Auth - Code Metrics - panique/huge - Measure and Improve Code Quality continuously with Scrutinizer

Auth A
last analyzed 2020-05-13 16:02 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	73
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	4

Importance

Changes

Metric	Value
wmc	8
lcom	0
cbo	4
dl	0
loc	73
rs	10
c	0
b	0
f	0

3 Methods

Rating	Name	Size	Complexity
A	checkAuthentication()	25	2
A	checkAdminAuthentication()	20	3
A	checkSessionConcurrency()	9	3

<?php

/**
 * Class Auth
 * Checks if user is logged in, if not then sends the user to "yourdomain.com/login".
 * Auth::checkAuthentication() can be used in the constructor of a controller (to make the
 * entire controller only visible for logged-in users) or inside a controller-method to make only this part of the
 * application available for logged-in users.
 */
class Auth
{
    /**
     * The normal authentication flow, just check if the user is logged in (by looking into the session).
     * If user is not, then he will be redirected to login page and the application is hard-stopped via exit().
     */
    public static function checkAuthentication()
    {
        // initialize the session (if not initialized yet)
        Session::init();

        // self::checkSessionConcurrency();

        // if user is NOT logged in...
        // (if user IS logged in the application will not run the code below and therefore just go on)
        if (!Session::userIsLoggedIn()) {

            // ... then treat user as "not logged in", destroy session, redirect to login page
            Session::destroy();

            // send the user to the login form page, but also add the current page's URI (the part after the base URL)
            // as a parameter argument, making it possible to send the user back to where he/she came from after a
            // successful login
            header('location: ' . Config::get('URL') . 'login?redirect=' . urlencode($_SERVER['REQUEST_URI']));

            // to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application
            // the hard way, via exit(). @see https://github.com/panique/php-login/issues/453
            // this is not optimal and will be fixed in future releases
            exit();
        }
    }

    /**
     * The admin authentication flow, just check if the user is logged in (by looking into the session) AND has
     * user role type 7 (currently there's only type 1 (normal user), type 2 (premium user) and 7 (admin)).
     * If user is not, then he will be redirected to login page and the application is hard-stopped via exit().
     * Using this method makes only sense in controllers that should only be used by admins.
     */
    public static function checkAdminAuthentication()
    {
        // initialize the session (if not initialized yet)
        Session::init();

        // self::checkSessionConcurrency();

        // if user is not logged in or is not an admin (= not role type 7)
        if (!Session::userIsLoggedIn() || Session::get("user_account_type") != 7) {

            // ... then treat user as "not logged in", destroy session, redirect to login page
            Session::destroy();
            header('location: ' . Config::get('URL') . 'login');

            // to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application
            // the hard way, via exit(). @see https://github.com/panique/php-login/issues/453
            // this is not optimal and will be fixed in future releases
            exit();
        }
    }

    /**
     * Detects if there is concurrent session (i.e. another user logged in with the same current user credentials),
     * If so, then logout.
     */
    public static function checkSessionConcurrency(){
        if(Session::userIsLoggedIn()){
            if(Session::isConcurrentSessionExists()){
                LoginModel::logout();
                Redirect::home();
                exit();
            }
        }
    }
}


1			<?php
2
3			/**
4			* Class Auth
5			* Checks if user is logged in, if not then sends the user to "yourdomain.com/login".
6			* Auth::checkAuthentication() can be used in the constructor of a controller (to make the
7			* entire controller only visible for logged-in users) or inside a controller-method to make only this part of the
8			* application available for logged-in users.
9			*/
10			class Auth
11			{
12			/**
13			* The normal authentication flow, just check if the user is logged in (by looking into the session).
14			* If user is not, then he will be redirected to login page and the application is hard-stopped via exit().
15			*/
16			public static function checkAuthentication()
17			{
18			// initialize the session (if not initialized yet)
19			Session::init();
20
21			// self::checkSessionConcurrency();
22
23			// if user is NOT logged in...
24			// (if user IS logged in the application will not run the code below and therefore just go on)
25			if (!Session::userIsLoggedIn()) {
26
27			// ... then treat user as "not logged in", destroy session, redirect to login page
28			Session::destroy();
29
30			// send the user to the login form page, but also add the current page's URI (the part after the base URL)
31			// as a parameter argument, making it possible to send the user back to where he/she came from after a
32			// successful login
33			header('location: ' . Config::get('URL') . 'login?redirect=' . urlencode($_SERVER['REQUEST_URI']));
34
35			// to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application
36			// the hard way, via exit(). @see https://github.com/panique/php-login/issues/453
37			// this is not optimal and will be fixed in future releases
38			exit();
39			}
40			}
41
42			/**
43			* The admin authentication flow, just check if the user is logged in (by looking into the session) AND has
44			* user role type 7 (currently there's only type 1 (normal user), type 2 (premium user) and 7 (admin)).
45			* If user is not, then he will be redirected to login page and the application is hard-stopped via exit().
46			* Using this method makes only sense in controllers that should only be used by admins.
47			*/
48			public static function checkAdminAuthentication()
49			{
50			// initialize the session (if not initialized yet)
51			Session::init();
52
53			// self::checkSessionConcurrency();
54
55			// if user is not logged in or is not an admin (= not role type 7)
56			if (!Session::userIsLoggedIn() \|\| Session::get("user_account_type") != 7) {
57
58			// ... then treat user as "not logged in", destroy session, redirect to login page
59			Session::destroy();
60			header('location: ' . Config::get('URL') . 'login');
61
62			// to prevent fetching views via cURL (which "ignores" the header-redirect above) we leave the application
63			// the hard way, via exit(). @see https://github.com/panique/php-login/issues/453
64			// this is not optimal and will be fixed in future releases
65			exit();
66			}
67			}
68
69			/**
70			* Detects if there is concurrent session (i.e. another user logged in with the same current user credentials),
71			* If so, then logout.
72			*/
73			public static function checkSessionConcurrency(){
74			if(Session::userIsLoggedIn()){
75			if(Session::isConcurrentSessionExists()){
76			LoginModel::logout();
77			Redirect::home();
78			exit();
79			}
80			}
81			}
82			}
83

panique / huge

GitHub Access Token became invalid

Auth A last analyzed 2020-05-13 16:02 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

3 Methods

Duplication Side-by-Side

Filter issues like

Auth A
last analyzed 2020-05-13 16:02 UTC