Issues in LoginFormProcess.php - Fixed Issues - Inspection of "Increase a little password work factor to 15" - pH7Software/pH7-Social-Dating-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (6a6544)

by Pierre-Henry

created 2017-03-19 10:53 UTC

affiliate/forms/processing/LoginFormProcess.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @author         Pierre-Henry Soria <[email protected]>
 * @copyright      (c) 2012-2017, Pierre-Henry Soria. All Rights Reserved.
 * @license        GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory.
 * @package        PH7 / App / System / Module / Affiliate / Form / Processing
 */
namespace PH7;
defined('PH7') or exit('Restricted access');

use
PH7\Framework\Mvc\Model\DbConfig,
PH7\Framework\Mvc\Router\Uri,
PH7\Framework\Url\Header,
PH7\Framework\Mvc\Model\Security as SecurityModel;

class LoginFormProcess extends Form

{
    public function __construct()
    {
        parent::__construct();

        $oAffModel = new AffiliateModel;
        $oSecurityModel = new SecurityModel;

        $sEmail = $this->httpRequest->post('mail');
        $sPassword = $this->httpRequest->post('password');

        /** Check if the connection is not locked **/
        $bIsLoginAttempt = (bool) DbConfig::getSetting('isAffiliateLoginAttempt');
        $iMaxAttempts = (int) DbConfig::getSetting('maxAffiliateLoginAttempts');
        $iTimeDelay = (int) DbConfig::getSetting('loginAffiliateAttemptTime');

        if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Affiliates'))
        {
            \PFBC\Form::setError('form_login_aff', Form::loginAttemptsExceededMsg($iTimeDelay));
            return; // Stop execution of the method.
        }

        // Check Login
        $sLogin = $oAffModel->login($sEmail, $sPassword, 'Affiliates');
        if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist')
        {
            sleep(1); // Security against brute-force attack to avoid drowning the server and the database

            if ($sLogin === 'email_does_not_exist')
            {
                $this->enableCaptcha();
                \PFBC\Form::setError('form_login_aff', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail,0,PH7_MAX_EMAIL_LENGTH))));
                $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username', 'Affiliates');
            }
            elseif ($sLogin === 'password_does_not_exist')
            {
                $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password', 'Affiliates');

                if ($bIsLoginAttempt)
                    $oSecurityModel->addLoginAttempt('Affiliates');

                $this->enableCaptcha();
                $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
                $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
                $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password','main','forgot','affiliate'));
                \PFBC\Form::setError('form_login_aff', $sWrongPwdTxt);
            }
        }
        else
        {
            $oSecurityModel->clearLoginAttempts('Affiliates');
            $this->session->remove('captcha_aff_enabled');
            $iId = $oAffModel->getId($sEmail, null, 'Affiliates');
            $oAffData = $oAffModel->readProfile($iId, 'Affiliates');
            $oAff = new AffiliateCore;

            if (true !== ($mStatus = $oAff->checkAccountStatus($oAffData)))
            {
                \PFBC\Form::setError('form_login_aff', $mStatus);
            }
            else
            {
                $o2FactorModel = new TwoFactorAuthCoreModel('affiliate');
                if ($o2FactorModel->isEnabled($iId))
                {
                    // Store the affiliate ID for 2FA
                    $this->session->set(TwoFactorAuthCore::PROFILE_ID_SESS_NAME, $iId);

                    Header::redirect(Uri::get('two-factor-auth', 'main', 'verificationcode', 'affiliate'));
                }
                else
                {
                    $oAff->setAuth($oAffData, $oAffModel, $this->session, $oSecurityModel);

                    Header::redirect(Uri::get('affiliate','account','index'), t('You are successfully logged in!'));
                }
            }
        }
    }

    /**
     * Enable the Captcha on the login form.
     *
     * @return void
     */
    protected function enableCaptcha()
    {
        $this->session->set('captcha_aff_enabled',1);
    }
}


1			<?php
2			/**
3			* @author Pierre-Henry Soria <[email protected]>
4			* @copyright (c) 2012-2017, Pierre-Henry Soria. All Rights Reserved.
5			* @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory.
6			* @package PH7 / App / System / Module / Affiliate / Form / Processing
7			*/
8			namespace PH7;
9			defined('PH7') or exit('Restricted access');
10
11			use
12			PH7\Framework\Mvc\Model\DbConfig,
13			PH7\Framework\Mvc\Router\Uri,
14			PH7\Framework\Url\Header,
15			PH7\Framework\Mvc\Model\Security as SecurityModel;
16
17			class LoginFormProcess extends Form
			0 ignored issues – show Comprehensibility Best Practice introduced 2017-02-18 20:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `PH7\LoginFormProcess` has been defined more than once; this definition is ignored, only the first definition in `_protected/app/system/mo...ng/LoginFormProcess.php` (L19-106) is considered. This check looks for classes that have been defined more than once. If you can, we would recommend to use standard object-oriented programming techniques. For example, to avoid multiple types, it might make sense to create a common interface, and then multiple, different implementations for that interface. This also has the side-effect of providing you with better IDE auto-completion, static analysis and also better OPCode caching from PHP. Loading history...
18			{
19			public function __construct()
20			{
21			parent::__construct();
22
23			$oAffModel = new AffiliateModel;
24			$oSecurityModel = new SecurityModel;
25
26			$sEmail = $this->httpRequest->post('mail');
27			$sPassword = $this->httpRequest->post('password');
28
29			/ Check if the connection is not locked /
30			$bIsLoginAttempt = (bool) DbConfig::getSetting('isAffiliateLoginAttempt');
31			$iMaxAttempts = (int) DbConfig::getSetting('maxAffiliateLoginAttempts');
32			$iTimeDelay = (int) DbConfig::getSetting('loginAffiliateAttemptTime');
33
34			if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Affiliates'))
35			{
36			\PFBC\Form::setError('form_login_aff', Form::loginAttemptsExceededMsg($iTimeDelay));
37			return; // Stop execution of the method.
38			}
39
40			// Check Login
41			$sLogin = $oAffModel->login($sEmail, $sPassword, 'Affiliates');
42			if ($sLogin === 'email_does_not_exist' \|\| $sLogin === 'password_does_not_exist')
43			{
44			sleep(1); // Security against brute-force attack to avoid drowning the server and the database
45
46			if ($sLogin === 'email_does_not_exist')
47			{
48			$this->enableCaptcha();
49			\PFBC\Form::setError('form_login_aff', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail,0,PH7_MAX_EMAIL_LENGTH))));
50			$oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username', 'Affiliates');
51			}
52			elseif ($sLogin === 'password_does_not_exist')
53			{
54			$oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password', 'Affiliates');
55
56			if ($bIsLoginAttempt)
57			$oSecurityModel->addLoginAttempt('Affiliates');
58
59			$this->enableCaptcha();
60			$sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
61			$sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
62			$sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password','main','forgot','affiliate'));
63			\PFBC\Form::setError('form_login_aff', $sWrongPwdTxt);
64			}
65			}
66			else
67			{
68			$oSecurityModel->clearLoginAttempts('Affiliates');
69			$this->session->remove('captcha_aff_enabled');
70			$iId = $oAffModel->getId($sEmail, null, 'Affiliates');
71			$oAffData = $oAffModel->readProfile($iId, 'Affiliates');
72			$oAff = new AffiliateCore;
73
74			if (true !== ($mStatus = $oAff->checkAccountStatus($oAffData)))
75			{
76			\PFBC\Form::setError('form_login_aff', $mStatus);
77			}
78			else
79			{
80			$o2FactorModel = new TwoFactorAuthCoreModel('affiliate');
81			if ($o2FactorModel->isEnabled($iId))
82			{
83			// Store the affiliate ID for 2FA
84			$this->session->set(TwoFactorAuthCore::PROFILE_ID_SESS_NAME, $iId);
85
86			Header::redirect(Uri::get('two-factor-auth', 'main', 'verificationcode', 'affiliate'));
87			}
88			else
89			{
90			$oAff->setAuth($oAffData, $oAffModel, $this->session, $oSecurityModel);
91
92			Header::redirect(Uri::get('affiliate','account','index'), t('You are successfully logged in!'));
93			}
94			}
95			}
96			}
97
98			/**
99			* Enable the Captcha on the login form.
100			*
101			* @return void
102			*/
103			protected function enableCaptcha()
104			{
105			$this->session->set('captcha_aff_enabled',1);
106			}
107			}
108

pH7Software / pH7-Social-Dating-CMS

Branch — master (6a6544)

affiliate/forms/processing/LoginFormProcess.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like