o2system /
security
@@ -30,7 +30,7 @@ |
||
| 30 | 30 | } |
| 31 | 31 | } elseif ($offset === 'privileges') { |
| 32 | 32 | list($create, $read, $update, $delete, $import, $export, $print, $special) = array_pad(str_split($data), 8, |
| 33 | - 0); |
|
| 33 | + 0); |
|
| 34 | 34 | $data = [ |
| 35 | 35 | 'create' => ($create == '1' ? true : false), |
| 36 | 36 | 'read' => ($read == '1' ? true : false), |
@@ -99,7 +99,7 @@ |
||
| 99 | 99 | public function checkPrivilege($action) |
| 100 | 100 | { |
| 101 | 101 | if ($privileges = $this->get('privileges')) { |
| 102 | - return (bool) $privileges[ $action ]; |
|
| 102 | + return (bool)$privileges[$action]; |
|
| 103 | 103 | } |
| 104 | 104 | |
| 105 | 105 | return false; |
@@ -94,11 +94,11 @@ discard block |
||
| 94 | 94 | public function getAttempts() |
| 95 | 95 | { |
| 96 | 96 | $currentAttempts = 0; |
| 97 | - if(isset($_SESSION['userAttempts'])) { |
|
| 98 | - $currentAttempts = (int) $_SESSION['userAttempts']; |
|
| 97 | + if (isset($_SESSION['userAttempts'])) { |
|
| 98 | + $currentAttempts = (int)$_SESSION['userAttempts']; |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | - return (int) $currentAttempts; |
|
| 101 | + return (int)$currentAttempts; |
|
| 102 | 102 | } |
| 103 | 103 | |
| 104 | 104 | /** |
@@ -132,7 +132,7 @@ discard block |
||
| 132 | 132 | |
| 133 | 133 | public function signedOn() |
| 134 | 134 | { |
| 135 | - if($virtualUserId = input()->cookie('ssid')) { |
|
| 135 | + if ($virtualUserId = input()->cookie('ssid')) { |
|
| 136 | 136 | $cacheItemPool = $this->getCacheItemPool(); |
| 137 | 137 | return $cacheItemPool->hasItem('sso-' . $virtualUserId); |
| 138 | 138 | } |
@@ -142,9 +142,9 @@ discard block |
||
| 142 | 142 | |
| 143 | 143 | public function signOff() |
| 144 | 144 | { |
| 145 | - if($virtualUserId = input()->cookie('ssid')) { |
|
| 145 | + if ($virtualUserId = input()->cookie('ssid')) { |
|
| 146 | 146 | $cacheItemPool = $this->getCacheItemPool(); |
| 147 | - $cacheItemPool->deleteItem('sso-' . $virtualUserId); |
|
| 147 | + $cacheItemPool->deleteItem('sso-' . $virtualUserId); |
|
| 148 | 148 | delete_cookie('ssid'); |
| 149 | 149 | } |
| 150 | 150 | } |
@@ -153,9 +153,9 @@ discard block |
||
| 153 | 153 | { |
| 154 | 154 | if (isset($_SESSION['account'])) { |
| 155 | 155 | return true; |
| 156 | - } elseif($this->signedOn()) { |
|
| 156 | + } elseif ($this->signedOn()) { |
|
| 157 | 157 | $cacheItemPool = $this->getCacheItemPool(); |
| 158 | - $item = $cacheItemPool->getItem('sso-' . input()->cookie('ssid')); |
|
| 158 | + $item = $cacheItemPool->getItem('sso-' . input()->cookie('ssid')); |
|
| 159 | 159 | $_SESSION['account'] = $item->get(); |
| 160 | 160 | |
| 161 | 161 | return true; |
@@ -44,7 +44,7 @@ discard block |
||
| 44 | 44 | $data = implode('.', $segments); |
| 45 | 45 | |
| 46 | 46 | if (static::validAlgorithm($algorithm)) { |
| 47 | - list($function, $algorithm) = static::$supportedAlgorithms[ $algorithm ]; |
|
| 47 | + list($function, $algorithm) = static::$supportedAlgorithms[$algorithm]; |
|
| 48 | 48 | |
| 49 | 49 | switch ($function) { |
| 50 | 50 | case 'hash_hmac': |
@@ -70,7 +70,7 @@ discard block |
||
| 70 | 70 | $data = implode('.', $segments); |
| 71 | 71 | |
| 72 | 72 | if (static::validAlgorithm($algorithm)) { |
| 73 | - list($function, $algorithm) = static::$supportedAlgorithms[ $algorithm ]; |
|
| 73 | + list($function, $algorithm) = static::$supportedAlgorithms[$algorithm]; |
|
| 74 | 74 | |
| 75 | 75 | switch ($function) { |
| 76 | 76 | case 'hash_hmac': |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | |
| 103 | 103 | public function addHeader($key, $value) |
| 104 | 104 | { |
| 105 | - $this->headers[ $key ] = $value; |
|
| 105 | + $this->headers[$key] = $value; |
|
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | // ------------------------------------------------------------------------ |
@@ -154,7 +154,7 @@ discard block |
||
| 154 | 154 | list($headers, $payload, $signature) = $segments; |
| 155 | 155 | |
| 156 | 156 | // Base64 decode headers |
| 157 | - if(false === ($headers = Base64::decode($headers))) { |
|
| 157 | + if (false === ($headers = Base64::decode($headers))) { |
|
| 158 | 158 | $this->errors[] = 'Invalid header base64 decoding'; |
| 159 | 159 | return false; |
| 160 | 160 | } |
@@ -179,12 +179,12 @@ discard block |
||
| 179 | 179 | // Validate algorithm key id |
| 180 | 180 | if (is_array($key) or $key instanceof \ArrayAccess) { |
| 181 | 181 | if (isset($headers->kid)) { |
| 182 | - if ( ! isset($key[ $headers->kid ])) { |
|
| 182 | + if ( ! isset($key[$headers->kid])) { |
|
| 183 | 183 | $this->errors[] = 'Invalid Key Id'; |
| 184 | 184 | return false; |
| 185 | 185 | } |
| 186 | 186 | |
| 187 | - $key = $key[ $headers->kid ]; |
|
| 187 | + $key = $key[$headers->kid]; |
|
| 188 | 188 | } else { |
| 189 | 189 | $this->errors[] = 'Empty Key id'; |
| 190 | 190 | return false; |
@@ -192,7 +192,7 @@ discard block |
||
| 192 | 192 | } |
| 193 | 193 | |
| 194 | 194 | // Base64 decode payload |
| 195 | - if(false === ($payload = Base64::decode($payload))) { |
|
| 195 | + if (false === ($payload = Base64::decode($payload))) { |
|
| 196 | 196 | $this->errors[] = 'Invalid payload base64 decoding'; |
| 197 | 197 | return false; |
| 198 | 198 | } |
@@ -204,12 +204,12 @@ discard block |
||
| 204 | 204 | } |
| 205 | 205 | |
| 206 | 206 | // Base64 decode payload |
| 207 | - if(false === ($signature = Base64::decode($signature))) { |
|
| 207 | + if (false === ($signature = Base64::decode($signature))) { |
|
| 208 | 208 | $this->errors[] = 'Invalid signature base64 decoding'; |
| 209 | 209 | return false; |
| 210 | 210 | } |
| 211 | 211 | |
| 212 | - if(Signature::verify($token, $signature, $key, $headers->alg) === false) { |
|
| 212 | + if (Signature::verify($token, $signature, $key, $headers->alg) === false) { |
|
| 213 | 213 | $this->errors[] = 'Invalid signature'; |
| 214 | 214 | return false; |
| 215 | 215 | } |
@@ -38,9 +38,9 @@ |
||
| 38 | 38 | ? $token |
| 39 | 39 | : input()->server('HTTP_X_WEB_TOKEN');
|
| 40 | 40 | |
| 41 | - if(is_null($token)) {
|
|
| 41 | + if (is_null($token)) {
|
|
| 42 | 42 | return false; |
| 43 | - } elseif(is_callable($callback)) {
|
|
| 43 | + } elseif (is_callable($callback)) {
|
|
| 44 | 44 | return call_user_func($callback, $token); |
| 45 | 45 | } |
| 46 | 46 | |
@@ -188,20 +188,20 @@ discard block |
||
| 188 | 188 | |
| 189 | 189 | if ($authorization = input()->server('HTTP_AUTHORIZATION')) { |
| 190 | 190 | $authentication = unserialize(base64_decode($authorization)); |
| 191 | - if ($this->login($authentication[ 'username' ], $authentication[ 'password' ])) { |
|
| 191 | + if ($this->login($authentication['username'], $authentication['password'])) { |
|
| 192 | 192 | return true; |
| 193 | 193 | } |
| 194 | 194 | } else { |
| 195 | 195 | $authentication = $this->parseBasic(); |
| 196 | 196 | } |
| 197 | 197 | |
| 198 | - if ($this->login($authentication[ 'username' ], $authentication[ 'password' ])) { |
|
| 198 | + if ($this->login($authentication['username'], $authentication['password'])) { |
|
| 199 | 199 | |
| 200 | 200 | header('Authorization: Basic ' . base64_encode(serialize($authentication))); |
| 201 | 201 | |
| 202 | 202 | return true; |
| 203 | 203 | } else { |
| 204 | - unset($_SERVER[ 'PHP_AUTH_USER' ], $_SERVER[ 'PHP_AUTH_PW' ]); |
|
| 204 | + unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); |
|
| 205 | 205 | $this->protect(); |
| 206 | 206 | } |
| 207 | 207 | |
@@ -214,37 +214,37 @@ discard block |
||
| 214 | 214 | } |
| 215 | 215 | |
| 216 | 216 | if (isset($authentication) AND |
| 217 | - false !== ($password = $this->login($authentication[ 'username' ])) |
|
| 217 | + false !== ($password = $this->login($authentication['username'])) |
|
| 218 | 218 | ) { |
| 219 | - $A1 = md5($authentication[ 'username' ] . ':' . $this->realm . ':' . $password); |
|
| 220 | - $A2 = md5($_SERVER[ 'REQUEST_METHOD' ] . ':' . $authentication[ 'uri' ]); |
|
| 219 | + $A1 = md5($authentication['username'] . ':' . $this->realm . ':' . $password); |
|
| 220 | + $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $authentication['uri']); |
|
| 221 | 221 | $response = md5( |
| 222 | 222 | $A1 |
| 223 | 223 | . ':' |
| 224 | - . $authentication[ 'nonce' ] |
|
| 224 | + . $authentication['nonce'] |
|
| 225 | 225 | . ':' |
| 226 | - . $authentication[ 'nc' ] |
|
| 226 | + . $authentication['nc'] |
|
| 227 | 227 | . ':' |
| 228 | - . $authentication[ 'cnonce' ] |
|
| 228 | + . $authentication['cnonce'] |
|
| 229 | 229 | . ':' |
| 230 | - . $authentication[ 'qop' ] |
|
| 230 | + . $authentication['qop'] |
|
| 231 | 231 | . ':' |
| 232 | 232 | . $A2 |
| 233 | 233 | ); |
| 234 | 234 | |
| 235 | - if ($authentication[ 'response' ] === $response) { |
|
| 235 | + if ($authentication['response'] === $response) { |
|
| 236 | 236 | header( |
| 237 | 237 | sprintf( |
| 238 | 238 | 'Authorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", qop=%s, nc=%s, cnonce="%s", response="%s", opaque="%s"', |
| 239 | - $authentication[ 'username' ], |
|
| 239 | + $authentication['username'], |
|
| 240 | 240 | $this->realm, |
| 241 | - $authentication[ 'nonce' ], |
|
| 242 | - $authentication[ 'uri' ], |
|
| 243 | - $authentication[ 'qop' ], |
|
| 244 | - $authentication[ 'nc' ], |
|
| 245 | - $authentication[ 'cnonce' ], |
|
| 241 | + $authentication['nonce'], |
|
| 242 | + $authentication['uri'], |
|
| 243 | + $authentication['qop'], |
|
| 244 | + $authentication['nc'], |
|
| 245 | + $authentication['cnonce'], |
|
| 246 | 246 | $response, |
| 247 | - $authentication[ 'opaque' ] |
|
| 247 | + $authentication['opaque'] |
|
| 248 | 248 | ) |
| 249 | 249 | ); |
| 250 | 250 | |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | } |
| 253 | 253 | } |
| 254 | 254 | |
| 255 | - unset($_SERVER[ 'PHP_AUTH_DIGEST' ], $_SERVER[ 'HTTP_AUTHORIZATION' ]); |
|
| 255 | + unset($_SERVER['PHP_AUTH_DIGEST'], $_SERVER['HTTP_AUTHORIZATION']); |
|
| 256 | 256 | $this->protect(); |
| 257 | 257 | |
| 258 | 258 | break; |
@@ -283,7 +283,7 @@ discard block |
||
| 283 | 283 | return call_user_func_array($this->validation, func_get_args()); |
| 284 | 284 | } else { |
| 285 | 285 | if (array_key_exists($username, $this->users)) { |
| 286 | - if ($this->users[ $username ] === $password) { |
|
| 286 | + if ($this->users[$username] === $password) { |
|
| 287 | 287 | return true; |
| 288 | 288 | } |
| 289 | 289 | } |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | return call_user_func_array($this->validation, func_get_args()); |
| 297 | 297 | } else { |
| 298 | 298 | if (array_key_exists($username, $this->users)) { |
| 299 | - return $this->users[ $username ]; |
|
| 299 | + return $this->users[$username]; |
|
| 300 | 300 | } |
| 301 | 301 | } |
| 302 | 302 | } |
@@ -373,14 +373,14 @@ discard block |
||
| 373 | 373 | foreach ($parts as $part) { |
| 374 | 374 | $elements = explode('=', $part); |
| 375 | 375 | $elements = array_map( |
| 376 | - function ($element) { |
|
| 376 | + function($element) { |
|
| 377 | 377 | return trim(str_replace('"', '', $element)); |
| 378 | 378 | |
| 379 | 379 | }, |
| 380 | 380 | $elements |
| 381 | 381 | ); |
| 382 | 382 | |
| 383 | - $data[ $elements[ 0 ] ] = $elements[ 1 ]; |
|
| 383 | + $data[$elements[0]] = $elements[1]; |
|
| 384 | 384 | } |
| 385 | 385 | |
| 386 | 386 | return empty($data) |
