Resendpwd::tplContent() - Code Metrics - Inspection of "Merge pull request #2350 from splitbrain/resendpwd..." - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a628a7...1ffed7 )

by Andreas

created 2018-04-28 10:36 UTC

Resendpwd::tplContent() A

↳ Parent: Resendpwd

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	1	Features	1

Metric	Value
cc	1
eloc	2
c	1
b	1
f	1
nc	1
nop	0
dl	0
loc	3
rs	10

<?php

namespace dokuwiki\Action;

use dokuwiki\Action\Exception\ActionAbort;
use dokuwiki\Action\Exception\ActionDisabledException;

/**
 * Class Resendpwd
 *
 * Handle password recovery
 *
 * @package dokuwiki\Action
 */
class Resendpwd extends AbstractAclAction {

    /** @inheritdoc */
    public function minimumPermission() {
        return AUTH_NONE;
    }

    /** @inheritdoc */
    public function checkPreconditions() {
        parent::checkPreconditions();

        /** @var \DokuWiki_Auth_Plugin $auth */
        global $auth;
        global $conf;
        if(isset($conf['resendpasswd']) && !$conf['resendpasswd']) throw new ActionDisabledException(); //legacy option
        if(!$auth->canDo('modPass')) throw new ActionDisabledException();
    }

    /** @inheritdoc */
    public function preProcess() {
        if($this->resendpwd()) {
            throw new ActionAbort('login');
        }
    }

    /** @inheritdoc */
    public function tplContent() {
        html_resendpwd();
    }

    /**
     * Send a  new password
     *
     * This function handles both phases of the password reset:
     *
     *   - handling the first request of password reset
     *   - validating the password reset auth token
     *
     * @author Benoit Chesneau <[email protected]>
     * @author Chris Smith <[email protected]>
     * @author Andreas Gohr <[email protected]>
     * @fixme this should be split up into multiple methods
     * @return bool true on success, false on any error
     */
    protected function resendpwd() {
        global $lang;
        global $conf;
        /* @var \DokuWiki_Auth_Plugin $auth */
        global $auth;
        global $INPUT;

        if(!actionOK('resendpwd')) {
            msg($lang['resendna'], -1);
            return false;
        }

        $token = preg_replace('/[^a-f0-9]+/', '', $INPUT->str('pwauth'));

        if($token) {
            // we're in token phase - get user info from token

            $tfile = $conf['cachedir'] . '/' . $token{0} . '/' . $token . '.pwauth';
            if(!file_exists($tfile)) {
                msg($lang['resendpwdbadauth'], -1);
                $INPUT->remove('pwauth');
                return false;
            }
            // token is only valid for 3 days
            if((time() - filemtime($tfile)) > (3 * 60 * 60 * 24)) {
                msg($lang['resendpwdbadauth'], -1);
                $INPUT->remove('pwauth');
                @unlink($tfile);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
                return false;
            }

            $user = io_readfile($tfile);
            $userinfo = $auth->getUserData($user, $requireGroups = false);
            if(!$userinfo['mail']) {
                msg($lang['resendpwdnouser'], -1);
                return false;
            }

            if(!$conf['autopasswd']) { // we let the user choose a password
                $pass = $INPUT->str('pass');

                // password given correctly?
                if(!$pass) return false;
                if($pass != $INPUT->str('passchk')) {
                    msg($lang['regbadpass'], -1);
                    return false;
                }

                // change it
                if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                    msg($lang['proffail'], -1);
                    return false;
                }

            } else { // autogenerate the password and send by mail

                $pass = auth_pwgen($user);
                if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                    msg($lang['proffail'], -1);
                    return false;
                }

                if(auth_sendPassword($user, $pass)) {
                    msg($lang['resendpwdsuccess'], 1);
                } else {
                    msg($lang['regmailfail'], -1);
                }
            }

            @unlink($tfile);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
            return true;

        } else {
            // we're in request phase

            if(!$INPUT->post->bool('save')) return false;

            if(!$INPUT->post->str('login')) {
                msg($lang['resendpwdmissing'], -1);
                return false;
            } else {
                $user = trim($auth->cleanUser($INPUT->post->str('login')));
            }

            $userinfo = $auth->getUserData($user, $requireGroups = false);
            if(!$userinfo['mail']) {
                msg($lang['resendpwdnouser'], -1);
                return false;
            }

            // generate auth token
            $token = md5(auth_randombytes(16)); // random secret
            $tfile = $conf['cachedir'] . '/' . $token{0} . '/' . $token . '.pwauth';
            $url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');

            io_saveFile($tfile, $user);

            $text = rawLocale('pwconfirm');
            $trep = array(
                'FULLNAME' => $userinfo['name'],
                'LOGIN' => $user,
                'CONFIRM' => $url
            );

            $mail = new \Mailer();
            $mail->to($userinfo['name'] . ' <' . $userinfo['mail'] . '>');
            $mail->subject($lang['regpwmail']);
            $mail->setBody($text, $trep);
            if($mail->send()) {
                msg($lang['resendpwdconfirm'], 1);
            } else {
                msg($lang['regmailfail'], -1);
            }
            return true;
        }
        // never reached
    }

}


1			<?php
2
3			namespace dokuwiki\Action;
4
5			use dokuwiki\Action\Exception\ActionAbort;
6			use dokuwiki\Action\Exception\ActionDisabledException;
7
8			/**
9			* Class Resendpwd
10			*
11			* Handle password recovery
12			*
13			* @package dokuwiki\Action
14			*/
15			class Resendpwd extends AbstractAclAction {
16
17			/** @inheritdoc */
18			public function minimumPermission() {
19			return AUTH_NONE;
20			}
21
22			/** @inheritdoc */
23			public function checkPreconditions() {
24			parent::checkPreconditions();
25
26			/** @var \DokuWiki_Auth_Plugin $auth */
27			global $auth;
28			global $conf;
29			if(isset($conf['resendpasswd']) && !$conf['resendpasswd']) throw new ActionDisabledException(); //legacy option
30			if(!$auth->canDo('modPass')) throw new ActionDisabledException();
31			}
32
33			/** @inheritdoc */
34			public function preProcess() {
35			if($this->resendpwd()) {
36			throw new ActionAbort('login');
37			}
38			}
39
40			/** @inheritdoc */
41			public function tplContent() {
42			html_resendpwd();
43			}
44
45			/**
46			* Send a new password
47			*
48			* This function handles both phases of the password reset:
49			*
50			* - handling the first request of password reset
51			* - validating the password reset auth token
52			*
53			* @author Benoit Chesneau <[email protected]>
54			* @author Chris Smith <[email protected]>
55			* @author Andreas Gohr <[email protected]>
56			* @fixme this should be split up into multiple methods
57			* @return bool true on success, false on any error
58			*/
59			protected function resendpwd() {
60			global $lang;
61			global $conf;
62			/* @var \DokuWiki_Auth_Plugin $auth */
63			global $auth;
64			global $INPUT;
65
66			if(!actionOK('resendpwd')) {
67			msg($lang['resendna'], -1);
68			return false;
69			}
70
71			$token = preg_replace('/[^a-f0-9]+/', '', $INPUT->str('pwauth'));
72
73			if($token) {
74			// we're in token phase - get user info from token
75
76			$tfile = $conf['cachedir'] . '/' . $token{0} . '/' . $token . '.pwauth';
77			if(!file_exists($tfile)) {
78			msg($lang['resendpwdbadauth'], -1);
79			$INPUT->remove('pwauth');
80			return false;
81			}
82			// token is only valid for 3 days
83			if((time() - filemtime($tfile)) > (3 * 60 * 60 * 24)) {
84			msg($lang['resendpwdbadauth'], -1);
85			$INPUT->remove('pwauth');
86			@unlink($tfile);
			1 ignored issue – show Security Best Practice introduced 2017-03-31 15:56 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
87			return false;
88			}
89
90			$user = io_readfile($tfile);
91			$userinfo = $auth->getUserData($user, $requireGroups = false);
92			if(!$userinfo['mail']) {
93			msg($lang['resendpwdnouser'], -1);
94			return false;
95			}
96
97			if(!$conf['autopasswd']) { // we let the user choose a password
98			$pass = $INPUT->str('pass');
99
100			// password given correctly?
101			if(!$pass) return false;
102			if($pass != $INPUT->str('passchk')) {
103			msg($lang['regbadpass'], -1);
104			return false;
105			}
106
107			// change it
108			if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
109			msg($lang['proffail'], -1);
110			return false;
111			}
112
113			} else { // autogenerate the password and send by mail
114
115			$pass = auth_pwgen($user);
116			if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
117			msg($lang['proffail'], -1);
118			return false;
119			}
120
121			if(auth_sendPassword($user, $pass)) {
122			msg($lang['resendpwdsuccess'], 1);
123			} else {
124			msg($lang['regmailfail'], -1);
125			}
126			}
127
128			@unlink($tfile);
			1 ignored issue – show Security Best Practice introduced 2017-03-31 15:56 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
129			return true;
130
131			} else {
132			// we're in request phase
133
134			if(!$INPUT->post->bool('save')) return false;
135
136			if(!$INPUT->post->str('login')) {
137			msg($lang['resendpwdmissing'], -1);
138			return false;
139			} else {
140			$user = trim($auth->cleanUser($INPUT->post->str('login')));
141			}
142
143			$userinfo = $auth->getUserData($user, $requireGroups = false);
144			if(!$userinfo['mail']) {
145			msg($lang['resendpwdnouser'], -1);
146			return false;
147			}
148
149			// generate auth token
150			$token = md5(auth_randombytes(16)); // random secret
151			$tfile = $conf['cachedir'] . '/' . $token{0} . '/' . $token . '.pwauth';
152			$url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');
153
154			io_saveFile($tfile, $user);
155
156			$text = rawLocale('pwconfirm');
157			$trep = array(
158			'FULLNAME' => $userinfo['name'],
159			'LOGIN' => $user,
160			'CONFIRM' => $url
161			);
162
163			$mail = new \Mailer();
164			$mail->to($userinfo['name'] . ' <' . $userinfo['mail'] . '>');
165			$mail->subject($lang['regpwmail']);
166			$mail->setBody($text, $trep);
167			if($mail->send()) {
168			msg($lang['resendpwdconfirm'], 1);
169			} else {
170			msg($lang['regmailfail'], -1);
171			}
172			return true;
173			}
174			// never reached
175			}
176
177			}
178

splitbrain / dokuwiki

Push — master ( a628a7...1ffed7 )

Resendpwd::tplContent() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like