Issues in auth.php (master) - Issues in master - shibdib/Dramiel - Measure and Improve Code Quality continuously with Scrutinizer

Issues (205)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/plugins/onMessage/auth.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * The MIT License (MIT)
 *
 * Copyright (c) 2016 Robert Sardinia
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
use discord\discord;

/**
 * Class auth
 */
class auth
namespace YourVendor;

class YourClass { }
{
    public $config;
    public $discord;
    public $logger;
    private $excludeChannel;
    private $nameEnforce;
    private $db;
    private $dbUser;
    private $dbPass;
    private $dbName;
    private $ssoUrl;
    private $corpTickers;
    private $authGroups;
    private $standingsBased;
    private $guild;
    private $triggers;

    /**
     * @param $config
     * @param $discord
     * @param $logger
     */
    public function init($config, $discord, $logger)
    {
        $this->config = $config;
        $this->discord = $discord;
        $this->logger = $logger;
        $this->db = $config['database']['host'];
        $this->dbUser = $config['database']['user'];
        $this->dbPass = $config['database']['pass'];
        $this->dbName = $config['database']['database'];
        $this->corpTickers = $config['plugins']['auth']['corpTickers'];
        $this->nameEnforce = $config['plugins']['auth']['nameEnforce'];
        $this->ssoUrl = $config['plugins']['auth']['url'];
        $this->excludeChannel = $this->config['bot']['restrictedChannels'];
        $this->authGroups = $config['plugins']['auth']['authGroups'];
        $this->standingsBased = $config['plugins']['auth']['standings']['enabled'];
        $this->guild = $config['bot']['guild'];
        $this->triggers[] = $this->config['bot']['trigger'] . 'auth';
        $this->triggers[] = $this->config['bot']['trigger'] . 'Auth';
    }

    /**
     * @param $msgData
     * @param $message
     * @return null
     */
    public function onMessage($msgData, $message)
    {
        $channelID = (int) $msgData['message']['channelID'];

        if (in_array($channelID, $this->excludeChannel, true)) {
            return null;
        }

        $this->message = $message;
        $userID = $msgData['message']['fromID'];
        $userName = $msgData['message']['from'];
        $message = $msgData['message']['message'];
        $guildID = $this->guild;
        $guild = $this->discord->guilds->get('id', $guildID);
        $data = command($message, $this->information()['trigger'], $this->config['bot']['trigger']);
        if (isset($data['trigger'])) {

            // If config is outdated
            if (null === $this->authGroups) {
                $this->message->reply('**Failure:** Please update the bots config to the latest version.');
                return null;
            }

            $code = $data['messageString'];
            $result = selectPending($this->db, $this->dbUser, $this->dbPass, $this->dbName, $code);

            if (strlen($code) < 12) {
                $this->message->reply('Invalid Code, check ' . $this->config['bot']['trigger'] . 'help auth for more info.');
                return null;
            }

            while ($rows = $result->fetch_assoc()) {
                $charID = (int) $rows['characterID'];
                $corpID = (int) $rows['corporationID'];
                $allianceID = (int) $rows['allianceID'];

                //If corp is new store in DB
                $corpInfo = getCorpInfo($corpID);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
                if (null === $corpInfo) {
                    $corpDetails = corpDetails($corpID);
                    if (null === $corpDetails) { // Make sure it's always set.
                        $this->message->reply('**Failure:** Unable to auth at this time, ESI is down. Please try again later.');
                        return null;
                    }
                    $corpTicker = $corpDetails['ticker'];
                    $corpName = (string) $corpDetails['corporation_name'];
                    if (null !== $corpTicker) {
                        addCorpInfo($corpID, $corpTicker, $corpName);
                    }
                } else {
                    $corpTicker = $corpInfo['corpTicker'];
                }

                //Add corp ticker to name
                if ($this->corpTickers === 'true') {
                    $setTicker = 1;
                }

                //Set eve name if nameCheck is true
                if ($this->nameEnforce === 'true') {
                    $nameEnforce = 1;
                }
                $role = null;

                $roles = @$guild->roles;
                $member = @$guild->members->get('id', $userID);
                if (null === $member) {
                    $this->message->reply("**Failure:** You're not a member of the correct guild.");
                    return null;
                }
                $eveName = characterName($charID);
                if (null === $eveName) {
                    $this->message->reply('**Failure:** Unable to auth at this time, ESI is down. Please try again later.');
                    return null;
                }
                foreach ($this->authGroups as $authGroup) {
                    //Check if it's set to match corp and alliance
                    if ($authGroup['corpID'] !== 0 && $authGroup['allianceID'] !== 0) {
                        //Check if corpID matches
                        if ($corpID === $authGroup['corpID'] && $allianceID === $authGroup['allianceID']) {
                            foreach ($roles as $role) {
                                if ((string) $role->name === (string) $authGroup['corpMemberRole']) {
                                    $member->addRole($role);
                                }
                                if ((string) $role->name === (string) $authGroup['allyMemberRole']) {
                                    $member->addRole($role);
                                    $role = 'corp/ally';
                                }
                            }
                            break;
                        }
                    } elseif ($authGroup['corpID'] !== 0 || $authGroup['allianceID'] !== 0) {
                        //Check if corpID matches
                        if ($corpID === $authGroup['corpID']) {
                            foreach ($roles as $role) {

                                if ((string) $role->name === (string) $authGroup['corpMemberRole']) {
                                    $member->addRole($role);
                                    $role = 'corp';
                                }
                            }
                            break;
                        }
                        //Check if allianceID matches
                        if ($allianceID === $authGroup['allianceID'] && $authGroup['allianceID'] !== 0) {
                            foreach ($roles as $role) {

                                if ((string) $role->name === (string) $authGroup['allyMemberRole']) {
                                    $member->addRole($role);
                                    $role = 'ally';
                                }
                            }
                            break;
                        }
                    }
                }
                //check for standings based roles
                if ($this->standingsBased === 'true' && $role === null) {
                    $allianceContacts = getContacts($allianceID);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
                    $corpContacts = getContacts($corpID);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
                    foreach ($roles as $role) {
                        if ((@(int) $allianceContacts['standing'] === 5 || @(int) $corpContacts['standing'] === 5) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['plus5Role']) {

                            $member->addRole($role);
                            $role = 'blue';
                            break;
                        }
                        if ((@(int) $allianceContacts['standing'] === 10 || @(int) $corpContacts['standing'] === 10) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['plus10Role']) {

                            $member->addRole($role);
                            $role = 'blue';
                            break;
                        }
                        if ((@(int) $allianceContacts['standing'] === -5 || @(int) $corpContacts['standing'] === -5) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['minus5Role']) {

                            $member->addRole($role);
                            $role = 'red';
                            break;
                        }
                        if ((@(int) $allianceContacts['standing'] === -10 || @(int) $corpContacts['standing'] === -10) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['minus10Role']) {

                            $member->addRole($role);
                            $role = 'red';
                            break;
                        }
                    }
                    if ($role === null) {
                        foreach ($roles as $role) {
                            if ((string) $role->name === (string) $this->config['plugins']['auth']['standings']['neutralRole']) {
                                $member->addRole($role);
                                $role = 'neut';
                                break;
                            }
                        }
                    }
                }
                if (null !== $role) {
                    $guild->members->save($member);
                    insertUser($this->db, $this->dbUser, $this->dbPass, $this->dbName, $userID, $charID, $eveName, $role);
                    disableReg($this->db, $this->dbUser, $this->dbPass, $this->dbName, $code);
                    $msg = ":white_check_mark: **Success:** {$eveName} has been successfully authed.";
                    $this->logger->addInfo("auth: {$eveName} authed");
                    $this->message->reply($msg);
                    //Add ticker if set and change name if nameEnforce is on
                    if (isset($setTicker) || isset($nameEnforce)) {
                        if (isset($setTicker) && isset($nameEnforce)) {
                            $nick = "[{$corpTicker}] {$eveName}";
                        } elseif (null === $setTicker && isset($nameEnforce)) {
                            $nick = "{$eveName}";
                        } elseif (isset($setTicker) && !isset($nameEnforce)) {
                            $nick = "[{$corpTicker}] {$userName}";
                        }
                    }
                    if (null !== $nick) {
                        queueRename($userID, $nick, $this->guild);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
                    }
                    return null;
                }
                $this->message->reply('**Failure:** There are no roles available for your corp/alliance.');
                $this->logger->addInfo('Auth: User was denied due to not being in the correct corp or alliance ' . $eveName);
                return null;
            }
            $this->message->reply('**Failure:** There was an issue with your code.');
            $this->logger->addInfo('Auth: User was denied due to the code being invalid ' . $userName);
            return null;
        }
        return null;
    }

    /**
     * @return array
     */
    public function information()
    {
        return array(
            'name' => 'auth',
            'trigger' => $this->triggers,
            'information' => 'SSO based auth system. ' . $this->ssoUrl . ' Visit the link and login with your main EVE account, select the correct character, and put the !auth <string> you receive in chat.'
        );
    }
}


Issues (205)

Security Analysis no request data

src/plugins/onMessage/auth.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2		/**
3		* The MIT License (MIT)
4		*
5		* Copyright (c) 2016 Robert Sardinia
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in all
15		* copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE.
24		*/
25		use discord\discord;
26
27		/**
28		* Class auth
29		*/
30		class auth
		0 ignored issues – show Coding Style Compatibility introduced 2016-07-16 19:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
31		{
32		public $config;
33		public $discord;
34		public $logger;
35		private $excludeChannel;
36		private $nameEnforce;
37		private $db;
38		private $dbUser;
39		private $dbPass;
40		private $dbName;
41		private $ssoUrl;
42		private $corpTickers;
43		private $authGroups;
44		private $standingsBased;
45		private $guild;
46		private $triggers;
47
48		/**
49		* @param $config
50		* @param $discord
51		* @param $logger
52		*/
53		public function init($config, $discord, $logger)
54		{
55		$this->config = $config;
56		$this->discord = $discord;
57		$this->logger = $logger;
58		$this->db = $config['database']['host'];
59		$this->dbUser = $config['database']['user'];
60		$this->dbPass = $config['database']['pass'];
61		$this->dbName = $config['database']['database'];
62		$this->corpTickers = $config['plugins']['auth']['corpTickers'];
63		$this->nameEnforce = $config['plugins']['auth']['nameEnforce'];
64		$this->ssoUrl = $config['plugins']['auth']['url'];
65		$this->excludeChannel = $this->config['bot']['restrictedChannels'];
66		$this->authGroups = $config['plugins']['auth']['authGroups'];
67		$this->standingsBased = $config['plugins']['auth']['standings']['enabled'];
68		$this->guild = $config['bot']['guild'];
69		$this->triggers[] = $this->config['bot']['trigger'] . 'auth';
70		$this->triggers[] = $this->config['bot']['trigger'] . 'Auth';
71		}
72
73		/**
74		* @param $msgData
75		* @param $message
76		* @return null
77		*/
78		public function onMessage($msgData, $message)
79		{
80		$channelID = (int) $msgData['message']['channelID'];
81
82		if (in_array($channelID, $this->excludeChannel, true)) {
83		return null;
84		}
85
86		$this->message = $message;
87		$userID = $msgData['message']['fromID'];
88		$userName = $msgData['message']['from'];
89		$message = $msgData['message']['message'];
90		$guildID = $this->guild;
91		$guild = $this->discord->guilds->get('id', $guildID);
92		$data = command($message, $this->information()['trigger'], $this->config['bot']['trigger']);
93		if (isset($data['trigger'])) {
94
95		// If config is outdated
96		if (null === $this->authGroups) {
97		$this->message->reply('Failure: Please update the bots config to the latest version.');
98		return null;
99		}
100
101		$code = $data['messageString'];
102		$result = selectPending($this->db, $this->dbUser, $this->dbPass, $this->dbName, $code);
103
104		if (strlen($code) < 12) {
105		$this->message->reply('Invalid Code, check ' . $this->config['bot']['trigger'] . 'help auth for more info.');
106		return null;
107		}
108
109		while ($rows = $result->fetch_assoc()) {
110		$charID = (int) $rows['characterID'];
111		$corpID = (int) $rows['corporationID'];
112		$allianceID = (int) $rows['allianceID'];
113
114		//If corp is new store in DB
115		$corpInfo = getCorpInfo($corpID);
		0 ignored issues – show Bug introduced 2016-11-30 18:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$corpInfo` is correct as `getCorpInfo($corpID)` (which targets `getCorpInfo()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
116		if (null === $corpInfo) {
117		$corpDetails = corpDetails($corpID);
118		if (null === $corpDetails) { // Make sure it's always set.
119		$this->message->reply('Failure: Unable to auth at this time, ESI is down. Please try again later.');
120		return null;
121		}
122		$corpTicker = $corpDetails['ticker'];
123		$corpName = (string) $corpDetails['corporation_name'];
124		if (null !== $corpTicker) {
125		addCorpInfo($corpID, $corpTicker, $corpName);
126		}
127		} else {
128		$corpTicker = $corpInfo['corpTicker'];
129		}
130
131		//Add corp ticker to name
132		if ($this->corpTickers === 'true') {
133		$setTicker = 1;
134		}
135
136		//Set eve name if nameCheck is true
137		if ($this->nameEnforce === 'true') {
138		$nameEnforce = 1;
139		}
140		$role = null;
141
142		$roles = @$guild->roles;
143		$member = @$guild->members->get('id', $userID);
144		if (null === $member) {
145		$this->message->reply("Failure: You're not a member of the correct guild.");
146		return null;
147		}
148		$eveName = characterName($charID);
149		if (null === $eveName) {
150		$this->message->reply('Failure: Unable to auth at this time, ESI is down. Please try again later.');
151		return null;
152		}
153		foreach ($this->authGroups as $authGroup) {
154		//Check if it's set to match corp and alliance
155		if ($authGroup['corpID'] !== 0 && $authGroup['allianceID'] !== 0) {
156		//Check if corpID matches
157		if ($corpID === $authGroup['corpID'] && $allianceID === $authGroup['allianceID']) {
158		foreach ($roles as $role) {
159		if ((string) $role->name === (string) $authGroup['corpMemberRole']) {
160		$member->addRole($role);
161		}
162		if ((string) $role->name === (string) $authGroup['allyMemberRole']) {
163		$member->addRole($role);
164		$role = 'corp/ally';
165		}
166		}
167		break;
168		}
169		} elseif ($authGroup['corpID'] !== 0 \|\| $authGroup['allianceID'] !== 0) {
170		//Check if corpID matches
171		if ($corpID === $authGroup['corpID']) {
172	View Code Duplication	foreach ($roles as $role) {
		0 ignored issues – show Duplication introduced 2016-07-16 19:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
173		if ((string) $role->name === (string) $authGroup['corpMemberRole']) {
174		$member->addRole($role);
175		$role = 'corp';
176		}
177		}
178		break;
179		}
180		//Check if allianceID matches
181		if ($allianceID === $authGroup['allianceID'] && $authGroup['allianceID'] !== 0) {
182	View Code Duplication	foreach ($roles as $role) {
		0 ignored issues – show Duplication introduced 2016-12-25 10:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
183		if ((string) $role->name === (string) $authGroup['allyMemberRole']) {
184		$member->addRole($role);
185		$role = 'ally';
186		}
187		}
188		break;
189		}
190		}
191		}
192		//check for standings based roles
193		if ($this->standingsBased === 'true' && $role === null) {
194		$allianceContacts = getContacts($allianceID);
		0 ignored issues – show Bug introduced 2016-12-25 10:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$allianceContacts` is correct as `getContacts($allianceID)` (which targets `getContacts()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
195		$corpContacts = getContacts($corpID);
		0 ignored issues – show Bug introduced 2016-12-25 10:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$corpContacts` is correct as `getContacts($corpID)` (which targets `getContacts()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
196		foreach ($roles as $role) {
197	View Code Duplication	if ((@(int) $allianceContacts['standing'] === 5 \|\| @(int) $corpContacts['standing'] === 5) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['plus5Role']) {
		0 ignored issues – show Duplication introduced 2017-01-23 18:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
198		$member->addRole($role);
199		$role = 'blue';
200		break;
201		}
202	View Code Duplication	if ((@(int) $allianceContacts['standing'] === 10 \|\| @(int) $corpContacts['standing'] === 10) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['plus10Role']) {
		0 ignored issues – show Duplication introduced 2017-01-23 18:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
203		$member->addRole($role);
204		$role = 'blue';
205		break;
206		}
207	View Code Duplication	if ((@(int) $allianceContacts['standing'] === -5 \|\| @(int) $corpContacts['standing'] === -5) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['minus5Role']) {
		0 ignored issues – show Duplication introduced 2017-01-23 18:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
208		$member->addRole($role);
209		$role = 'red';
210		break;
211		}
212	View Code Duplication	if ((@(int) $allianceContacts['standing'] === -10 \|\| @(int) $corpContacts['standing'] === -10) && (string) $role->name === (string) $this->config['plugins']['auth']['standings']['minus10Role']) {
		0 ignored issues – show Duplication introduced 2017-01-23 18:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
213		$member->addRole($role);
214		$role = 'red';
215		break;
216		}
217		}
218		if ($role === null) {
219		foreach ($roles as $role) {
220		if ((string) $role->name === (string) $this->config['plugins']['auth']['standings']['neutralRole']) {
221		$member->addRole($role);
222		$role = 'neut';
223		break;
224		}
225		}
226		}
227		}
228		if (null !== $role) {
229		$guild->members->save($member);
230		insertUser($this->db, $this->dbUser, $this->dbPass, $this->dbName, $userID, $charID, $eveName, $role);
231		disableReg($this->db, $this->dbUser, $this->dbPass, $this->dbName, $code);
232		$msg = ":white_check_mark: Success: {$eveName} has been successfully authed.";
233		$this->logger->addInfo("auth: {$eveName} authed");
234		$this->message->reply($msg);
235		//Add ticker if set and change name if nameEnforce is on
236		if (isset($setTicker) \|\| isset($nameEnforce)) {
237		if (isset($setTicker) && isset($nameEnforce)) {
238		$nick = "[{$corpTicker}] {$eveName}";
239		} elseif (null === $setTicker && isset($nameEnforce)) {
240		$nick = "{$eveName}";
241		} elseif (isset($setTicker) && !isset($nameEnforce)) {
242		$nick = "[{$corpTicker}] {$userName}";
243		}
244		}
245		if (null !== $nick) {
246		queueRename($userID, $nick, $this->guild);
		0 ignored issues – show Bug introduced 2016-12-13 14:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$nick` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
247		}
248		return null;
249		}
250		$this->message->reply('Failure: There are no roles available for your corp/alliance.');
251		$this->logger->addInfo('Auth: User was denied due to not being in the correct corp or alliance ' . $eveName);
252		return null;
253		}
254		$this->message->reply('Failure: There was an issue with your code.');
255		$this->logger->addInfo('Auth: User was denied due to the code being invalid ' . $userName);
256		return null;
257		}
258		return null;
259		}
260
261		/**
262		* @return array
263		*/
264		public function information()
265		{
266		return array(
267		'name' => 'auth',
268		'trigger' => $this->triggers,
269		'information' => 'SSO based auth system. ' . $this->ssoUrl . ' Visit the link and login with your main EVE account, select the correct character, and put the !auth <string> you receive in chat.'
270		);
271		}
272		}
273

shibdib / Dramiel

Issues (205)

Security Analysis no request data

src/plugins/onMessage/auth.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like