Issues in main_controller.php (master) - Issues in master - paul999/phpbb_2fa - Measure and Improve Code Quality continuously with Scrutinizer

Issues (21)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

controller/main_controller.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
*
* 2FA extension for the phpBB Forum Software package.
*
* @copyright (c) 2015 Paul Sohier
* @license GNU General Public License, version 2 (GPL-2.0)
*
*/

namespace paul999\tfa\controller;

use paul999\tfa\helper\session_helper_interface;
use phpbb\db\driver\driver_interface;
use phpbb\exception\http_exception;
use phpbb\log\log;
use phpbb\request\request_interface;
use phpbb\template\template;
use phpbb\user;
use Symfony\Component\HttpFoundation\Response;

/**
 * Controller
 */
class main_controller
{

	/**
	 * @var template
	 */
	private $template;

	/**
	 * @var driver_interface
	 */
	private $db;

	/**
	 * @var user
	 */
	private $user;

	/**
	 * @var request_interface
	 */
	private $request;

	/**
	 * @var session_helper_interface
	 */
	private $session_helper;

	/**
	 * @var string
	 */
	private $root_path;

	/**
	 * @var string
	 */
	private $php_ext;
	/**
	 * @var log
	 */
	private $log;

	/**
	 * Constructor
	 *
	 * @access public
	 * @param driver_interface $db
	 * @param template $template
	 * @param user $user
	 * @param request_interface $request
	 * @param log $log
	 * @param session_helper_interface $session_helper
	 * @param string $root_path
	 * @param string $php_ext
	 */
	public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext)

	{
		$this->template 			= $template;
		$this->db					= $db;
		$this->user					= $user;
		$this->request				= $request;
		$this->session_helper		= $session_helper;
		$this->root_path			= $root_path;
		$this->php_ext				= $php_ext;
		$this->log                  = $log;
	}

	/**
	 * @param int  $user_id
	 * @param bool $admin
	 * @param bool $auto_login
	 * @param bool $viewonline
	 * @param string $class
	 * @return Response
	 * @throws http_exception
	 */
	public function submit($user_id, $admin, $auto_login, $viewonline, $class)
	{
		$this->user->add_lang_ext('paul999/tfa', 'common');

		if (!check_form_key('tfa_login_page'))
		{
			throw new http_exception(403, 'FORM_INVALID');
		}

		if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid'])
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}
		$random = $this->request->variable('random', '');

		if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40)
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}
		$sql_ary = array(
			'tfa_random' => '',
			'tfa_uid'    => 0,
		);
		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "
			WHERE
				session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND
				session_user_id = " . (int) $this->user->data['user_id'];
		$this->db->sql_query($sql);

		if (empty($class))
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}

		$module = $this->session_helper->find_module($class);

		if ($module == null)
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}

		$redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}");
		try
		{
			if (!$module->login($user_id))
			{
				$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']);
				$this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY'));
				$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
			}
		}
		catch (http_exception $ex) // @TODO: Replace exception with own exception

		{

			$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);

			if ($admin)
			{
				// Also log it to admin  log just to be sure.
				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
			}
			if ($ex->getStatusCode() == 400)
			{
				$this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage()));
				$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
			}
			else
			{
				throw $ex;
			}
		}

		$old_session_id = $this->user->session_id;
		if ($admin)
		{
			$cookie_expire = time() - 31536000;
			$this->user->set_cookie('u', '', $cookie_expire);
			$this->user->set_cookie('sid', '', $cookie_expire);
		}
		$result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline);

		// Successful session creation
		if ($result === true)
		{
			// Remove our cookie that causes filling in a key.
			$this->user->set_cookie('rn', '', time() + 3600 * 24, true);
			// If admin re-authentication we remove the old session entry because a new one has been created...
			if ($admin)
			{
				// the login array is used because the user ids do not differ for re-authentication
				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
					WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'
					AND session_user_id = " . (int) $user_id;
				$this->db->sql_query($sql);

				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_ADMIN_AUTH_SUCCESS');

				redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id']));
			}

			redirect(append_sid($redirect, false, true, $this->user->data['session_id']));
		}
		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
	}
}


1		<?php
2		/**
3		*
4		* 2FA extension for the phpBB Forum Software package.
5		*
6		* @copyright (c) 2015 Paul Sohier
7		* @license GNU General Public License, version 2 (GPL-2.0)
8		*
9		*/
10
11		namespace paul999\tfa\controller;
12
13		use paul999\tfa\helper\session_helper_interface;
14		use phpbb\db\driver\driver_interface;
15		use phpbb\exception\http_exception;
16		use phpbb\log\log;
17		use phpbb\request\request_interface;
18		use phpbb\template\template;
19		use phpbb\user;
20		use Symfony\Component\HttpFoundation\Response;
21
22		/**
23		* Controller
24		*/
25		class main_controller
26		{
27
28		/**
29		* @var template
30		*/
31		private $template;
32
33		/**
34		* @var driver_interface
35		*/
36		private $db;
37
38		/**
39		* @var user
40		*/
41		private $user;
42
43		/**
44		* @var request_interface
45		*/
46		private $request;
47
48		/**
49		* @var session_helper_interface
50		*/
51		private $session_helper;
52
53		/**
54		* @var string
55		*/
56		private $root_path;
57
58		/**
59		* @var string
60		*/
61		private $php_ext;
62		/**
63		* @var log
64		*/
65		private $log;
66
67		/**
68		* Constructor
69		*
70		* @access public
71		* @param driver_interface $db
72		* @param template $template
73		* @param user $user
74		* @param request_interface $request
75		* @param log $log
76		* @param session_helper_interface $session_helper
77		* @param string $root_path
78		* @param string $php_ext
79		*/
80	View Code Duplication	public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext)
		0 ignored issues – show Duplication introduced 2020-09-14 09:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
81		{
82		$this->template = $template;
83		$this->db = $db;
84		$this->user = $user;
85		$this->request = $request;
86		$this->session_helper = $session_helper;
87		$this->root_path = $root_path;
88		$this->php_ext = $php_ext;
89		$this->log = $log;
90		}
91
92		/**
93		* @param int $user_id
94		* @param bool $admin
95		* @param bool $auto_login
96		* @param bool $viewonline
97		* @param string $class
98		* @return Response
99		* @throws http_exception
100		*/
101		public function submit($user_id, $admin, $auto_login, $viewonline, $class)
102		{
103		$this->user->add_lang_ext('paul999/tfa', 'common');
104
105		if (!check_form_key('tfa_login_page'))
106		{
107		throw new http_exception(403, 'FORM_INVALID');
108		}
109
110		if (empty($this->user->data['tfa_random']) \|\| $user_id != $this->user->data['tfa_uid'])
111		{
112		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
113		}
114		$random = $this->request->variable('random', '');
115
116		if ($this->user->data['tfa_random'] !== $random \|\| strlen($random) !== 40)
117		{
118		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
119		}
120		$sql_ary = array(
121		'tfa_random' => '',
122		'tfa_uid' => 0,
123		);
124		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "
125		WHERE
126		session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND
127		session_user_id = " . (int) $this->user->data['user_id'];
128		$this->db->sql_query($sql);
129
130		if (empty($class))
131		{
132		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
133		}
134
135		$module = $this->session_helper->find_module($class);
136
137		if ($module == null)
138		{
139		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
140		}
141
142		$redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}");
143		try
144		{
145		if (!$module->login($user_id))
146		{
147		$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']);
148		$this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY'));
149		$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
150		}
151		}
152		catch (http_exception $ex) // @TODO: Replace exception with own exception
		0 ignored issues – show Bug introduced 2018-03-24 13:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `phpbb\exception\http_exception` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
153		{
154
155		$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
156
157		if ($admin)
158		{
159		// Also log it to admin log just to be sure.
160		$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
161		}
162		if ($ex->getStatusCode() == 400)
163		{
164		$this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage()));
165		$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
166		}
167		else
168		{
169		throw $ex;
170		}
171		}
172
173		$old_session_id = $this->user->session_id;
174		if ($admin)
175		{
176		$cookie_expire = time() - 31536000;
177		$this->user->set_cookie('u', '', $cookie_expire);
178		$this->user->set_cookie('sid', '', $cookie_expire);
179		}
180		$result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline);
181
182		// Successful session creation
183		if ($result === true)
184		{
185		// Remove our cookie that causes filling in a key.
186		$this->user->set_cookie('rn', '', time() + 3600 * 24, true);
187		// If admin re-authentication we remove the old session entry because a new one has been created...
188		if ($admin)
189		{
190		// the login array is used because the user ids do not differ for re-authentication
191		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
192		WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'
193		AND session_user_id = " . (int) $user_id;
194		$this->db->sql_query($sql);
195
196		$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_ADMIN_AUTH_SUCCESS');
197
198		redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id']));
199		}
200
201		redirect(append_sid($redirect, false, true, $this->user->data['session_id']));
202		}
203		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
204		}
205		}
206

paul999 / phpbb_2fa

Issues (21)

Security Analysis no request data

controller/main_controller.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like