }
-    }
-
-    /**
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $config
-     * @param                   $requestSectionData
-     */
-    private function setupStatusSections(
-        PdoDatabase $database,
-        SiteConfiguration $config,
-        &$requestSectionData
-    ) {
-        $search = RequestSearchHelper::get($database)->limit($config->getMiserModeLimit())->notHospitalised();
-
-        if ($config->getEmailConfirmationEnabled()) {
-            $search->withConfirmedEmail();
-        }
-
-        $allRequestStates = $config->getRequestStates();
-        $requestsByStatus = $search->fetchByStatus(array_keys($allRequestStates));
-
-        foreach ($allRequestStates as $requestState => $requestStateConfig) {
-
-            $requestSectionData[$requestStateConfig['header']] = array(
-                'requests' => $this->prepareRequestData($requestsByStatus[$requestState]['data']),
-                'total'    => $requestsByStatus[$requestState]['count'],
-                'api'      => $requestStateConfig['api'],
-                'type'     => $requestState,
-                'special'  => null,
-                'help'     => $requestStateConfig['queuehelp'],
-                'showAll'  => true
-            );
-        }
-    }
+		$statement = $database->prepare($query);
+		$statement->execute();
+
+		$last5result = $statement->fetchAll(PDO::FETCH_ASSOC);
+
+		$this->assign('lastFive', $last5result);
+	}
+
+	/**
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $config
+	 * @param                   $requestSectionData
+	 */
+	private function setupHospitalQueue(
+		PdoDatabase $database,
+		SiteConfiguration $config,
+		&$requestSectionData
+	) {
+		$search = RequestSearchHelper::get($database)
+			->limit($config->getMiserModeLimit())
+			->excludingStatus('Closed')
+			->isHospitalised();
+
+		if ($config->getEmailConfirmationEnabled()) {
+			$search->withConfirmedEmail();
+		}
+
+		/** @var Request[] $results */
+		$results = $search->getRecordCount($requestCount)->fetch();
+
+		if($requestCount > 0) {
+			$requestSectionData['Hospital - Requests failed auto-creation'] = array(
+				'requests' => $this->prepareRequestData($results),
+				'total'    => $requestCount,
+				'api'      => 'hospital',
+				'type'     => 'hospital',
+				'special'  => 'Job Queue',
+				'help'     => 'This queue lists all the requests which have been attempted to be created in the background, but for which this has failed for one reason or another. Check the job queue to find the error. Requests here may need to be created manually, or it may be possible to re-queue the request for auto-creation by the tool, or it may have been created already. Use your own technical discretion here.',
+				'showAll'  => false
+			);
+		}
+	}
+
+	/**
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $config
+	 * @param                   $requestSectionData
+	 */
+	private function setupJobQueue(
+		PdoDatabase $database,
+		SiteConfiguration $config,
+		&$requestSectionData
+	) {
+		$search = RequestSearchHelper::get($database)
+			->limit($config->getMiserModeLimit())
+			->byStatus(RequestStatus::JOBQUEUE);
+
+		if ($config->getEmailConfirmationEnabled()) {
+			$search->withConfirmedEmail();
+		}
+
+		/** @var Request[] $results */
+		$results = $search->getRecordCount($requestCount)->fetch();
+
+		if($requestCount > 0) {
+			$requestSectionData['Requests queued in the Job Queue'] = array(
+				'requests' => $this->prepareRequestData($results),
+				'total'    => $requestCount,
+				'api'      => 'JobQueue',
+				'type'     => 'JobQueue',
+				'special'  => 'Job Queue',
+				'help'     => 'This section lists all the requests which are currently waiting to be created by the tool. Requests should automatically disappear from here within a few minutes.',
+				'showAll'  => false
+			);
+		}
+	}
+
+	/**
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $config
+	 * @param                   $requestSectionData
+	 */
+	private function setupStatusSections(
+		PdoDatabase $database,
+		SiteConfiguration $config,
+		&$requestSectionData
+	) {
+		$search = RequestSearchHelper::get($database)->limit($config->getMiserModeLimit())->notHospitalised();
+
+		if ($config->getEmailConfirmationEnabled()) {
+			$search->withConfirmedEmail();
+		}
+
+		$allRequestStates = $config->getRequestStates();
+		$requestsByStatus = $search->fetchByStatus(array_keys($allRequestStates));
+
+		foreach ($allRequestStates as $requestState => $requestStateConfig) {
+
+			$requestSectionData[$requestStateConfig['header']] = array(
+				'requests' => $this->prepareRequestData($requestsByStatus[$requestState]['data']),
+				'total'    => $requestsByStatus[$requestState]['count'],
+				'api'      => $requestStateConfig['api'],
+				'type'     => $requestState,
+				'special'  => null,
+				'help'     => $requestStateConfig['queuehelp'],
+				'showAll'  => true
+			);
+		}
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -106,7 +106,7 @@ 
         /** @var Request[] $results */
         $results = $search->getRecordCount($requestCount)->fetch();
 
-        if($requestCount > 0) {
+        if ($requestCount > 0) {
             $requestSectionData['Hospital - Requests failed auto-creation'] = array(
                 'requests' => $this->prepareRequestData($results),
                 'total'    => $requestCount,
@@ -140,7 +140,7 @@ 
         /** @var Request[] $results */
         $results = $search->getRecordCount($requestCount)->fetch();
 
-        if($requestCount > 0) {
+        if ($requestCount > 0) {
             $requestSectionData['Requests queued in the Job Queue'] = array(
                 'requests' => $this->prepareRequestData($results),
                 'total'    => $requestCount,

includes/Pages/UserAuth/Login/PagePasswordLogin.php

Indentation +27 added lines, -27 removed lines

@@ -13,31 +13,31 @@
 
 class PagePasswordLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-
-        if($partialId !== null && $partialStage > 1) {
-            $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
-            $statement = $this->getDatabase()->prepare($sql);
-            $statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
-            $nextStage = $statement->fetchColumn();
-            $statement->closeCursor();
-
-            $this->redirect("login/" . $this->nextPageMap[$nextStage]);
-            return;
-        }
-
-        $this->setTemplate('login/password.tpl');
-    }
-
-    protected function getProviderCredentials()
-    {
-        $password = WebRequest::postString("password");
-        if ($password === null || $password === "") {
-            throw new ApplicationLogicException("No password specified");
-        }
-
-        return $password;
-    }
+	protected function providerSpecificSetup()
+	{
+		list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+
+		if($partialId !== null && $partialStage > 1) {
+			$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
+			$statement = $this->getDatabase()->prepare($sql);
+			$statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
+			$nextStage = $statement->fetchColumn();
+			$statement->closeCursor();
+
+			$this->redirect("login/" . $this->nextPageMap[$nextStage]);
+			return;
+		}
+
+		$this->setTemplate('login/password.tpl');
+	}
+
+	protected function getProviderCredentials()
+	{
+		$password = WebRequest::postString("password");
+		if ($password === null || $password === "") {
+			throw new ApplicationLogicException("No password specified");
+		}
+
+		return $password;
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -17,7 +17,7 @@
     {
         list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
 
-        if($partialId !== null && $partialStage > 1) {
+        if ($partialId !== null && $partialStage > 1) {
             $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
             $statement = $this->getDatabase()->prepare($sql);
             $statement->execute(array(':user' => $partialId, ':stage' => $partialStage));

includes/Pages/UserAuth/Login/LoginCredentialPageBase.php

Indentation +311 added lines, -311 removed lines

@@ -21,315 +21,315 @@
 
 abstract class LoginCredentialPageBase extends InternalPageBase
 {
-    /** @var User */
-    protected $partialUser = null;
-    protected $nextPageMap = array(
-        'yubikeyotp' => 'otp',
-        'totp'       => 'otp',
-        'scratch'    => 'otp',
-        'u2f'        => 'u2f',
-    );
-    protected $names = array(
-        'yubikeyotp' => 'Yubikey OTP',
-        'totp'       => 'TOTP (phone code generator)',
-        'scratch'    => 'scratch token',
-        'u2f'        => 'U2F security token',
-    );
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        if (!$this->enforceHttps()) {
-            return;
-        }
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $database = $this->getDatabase();
-            try {
-                list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-
-                if ($partialStage === null) {
-                    $partialStage = 1;
-                }
-
-                if ($partialId === null) {
-                    $username = WebRequest::postString('username');
-
-                    if ($username === null || trim($username) === '') {
-                        throw new ApplicationLogicException('No username specified.');
-                    }
-
-                    $user = User::getByUsername($username, $database);
-                }
-                else {
-                    $user = User::getById($partialId, $database);
-                }
-
-                if ($user === false) {
-                    throw new ApplicationLogicException("Authentication failed");
-                }
-
-                $authMan = new AuthenticationManager($database, $this->getSiteConfiguration(),
-                    $this->getHttpHelper());
-
-                $credential = $this->getProviderCredentials();
-
-                $authResult = $authMan->authenticate($user, $credential, $partialStage);
-
-                if ($authResult === AuthenticationManager::AUTH_FAIL) {
-                    throw new ApplicationLogicException("Authentication failed");
-                }
-
-                if ($authResult === AuthenticationManager::AUTH_REQUIRE_NEXT_STAGE) {
-                    $this->processJumpNextStage($user, $partialStage, $database);
-
-                    return;
-                }
-
-                if ($authResult === AuthenticationManager::AUTH_OK) {
-                    $this->processLoginSuccess($user);
-
-                    return;
-                }
-            }
-            catch (ApplicationLogicException $ex) {
-                WebRequest::clearAuthPartialLogin();
-
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('login');
-
-                return;
-            }
-        }
-        else {
-            $this->assign('showSignIn', true);
-
-            $this->setupPartial();
-            $this->assignCSRFToken();
-            $this->providerSpecificSetup();
-        }
-    }
-
-    protected function isProtectedPage()
-    {
-        return false;
-    }
-
-    /**
-     * Enforces HTTPS on the login form
-     *
-     * @return bool
-     */
-    private function enforceHttps()
-    {
-        if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
-            if (WebRequest::isHttps()) {
-                // Client can clearly use HTTPS, so let's enforce it for all connections.
-                $this->headerQueue[] = "Strict-Transport-Security: max-age=15768000";
-            }
-            else {
-                // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
-
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    protected abstract function providerSpecificSetup();
-
-    protected function setupPartial()
-    {
-        $database = $this->getDatabase();
-
-        // default stuff
-        $this->assign('alternatives', array()); // 'u2f' => array('U2F token'), 'otp' => array('TOTP', 'scratch', 'yubiotp')));
-
-        // is this stage one?
-        list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-        if ($partialStage === null || $partialId === null) {
-            WebRequest::clearAuthPartialLogin();
-        }
-
-        // Check to see if we have a partial login in progress
-        $username = null;
-        if ($partialId !== null) {
-            // Yes, enforce this username
-            $this->partialUser = User::getById($partialId, $database);
-            $username = $this->partialUser->getUsername();
-
-            $this->setupAlternates($this->partialUser, $partialStage, $database);
-        }
-        else {
-            // No, see if we've preloaded a username
-            $preloadUsername = WebRequest::getString('tplUsername');
-            if ($preloadUsername !== null) {
-                $username = $preloadUsername;
-            }
-        }
-
-        if ($partialStage === null) {
-            $partialStage = 1;
-        }
-
-        $this->assign('partialStage', $partialStage);
-        $this->assign('username', $username);
-    }
-
-    /**
-     * Redirect the user back to wherever they came from after a successful login
-     *
-     * @param User $user
-     */
-    protected function goBackWhenceYouCame(User $user)
-    {
-        // Redirect to wherever the user came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            if ($user->isNewUser()) {
-                // home page isn't allowed, go to preferences instead
-                $this->redirect('preferences');
-            }
-            else {
-                // go to the home page
-                $this->redirect('');
-            }
-        }
-    }
-
-    private function processLoginSuccess(User $user)
-    {
-        // Touch force logout
-        $user->setForceLogout(false);
-        $user->save();
-
-        $oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
-            $this->getSiteConfiguration());
-
-        if ($oauth->isFullyLinked()) {
-            try {
-                // Reload the user's identity ticket.
-                $oauth->refreshIdentity();
-
-                // Check for blocks
-                if ($oauth->getIdentity()->getBlocked()) {
-                    // blocked!
-                    SessionAlert::error("You are currently blocked on-wiki. You will not be able to log in until you are unblocked.");
-                    $this->redirect('login');
-
-                    return;
-                }
-            }
-            catch (OAuthException $ex) {
-                // Oops. Refreshing ticket failed. Force a re-auth.
-                $authoriseUrl = $oauth->getRequestToken();
-                WebRequest::setOAuthPartialLogin($user);
-                $this->redirectUrl($authoriseUrl);
-
-                return;
-            }
-        }
-
-        if (($this->getSiteConfiguration()->getEnforceOAuth() && !$oauth->isFullyLinked())
-            || $oauth->isPartiallyLinked()
-        ) {
-            $authoriseUrl = $oauth->getRequestToken();
-            WebRequest::setOAuthPartialLogin($user);
-            $this->redirectUrl($authoriseUrl);
-
-            return;
-        }
-
-        WebRequest::setLoggedInUser($user);
-
-        $this->goBackWhenceYouCame($user);
-    }
-
-    protected abstract function getProviderCredentials();
-
-    /**
-     * @param User        $user
-     * @param int         $partialStage
-     * @param PdoDatabase $database
-     *
-     * @throws ApplicationLogicException
-     */
-    private function processJumpNextStage(User $user, $partialStage, PdoDatabase $database)
-    {
-        WebRequest::setAuthPartialLogin($user->getId(), $partialStage + 1);
-
-        $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage + 1));
-        $nextStage = $statement->fetchColumn();
-        $statement->closeCursor();
-
-        if (!isset($this->nextPageMap[$nextStage])) {
-            throw new ApplicationLogicException('Unknown page handler for next authentication stage.');
-        }
-
-        $this->redirect("login/" . $this->nextPageMap[$nextStage]);
-    }
-
-    private function setupAlternates(User $user, $partialStage, PdoDatabase $database)
-    {
-        // get the providers available
-        $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage));
-        $alternates = $statement->fetchAll(PDO::FETCH_COLUMN);
-
-        $types = array();
-        foreach ($alternates as $item) {
-            $type = $this->nextPageMap[$item];
-            if (!isset($types[$type])) {
-                $types[$type] = array();
-            }
-
-            $types[$type][] = $item;
-        }
-
-        $userOptions = array();
-        if (get_called_class() === PageOtpLogin::class) {
-            $userOptions = $this->setupUserOptionsForType($types, 'u2f', $userOptions);
-        }
-
-        if (get_called_class() === PageU2FLogin::class) {
-            $userOptions = $this->setupUserOptionsForType($types, 'otp', $userOptions);
-        }
-
-        $this->assign('alternatives', $userOptions);
-    }
-
-    /**
-     * @param $types
-     * @param $type
-     * @param $userOptions
-     *
-     * @return mixed
-     */
-    private function setupUserOptionsForType($types, $type, $userOptions)
-    {
-        if (isset($types[$type])) {
-            $options = $types[$type];
-
-            array_walk($options, function(&$val) {
-                $val = $this->names[$val];
-            });
-
-            $userOptions[$type] = $options;
-        }
-
-        return $userOptions;
-    }
+	/** @var User */
+	protected $partialUser = null;
+	protected $nextPageMap = array(
+		'yubikeyotp' => 'otp',
+		'totp'       => 'otp',
+		'scratch'    => 'otp',
+		'u2f'        => 'u2f',
+	);
+	protected $names = array(
+		'yubikeyotp' => 'Yubikey OTP',
+		'totp'       => 'TOTP (phone code generator)',
+		'scratch'    => 'scratch token',
+		'u2f'        => 'U2F security token',
+	);
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		if (!$this->enforceHttps()) {
+			return;
+		}
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$database = $this->getDatabase();
+			try {
+				list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+
+				if ($partialStage === null) {
+					$partialStage = 1;
+				}
+
+				if ($partialId === null) {
+					$username = WebRequest::postString('username');
+
+					if ($username === null || trim($username) === '') {
+						throw new ApplicationLogicException('No username specified.');
+					}
+
+					$user = User::getByUsername($username, $database);
+				}
+				else {
+					$user = User::getById($partialId, $database);
+				}
+
+				if ($user === false) {
+					throw new ApplicationLogicException("Authentication failed");
+				}
+
+				$authMan = new AuthenticationManager($database, $this->getSiteConfiguration(),
+					$this->getHttpHelper());
+
+				$credential = $this->getProviderCredentials();
+
+				$authResult = $authMan->authenticate($user, $credential, $partialStage);
+
+				if ($authResult === AuthenticationManager::AUTH_FAIL) {
+					throw new ApplicationLogicException("Authentication failed");
+				}
+
+				if ($authResult === AuthenticationManager::AUTH_REQUIRE_NEXT_STAGE) {
+					$this->processJumpNextStage($user, $partialStage, $database);
+
+					return;
+				}
+
+				if ($authResult === AuthenticationManager::AUTH_OK) {
+					$this->processLoginSuccess($user);
+
+					return;
+				}
+			}
+			catch (ApplicationLogicException $ex) {
+				WebRequest::clearAuthPartialLogin();
+
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('login');
+
+				return;
+			}
+		}
+		else {
+			$this->assign('showSignIn', true);
+
+			$this->setupPartial();
+			$this->assignCSRFToken();
+			$this->providerSpecificSetup();
+		}
+	}
+
+	protected function isProtectedPage()
+	{
+		return false;
+	}
+
+	/**
+	 * Enforces HTTPS on the login form
+	 *
+	 * @return bool
+	 */
+	private function enforceHttps()
+	{
+		if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
+			if (WebRequest::isHttps()) {
+				// Client can clearly use HTTPS, so let's enforce it for all connections.
+				$this->headerQueue[] = "Strict-Transport-Security: max-age=15768000";
+			}
+			else {
+				// This is the login form, not the request form. We need protection here.
+				$this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	protected abstract function providerSpecificSetup();
+
+	protected function setupPartial()
+	{
+		$database = $this->getDatabase();
+
+		// default stuff
+		$this->assign('alternatives', array()); // 'u2f' => array('U2F token'), 'otp' => array('TOTP', 'scratch', 'yubiotp')));
+
+		// is this stage one?
+		list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+		if ($partialStage === null || $partialId === null) {
+			WebRequest::clearAuthPartialLogin();
+		}
+
+		// Check to see if we have a partial login in progress
+		$username = null;
+		if ($partialId !== null) {
+			// Yes, enforce this username
+			$this->partialUser = User::getById($partialId, $database);
+			$username = $this->partialUser->getUsername();
+
+			$this->setupAlternates($this->partialUser, $partialStage, $database);
+		}
+		else {
+			// No, see if we've preloaded a username
+			$preloadUsername = WebRequest::getString('tplUsername');
+			if ($preloadUsername !== null) {
+				$username = $preloadUsername;
+			}
+		}
+
+		if ($partialStage === null) {
+			$partialStage = 1;
+		}
+
+		$this->assign('partialStage', $partialStage);
+		$this->assign('username', $username);
+	}
+
+	/**
+	 * Redirect the user back to wherever they came from after a successful login
+	 *
+	 * @param User $user
+	 */
+	protected function goBackWhenceYouCame(User $user)
+	{
+		// Redirect to wherever the user came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			if ($user->isNewUser()) {
+				// home page isn't allowed, go to preferences instead
+				$this->redirect('preferences');
+			}
+			else {
+				// go to the home page
+				$this->redirect('');
+			}
+		}
+	}
+
+	private function processLoginSuccess(User $user)
+	{
+		// Touch force logout
+		$user->setForceLogout(false);
+		$user->save();
+
+		$oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
+			$this->getSiteConfiguration());
+
+		if ($oauth->isFullyLinked()) {
+			try {
+				// Reload the user's identity ticket.
+				$oauth->refreshIdentity();
+
+				// Check for blocks
+				if ($oauth->getIdentity()->getBlocked()) {
+					// blocked!
+					SessionAlert::error("You are currently blocked on-wiki. You will not be able to log in until you are unblocked.");
+					$this->redirect('login');
+
+					return;
+				}
+			}
+			catch (OAuthException $ex) {
+				// Oops. Refreshing ticket failed. Force a re-auth.
+				$authoriseUrl = $oauth->getRequestToken();
+				WebRequest::setOAuthPartialLogin($user);
+				$this->redirectUrl($authoriseUrl);
+
+				return;
+			}
+		}
+
+		if (($this->getSiteConfiguration()->getEnforceOAuth() && !$oauth->isFullyLinked())
+			|| $oauth->isPartiallyLinked()
+		) {
+			$authoriseUrl = $oauth->getRequestToken();
+			WebRequest::setOAuthPartialLogin($user);
+			$this->redirectUrl($authoriseUrl);
+
+			return;
+		}
+
+		WebRequest::setLoggedInUser($user);
+
+		$this->goBackWhenceYouCame($user);
+	}
+
+	protected abstract function getProviderCredentials();
+
+	/**
+	 * @param User        $user
+	 * @param int         $partialStage
+	 * @param PdoDatabase $database
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function processJumpNextStage(User $user, $partialStage, PdoDatabase $database)
+	{
+		WebRequest::setAuthPartialLogin($user->getId(), $partialStage + 1);
+
+		$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage + 1));
+		$nextStage = $statement->fetchColumn();
+		$statement->closeCursor();
+
+		if (!isset($this->nextPageMap[$nextStage])) {
+			throw new ApplicationLogicException('Unknown page handler for next authentication stage.');
+		}
+
+		$this->redirect("login/" . $this->nextPageMap[$nextStage]);
+	}
+
+	private function setupAlternates(User $user, $partialStage, PdoDatabase $database)
+	{
+		// get the providers available
+		$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage));
+		$alternates = $statement->fetchAll(PDO::FETCH_COLUMN);
+
+		$types = array();
+		foreach ($alternates as $item) {
+			$type = $this->nextPageMap[$item];
+			if (!isset($types[$type])) {
+				$types[$type] = array();
+			}
+
+			$types[$type][] = $item;
+		}
+
+		$userOptions = array();
+		if (get_called_class() === PageOtpLogin::class) {
+			$userOptions = $this->setupUserOptionsForType($types, 'u2f', $userOptions);
+		}
+
+		if (get_called_class() === PageU2FLogin::class) {
+			$userOptions = $this->setupUserOptionsForType($types, 'otp', $userOptions);
+		}
+
+		$this->assign('alternatives', $userOptions);
+	}
+
+	/**
+	 * @param $types
+	 * @param $type
+	 * @param $userOptions
+	 *
+	 * @return mixed
+	 */
+	private function setupUserOptionsForType($types, $type, $userOptions)
+	{
+		if (isset($types[$type])) {
+			$options = $types[$type];
+
+			array_walk($options, function(&$val) {
+				$val = $this->names[$val];
+			});
+
+			$userOptions[$type] = $options;
+		}
+
+		return $userOptions;
+	}
 }

Braces +8 added lines, -13 removed lines

@@ -65,8 +65,7 @@ 
                     }
 
                     $user = User::getByUsername($username, $database);
-                }
-                else {
+                } else {
                     $user = User::getById($partialId, $database);
                 }
 
@@ -105,8 +104,7 @@ 
 
                 return;
             }
-        }
-        else {
+        } else {
             $this->assign('showSignIn', true);
 
             $this->setupPartial();
@@ -131,8 +129,7 @@ 
             if (WebRequest::isHttps()) {
                 // Client can clearly use HTTPS, so let's enforce it for all connections.
                 $this->headerQueue[] = "Strict-Transport-Security: max-age=15768000";
-            }
-            else {
+            } else {
                 // This is the login form, not the request form. We need protection here.
                 $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
 
@@ -166,8 +163,7 @@ 
             $username = $this->partialUser->getUsername();
 
             $this->setupAlternates($this->partialUser, $partialStage, $database);
-        }
-        else {
+        } else {
             // No, see if we've preloaded a username
             $preloadUsername = WebRequest::getString('tplUsername');
             if ($preloadUsername !== null) {
@@ -194,13 +190,11 @@ 
         $redirectDestination = WebRequest::clearPostLoginRedirect();
         if ($redirectDestination !== null) {
             $this->redirectUrl($redirectDestination);
-        }
-        else {
+        } else {
             if ($user->isNewUser()) {
                 // home page isn't allowed, go to preferences instead
                 $this->redirect('preferences');
-            }
-            else {
+            } else {
                 // go to the home page
                 $this->redirect('');
             }
@@ -323,7 +317,8 @@ 
         if (isset($types[$type])) {
             $options = $types[$type];
 
-            array_walk($options, function(&$val) {
+            array_walk($options, function(&$val)
+            {
                 $val = $this->names[$val];
             });
 

includes/Pages/UserAuth/Login/PageOtpLogin.php

Indentation +12 added lines, -12 removed lines

@@ -13,18 +13,18 @@
 
 class PageOtpLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        $this->setTemplate('login/otp.tpl');
-    }
+	protected function providerSpecificSetup()
+	{
+		$this->setTemplate('login/otp.tpl');
+	}
 
-    protected function getProviderCredentials()
-    {
-        $otp = WebRequest::postString("otp");
-        if ($otp === null || $otp === "") {
-            throw new ApplicationLogicException("No one-time code specified");
-        }
+	protected function getProviderCredentials()
+	{
+		$otp = WebRequest::postString("otp");
+		if ($otp === null || $otp === "") {
+			throw new ApplicationLogicException("No one-time code specified");
+		}
 
-        return $otp;
-    }
+		return $otp;
+	}
 }
\ No newline at end of file

includes/Pages/UserAuth/Login/PageU2FLogin.php

Indentation +22 added lines, -22 removed lines

@@ -14,20 +14,20 @@ 
 
 class PageU2FLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        $this->assign('showSignIn', false);
-        $this->setTemplate('login/u2f.tpl');
+	protected function providerSpecificSetup()
+	{
+		$this->assign('showSignIn', false);
+		$this->setTemplate('login/u2f.tpl');
 
-        if ($this->partialUser === null) {
-            throw new ApplicationLogicException("U2F cannot be first-stage authentication");
-        }
+		if ($this->partialUser === null) {
+			throw new ApplicationLogicException("U2F cannot be first-stage authentication");
+		}
 
-        $u2f = new U2FCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
-        $authData = json_encode($u2f->getAuthenticationData($this->partialUser));
+		$u2f = new U2FCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
+		$authData = json_encode($u2f->getAuthenticationData($this->partialUser));
 
-        $this->addJs('/vendor/yubico/u2flib-server/examples/assets/u2f-api.js');
-        $this->setTailScript($this->getCspManager()->getNonce(), <<<JS
+		$this->addJs('/vendor/yubico/u2flib-server/examples/assets/u2f-api.js');
+		$this->setTailScript($this->getCspManager()->getNonce(), <<<JS
 var request = {$authData};
 u2f.sign(request, function(data) {
     document.getElementById('authenticate').value=JSON.stringify(data);
@@ -35,19 +35,19 @@ 
     document.getElementById('loginForm').submit();
 });
 JS
-        );
+		);
 
-    }
+	}
 
-    protected function getProviderCredentials()
-    {
-        $authenticate = WebRequest::postString("authenticate");
-        $request = WebRequest::postString("request");
+	protected function getProviderCredentials()
+	{
+		$authenticate = WebRequest::postString("authenticate");
+		$request = WebRequest::postString("request");
 
-        if ($authenticate === null || $authenticate === "" || $request === null || $request === "") {
-              throw new ApplicationLogicException("No authentication specified");
-        }
+		if ($authenticate === null || $authenticate === "" || $request === null || $request === "") {
+			  throw new ApplicationLogicException("No authentication specified");
+		}
 
-        return array(json_decode($authenticate), json_decode($request), 'u2f');
-    }
+		return array(json_decode($authenticate), json_decode($request), 'u2f');
+	}
 }

includes/Pages/UserAuth/PageOAuthCallback.php

Indentation +77 added lines, -77 removed lines

@@ -18,92 +18,92 @@
 
 class PageOAuthCallback extends InternalPageBase
 {
-    /**
-     * @return bool
-     */
-    protected function isProtectedPage()
-    {
-        // This page is critical to ensuring OAuth functionality is operational.
-        return false;
-    }
+	/**
+	 * @return bool
+	 */
+	protected function isProtectedPage()
+	{
+		// This page is critical to ensuring OAuth functionality is operational.
+		return false;
+	}
 
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        // This should never get hit except by URL manipulation.
-        $this->redirect('');
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		// This should never get hit except by URL manipulation.
+		$this->redirect('');
+	}
 
-    /**
-     * Registered endpoint for the account creation callback.
-     *
-     * If this ever gets hit, something is wrong somewhere.
-     */
-    protected function create()
-    {
-        throw new Exception('OAuth account creation endpoint triggered.');
-    }
+	/**
+	 * Registered endpoint for the account creation callback.
+	 *
+	 * If this ever gets hit, something is wrong somewhere.
+	 */
+	protected function create()
+	{
+		throw new Exception('OAuth account creation endpoint triggered.');
+	}
 
-    /**
-     * Callback entry point
-     * @throws ApplicationLogicException
-     * @throws OptimisticLockFailedException
-     */
-    protected function authorise()
-    {
-        $oauthToken = WebRequest::getString('oauth_token');
-        $oauthVerifier = WebRequest::getString('oauth_verifier');
+	/**
+	 * Callback entry point
+	 * @throws ApplicationLogicException
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function authorise()
+	{
+		$oauthToken = WebRequest::getString('oauth_token');
+		$oauthVerifier = WebRequest::getString('oauth_verifier');
 
-        $this->doCallbackValidation($oauthToken, $oauthVerifier);
+		$this->doCallbackValidation($oauthToken, $oauthVerifier);
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $user = OAuthUserHelper::findUserByRequestToken($oauthToken, $database);
-        $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+		$user = OAuthUserHelper::findUserByRequestToken($oauthToken, $database);
+		$oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
 
-        try {
-            $oauth->completeHandshake($oauthVerifier);
-        }
-        catch (CurlException $ex) {
-            throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
-        }
+		try {
+			$oauth->completeHandshake($oauthVerifier);
+		}
+		catch (CurlException $ex) {
+			throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
+		}
 
-        // OK, we're the same session that just did a partial login that was redirected to OAuth. Let's upgrade the
-        // login to a full login
-        if (WebRequest::getOAuthPartialLogin() === $user->getId()) {
-            WebRequest::setLoggedInUser($user);
-        }
+		// OK, we're the same session that just did a partial login that was redirected to OAuth. Let's upgrade the
+		// login to a full login
+		if (WebRequest::getOAuthPartialLogin() === $user->getId()) {
+			WebRequest::setLoggedInUser($user);
+		}
 
-        // My thinking is there are three cases here:
-        //   a) new user => redirect to prefs - it's the only thing they can access other than stats
-        //   b) existing user hit the connect button in prefs => redirect to prefs since it's where they were
-        //   c) existing user logging in => redirect to wherever they came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null && !$user->isNewUser()) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            $this->redirect('preferences', null, null, 'internal.php');
-        }
-    }
+		// My thinking is there are three cases here:
+		//   a) new user => redirect to prefs - it's the only thing they can access other than stats
+		//   b) existing user hit the connect button in prefs => redirect to prefs since it's where they were
+		//   c) existing user logging in => redirect to wherever they came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null && !$user->isNewUser()) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			$this->redirect('preferences', null, null, 'internal.php');
+		}
+	}
 
-    /**
-     * @param string $oauthToken
-     * @param string $oauthVerifier
-     *
-     * @throws ApplicationLogicException
-     */
-    private function doCallbackValidation($oauthToken, $oauthVerifier)
-    {
-        if ($oauthToken === null) {
-            throw new ApplicationLogicException('No token provided');
-        }
+	/**
+	 * @param string $oauthToken
+	 * @param string $oauthVerifier
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function doCallbackValidation($oauthToken, $oauthVerifier)
+	{
+		if ($oauthToken === null) {
+			throw new ApplicationLogicException('No token provided');
+		}
 
-        if ($oauthVerifier === null) {
-            throw new ApplicationLogicException('No oauth verifier provided.');
-        }
-    }
+		if ($oauthVerifier === null) {
+			throw new ApplicationLogicException('No oauth verifier provided.');
+		}
+	}
 }
\ No newline at end of file

Braces +1 added lines, -2 removed lines

@@ -116,8 +116,7 @@
         $redirectDestination = WebRequest::clearPostLoginRedirect();
         if ($redirectDestination !== null && !$user->isNewUser()) {
             $this->redirectUrl($redirectDestination);
-        }
-        else {
+        } else {
             $this->redirect('preferences', null, null, 'internal.php');
         }
     }

includes/Pages/UserAuth/PageChangePassword.php

Indentation +57 added lines, -57 removed lines

@@ -17,71 +17,71 @@
 
 class PageChangePassword extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Change Password');
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Change Password');
 
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            try {
-                $oldPassword = WebRequest::postString('oldpassword');
-                $newPassword = WebRequest::postString('newpassword');
-                $newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			try {
+				$oldPassword = WebRequest::postString('oldpassword');
+				$newPassword = WebRequest::postString('newpassword');
+				$newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
 
-                $user = User::getCurrent($this->getDatabase());
-                if (!$user instanceof User) {
-                    throw new ApplicationLogicException('User not found');
-                }
+				$user = User::getCurrent($this->getDatabase());
+				if (!$user instanceof User) {
+					throw new ApplicationLogicException('User not found');
+				}
 
-                $this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
+				$this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
 
-                $passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
-                $passwordProvider->setCredential($user, 1, $newPassword);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('changePassword');
+				$passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
+				$passwordProvider->setCredential($user, 1, $newPassword);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('changePassword');
 
-                return;
-            }
+				return;
+			}
 
-            SessionAlert::success('Password changed successfully!');
+			SessionAlert::success('Password changed successfully!');
 
-            $this->redirect('preferences');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('preferences/changePassword.tpl');
-            $this->addJs("/vendor/dropbox/zxcvbn/dist/zxcvbn.js");
-        }
-    }
+			$this->redirect('preferences');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('preferences/changePassword.tpl');
+			$this->addJs("/vendor/dropbox/zxcvbn/dist/zxcvbn.js");
+		}
+	}
 
-    /**
-     * @param string $oldPassword
-     * @param string $newPassword
-     * @param string $newPasswordConfirmation
-     * @param User   $user
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
-    {
-        if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
-            throw new ApplicationLogicException('All three fields must be completed to change your password');
-        }
+	/**
+	 * @param string $oldPassword
+	 * @param string $newPassword
+	 * @param string $newPasswordConfirmation
+	 * @param User   $user
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
+	{
+		if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
+			throw new ApplicationLogicException('All three fields must be completed to change your password');
+		}
 
-        if ($newPassword !== $newPasswordConfirmation) {
-            throw new ApplicationLogicException('Your new passwords did not match!');
-        }
+		if ($newPassword !== $newPasswordConfirmation) {
+			throw new ApplicationLogicException('Your new passwords did not match!');
+		}
 
-        // TODO: adapt for MFA support
-        $passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
-        if (!$passwordProvider->authenticate($user, $oldPassword)) {
-            throw new ApplicationLogicException('The password you entered was incorrect.');
-        }
-    }
+		// TODO: adapt for MFA support
+		$passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
+		if (!$passwordProvider->authenticate($user, $oldPassword)) {
+			throw new ApplicationLogicException('The password you entered was incorrect.');
+		}
+	}
 }

Braces +1 added lines, -2 removed lines

@@ -52,8 +52,7 @@
             SessionAlert::success('Password changed successfully!');
 
             $this->redirect('preferences');
-        }
-        else {
+        } else {
             $this->assignCSRFToken();
             $this->setTemplate('preferences/changePassword.tpl');
             $this->addJs("/vendor/dropbox/zxcvbn/dist/zxcvbn.js");