Issues in duo.load.php - All Issues - Inspection of "2.1.27" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — development ( 6d7540...1ff653 )

by Nils

created 2018-04-09 19:44 UTC

duo.load.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php
/**
 *
 * @file          duo.load.php
 * @author        Nils Laumaillé
 * @version       2.1.27
 * @copyright     (c) 2009-2018 Nils Laumaillé
 * @licensing     GNU GPL-3.0
 * @link          http://www.teampass.net
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

require_once('./sources/SecureHandler.php');
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
    die('Hacking attempt...');
}

// Load config
if (file_exists('../includes/config/tp.config.php')) {
    require_once '../includes/config/tp.config.php';
} elseif (file_exists('./includes/config/tp.config.php')) {
    require_once './includes/config/tp.config.php';
} else {
    throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1);
}

include $SETTINGS['cpassman_dir'].'/includes/config/settings.php';


/*
** This page contains the javascript call for DUOSecurity api
** It loads the expected iFrame where user gives his DUO credentials
** It sends the request to the DUO server
*/
?>
<script type="text/javascript">
//<![CDATA[
$(function() {
    $.getScript("./includes/libraries/Authentication/DuoSecurity/Duo-Web-v2.min.js");
    $.post(
        "sources/identify.php",
        {
            type : "identify_duo_user",
            login: sanitizeString($("#login").val())
        },
        function(data) {
            var ret = data[0].sig_request.split('|');
            if (ret[0] === "ERR") {
                $("#div_duo").html("ERROR " + ret[1]);
            } else {
                // preparing the DUO iframe
                var cssLink = $("<link rel='stylesheet' type='text/css' href='./includes/libraries/Authentication/DuoSecurity/Duo-Frame.css'>");
                $("head").append(cssLink);
                $("#div_duo").html('<iframe id="duo_iframe" frameborder="0" data-host="<?php echo HOST; ?>" data-sig-request="'+data[0].sig_request+'"></iframe>');


                // loading the DUO iframe
                Duo.init({
                    'host': '<?php echo HOST; ?>',
                    'sig_request': data[0].sig_request,
                    'post_action': "index.php?type=duo_check&"+data[0].csrfp_token+"="+data[0].csrfp_key
                });

                $("#duo_login").val($("#login").val());
                $("#duo_pwd").val($("#pw").val());
            }
        },
        "json"
    );
});
//]]>
</script>

1			<?php
2			/**
3			*
4			* @file duo.load.php
5			* @author Nils Laumaillé
6			* @version 2.1.27
7			* @copyright (c) 2009-2018 Nils Laumaillé
8			* @licensing GNU GPL-3.0
9			* @link http://www.teampass.net
10			*
11			* This library is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			*/
15
16			require_once('./sources/SecureHandler.php');
17			session_start();
18			if (!isset($_SESSION['CPM']) \|\| $_SESSION['CPM'] != 1) {
19			die('Hacking attempt...');
20			}
21
22			// Load config
23			if (file_exists('../includes/config/tp.config.php')) {
24			require_once '../includes/config/tp.config.php';
25			} elseif (file_exists('./includes/config/tp.config.php')) {
26			require_once './includes/config/tp.config.php';
27			} else {
28			throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1);
29			}
30
31			include $SETTINGS['cpassman_dir'].'/includes/config/settings.php';
32
33
34			/*
35			** This page contains the javascript call for DUOSecurity api
36			** It loads the expected iFrame where user gives his DUO credentials
37			** It sends the request to the DUO server
38			*/
39			?>
40			<script type="text/javascript">
41			//<![CDATA[
42			$(function() {
43			$.getScript("./includes/libraries/Authentication/DuoSecurity/Duo-Web-v2.min.js");
44			$.post(
45			"sources/identify.php",
46			{
47			type : "identify_duo_user",
48			login: sanitizeString($("#login").val())
49			},
50			function(data) {
51			var ret = data[0].sig_request.split('\|');
52			if (ret[0] === "ERR") {
53			$("#div_duo").html("ERROR " + ret[1]);
54			} else {
55			// preparing the DUO iframe
56			var cssLink = $("<link rel='stylesheet' type='text/css' href='./includes/libraries/Authentication/DuoSecurity/Duo-Frame.css'>");
57			$("head").append(cssLink);
58			$("#div_duo").html('<iframe id="duo_iframe" frameborder="0" data-host="<?php echo HOST; ?>" data-sig-request="'+data[0].sig_request+'"></iframe>');
			0 ignored issues – show Bug introduced 2018-03-16 21:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `HOST` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
59
60			// loading the DUO iframe
61			Duo.init({
62			'host': '<?php echo HOST; ?>',
63			'sig_request': data[0].sig_request,
64			'post_action': "index.php?type=duo_check&"+data[0].csrfp_token+"="+data[0].csrfp_key
65			});
66
67			$("#duo_login").val($("#login").val());
68			$("#duo_pwd").val($("#pw").val());
69			}
70			},
71			"json"
72			);
73			});
74			//]]>
75			</script>

nilsteampassnet / TeamPass

Push — development ( 6d7540...1ff653 )

duo.load.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like