From 59bc3b48fdffb76ee65a4b630be3ffa1f6c20c80 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Mon, 29 Sep 2014 21:45:27 +0200 Subject: more scrutinizer issue improvements --- inc/auth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e938830ef..dc2b6cad8 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1129,6 +1129,7 @@ function auth_deleteprofile(){ } } + $deleted = array(); $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie -- cgit v1.2.3 From 42ea7f447f39fbc2f79eaaec31f8c10ede59c5d0 Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Wed, 1 Oct 2014 11:30:27 +0200 Subject: Many PHPDocs, some unused and dyn declared vars many PHPDocs some unused variables some dynamically declared variables declared --- inc/auth.php | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index dc2b6cad8..3a6a2f65a 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -127,6 +127,7 @@ function auth_setup() { * Loads the ACL setup and handle user wildcards * * @author Andreas Gohr + * * @return array */ function auth_loadACL() { @@ -173,7 +174,7 @@ function auth_loadACL() { /** * Event hook callback for AUTH_LOGIN_CHECK * - * @param $evdata + * @param array $evdata * @return bool */ function auth_login_wrapper($evdata) { @@ -280,6 +281,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { * token is correct. Will exit with a 401 Status if not. * * @author Andreas Gohr + * * @param string $token The authentication token * @return boolean true (or will exit on failure) */ @@ -307,6 +309,7 @@ function auth_validateToken($token) { * NOTE: this is completely unrelated to the getSecurityToken() function * * @author Andreas Gohr + * * @return string The auth token */ function auth_createToken() { @@ -351,6 +354,7 @@ function auth_browseruid() { * and stored in this file. * * @author Andreas Gohr + * * @param bool $addsession if true, the sessionid is added to the salt * @param bool $secure if security is more important than keeping the old value * @return string @@ -378,6 +382,7 @@ function auth_cookiesalt($addsession = false, $secure = false) { * @author Mark Seecof * @author Michael Hamann * @link http://www.php.net/manual/de/function.mt-rand.php#83655 + * * @param int $length number of bytes to get * @return string binary random strings */ @@ -444,6 +449,7 @@ function auth_randombytes($length) { * * @author Michael Samuel * @author Michael Hamann + * * @param int $min * @param int $max * @return int @@ -515,6 +521,7 @@ function auth_decrypt($ciphertext, $secret) { * off. It also clears session data. * * @author Andreas Gohr + * * @param bool $keepbc - when true, the breadcrumb data is not cleared */ function auth_logoff($keepbc = false) { @@ -555,6 +562,7 @@ function auth_logoff($keepbc = false) { * * @author Andreas Gohr * @see auth_isadmin + * * @param string $user Username * @param array $groups List of groups the user is in * @param bool $adminonly when true checks if user is admin @@ -599,6 +607,7 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { * * @author Andreas Gohr * @see auth_ismanager() + * * @param string $user Username * @param array $groups List of groups the user is in * @return bool @@ -613,9 +622,9 @@ function auth_isadmin($user = null, $groups = null) { * * Note: all input should NOT be nameencoded. * - * @param $memberlist string commaseparated list of allowed users and groups - * @param $user string user to match against - * @param $groups array groups the user is member of + * @param string $memberlist commaseparated list of allowed users and groups + * @param string $user user to match against + * @param array $groups groups the user is member of * @return bool true for membership acknowledged */ function auth_isMember($memberlist, $user, array $groups) { @@ -678,6 +687,7 @@ function auth_quickaclcheck($id) { * Returns the maximum rights a user has for the given ID or its namespace * * @author Andreas Gohr + * * @triggers AUTH_ACL_CHECK * @param string $id page ID (needs to be resolved and cleaned) * @param string $user Username @@ -700,6 +710,7 @@ function auth_aclcheck($id, $user, $groups) { * DO NOT CALL DIRECTLY, use auth_aclcheck() instead * * @author Andreas Gohr + * * @param array $data event data * @return int permission level */ @@ -832,6 +843,10 @@ function auth_aclcheck_cb($data) { * * @author Andreas Gohr * @see rawurldecode() + * + * @param string $name + * @param bool $skip_group + * @return string */ function auth_nameencode($name, $skip_group = false) { global $cache_authname; @@ -913,6 +928,7 @@ function auth_pwgen($foruser = '') { * Sends a password to the given user * * @author Andreas Gohr + * * @param string $user Login name of the user * @param string $password The new password in clear text * @return bool true on success @@ -948,6 +964,7 @@ function auth_sendPassword($user, $password) { * This registers a new user - Data is read directly from $_POST * * @author Andreas Gohr + * * @return bool true on success, false on any error */ function register() { @@ -1280,6 +1297,7 @@ function act_resendpwd() { * is chosen. * * @author Andreas Gohr + * * @param string $clear The clear text password * @param string $method The hashing method * @param string $salt A salt, null for random @@ -1304,6 +1322,7 @@ function auth_cryptPassword($clear, $method = '', $salt = null) { * Verifies a cleartext password against a crypted hash * * @author Andreas Gohr + * * @param string $clear The clear text password * @param string $crypt The hash to compare with * @return bool true if both match -- cgit v1.2.3 From 7e8500eea1e53b1de0e0f70400664afa442cd08d Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Thu, 2 Oct 2014 14:55:24 +0200 Subject: PHPDocs and some improvements --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 3a6a2f65a..0342de7be 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -283,7 +283,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { * @author Andreas Gohr * * @param string $token The authentication token - * @return boolean true (or will exit on failure) + * @return boolean|null true (or will exit on failure) */ function auth_validateToken($token) { if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) { -- cgit v1.2.3 From 79e79377626799a77c11aa7849cb9c64305590c8 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 7 Jan 2015 10:47:45 +0100 Subject: Remove error supression for file_exists() In an older version of PHP a file_exists() call would issue a warning when the file did not exist. This was fixed in later PHP releases. Since we require PHP 5.3 now, there's no need to supress any error here anymore. This might even give a minor performance boost. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index d51534e67..17923ba2a 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1189,7 +1189,7 @@ function act_resendpwd() { // we're in token phase - get user info from token $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; - if(!@file_exists($tfile)) { + if(!file_exists($tfile)) { msg($lang['resendpwdbadauth'], -1); $INPUT->remove('pwauth'); return false; -- cgit v1.2.3 From db9faf025cf129d15a086a803e8056e977975d76 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Wed, 6 May 2015 01:30:59 -0400 Subject: Report more meaningful errors when an auth backend fails. closes #1093 --- inc/auth.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 17923ba2a..dd0fc35b3 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1006,7 +1006,7 @@ function register() { //okay try to create the user if(!$auth->triggerUserMod('create', array($login, $pass, $fullname, $email))) { - msg($lang['reguexists'], -1); + msg($lang['regfail'], -1); return false; } @@ -1098,17 +1098,18 @@ function updateprofile() { } } - if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) { - // update cookie and session with the changed data - if($changes['pass']) { - list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); - $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); - auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); - } - return true; + if(!($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes)))) { + msg($lang['proffail'], -1); + return false; } - return false; + // update cookie and session with the changed data + if($changes['pass']) { + list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); + $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); + auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); + } + return true; } /** @@ -1221,7 +1222,7 @@ function act_resendpwd() { // change it if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) { - msg('error modifying user data', -1); + msg($lang['proffail'], -1); return false; } @@ -1229,7 +1230,7 @@ function act_resendpwd() { $pass = auth_pwgen($user); if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) { - msg('error modifying user data', -1); + msg($lang['proffail'], -1); return false; } -- cgit v1.2.3 From e6c4392f11bb5a668be8e874560af910b71d72f8 Mon Sep 17 00:00:00 2001 From: Patrick Brown Date: Thu, 7 May 2015 01:43:32 -0400 Subject: Fix scrutinizer issues with auth --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index dd0fc35b3..60b8c7c78 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -1098,7 +1098,7 @@ function updateprofile() { } } - if(!($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes)))) { + if(!$auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) { msg($lang['proffail'], -1); return false; } -- cgit v1.2.3 From 37ff2261e7a45a16a844d538a64b1fee54d2eb05 Mon Sep 17 00:00:00 2001 From: Sascha Klopp Date: Fri, 12 Jun 2015 12:30:57 +0200 Subject: correctly handle usergroups array --- inc/auth.php | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 60b8c7c78..e04a6ca1a 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -739,28 +739,23 @@ function auth_aclcheck_cb($data) { $user = utf8_strtolower($user); $groups = array_map('utf8_strtolower', $groups); } - $user = $auth->cleanUser($user); + $user = auth_nameencode($auth->cleanUser($user)); $groups = array_map(array($auth, 'cleanGroup'), (array) $groups); - $user = auth_nameencode($user); //prepend groups with @ and nameencode - $cnt = count($groups); - for($i = 0; $i < $cnt; $i++) { - $groups[$i] = '@'.auth_nameencode($groups[$i]); + foreach($groups as &$group) { + $group = '@'.auth_nameencode($group); } $ns = getNS($id); $perm = -1; - if($user || count($groups)) { - //add ALL group - $groups[] = '@ALL'; - //add User - if($user) $groups[] = $user; - } else { - $groups[] = '@ALL'; - } - + //add ALL group + $groups[] = '@ALL'; + + //add User + if($user) $groups[] = $user; + //check exact match first $matches = preg_grep('/^'.preg_quote($id, '/').'[ \t]+([^ \t]+)[ \t]+/', $AUTH_ACL); if(count($matches)) { -- cgit v1.2.3