external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

acctfuncs.inc.php: Reduce nesting in several functions

Browse source 
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-06-05 14:56:31 +02:00
parent 0a66f48aa1
commit 1aec9f7124
1 changed files with 269 additions and 262 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

151
web/lib/acctfuncs.inc.php
View file

@ -184,11 +184,14 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
"<strong>", htmlspecialchars($E,ENT_QUOTES), "</strong>"); "<strong>", htmlspecialchars($E,ENT_QUOTES), "</strong>");
} }
} }
if ($error) { if ($error) {
print "<ul class='errorlist'><li>".$error."</li></ul>\n"; print "<ul class='errorlist'><li>".$error."</li></ul>\n";
display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "", display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
$R, $L, $I, $K, $J, $UID); $R, $L, $I, $K, $J, $UID);
} else { return;
}
if ($TYPE == "new") { if ($TYPE == "new") {
/* Create an unprivileged user. */ /* Create an unprivileged user. */
$salt = generate_salt(); $salt = generate_salt();
@ -216,11 +219,19 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if (!$result) { if (!$result) {
print __("Error trying to create account, %s%s%s.", print __("Error trying to create account, %s%s%s.",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>"); "<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
} else { return;
}
print __("The account, %s%s%s, has been successfully created.", print __("The account, %s%s%s, has been successfully created.",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>"); "<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
print "<p>\n"; print "<p>\n";
if ($send_resetkey) {
if (!$send_resetkey) {
print __("Click on the Login link above to use your account.");
print "</p>\n";
return;
}
$subject = 'Welcome to the Arch User Repository'; $subject = 'Welcome to the Arch User Repository';
$body = __('Welcome to %s! In order ' . $body = __('Welcome to %s! In order ' .
'to set an initial password ' . 'to set an initial password ' .
@ -232,13 +243,9 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
'browser.', 'browser.',
$AUR_LOCATION); $AUR_LOCATION);
send_resetkey($email, $subject, $body); send_resetkey($email, $subject, $body);
print __("A password reset key has been sent to your e-mail address.");
} else {
print __("Click on the Login link above to use your account.");
}
print "</p>\n";
}
print __("A password reset key has been sent to your e-mail address.");
print "</p>\n";
} else { } else {
/* Modify an existing account. */ /* Modify an existing account. */
$q = "SELECT InactivityTS FROM Users WHERE "; $q = "SELECT InactivityTS FROM Users WHERE ";
@ -286,8 +293,6 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
"<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>"); "<strong>", htmlspecialchars($U,ENT_QUOTES), "</strong>");
} }
} }
}
return;
} }
/** /**
@ -408,7 +413,10 @@ function try_login() {
$new_sid = ""; $new_sid = "";
$userID = null; $userID = null;
if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { if (!isset($_REQUEST['user']) && !isset($_REQUEST['passwd'])) {
return array('SID' => '', 'error' => null);
}
if (is_ipbanned()) { if (is_ipbanned()) {
$login_error = __('The login form is currently disabled ' . $login_error = __('The login form is currently disabled ' .
'for your IP address, probably due ' . 'for your IP address, probably due ' .
@ -416,14 +424,27 @@ function try_login() {
'inconvenience.'); 'inconvenience.');
return array('SID' => '', 'error' => $login_error); return array('SID' => '', 'error' => $login_error);
} }
$dbh = DB::connect(); $dbh = DB::connect();
$userID = valid_user($_REQUEST['user']); $userID = valid_user($_REQUEST['user']);
if ( user_suspended($userID) ) { if (user_suspended($userID)) {
$login_error = __('Account suspended'); $login_error = __('Account suspended');
return array('SID' => '', 'error' => $login_error);
} elseif (passwd_is_empty($userID)) {
$login_error = __('Your password has been reset. ' .
'If you just created a new account, please ' .
'use the link from the confirmation email ' .
'to set an initial password. Otherwise, ' .
'please request a reset key on the %s' .
'Password Reset%s page.', '<a href="' .
htmlspecialchars(get_uri('/passreset')) . '">',
'</a>');
return array('SID' => '', 'error' => $login_error);
} elseif (!valid_passwd($userID, $_REQUEST['passwd'])) {
$login_error = __("Bad username or password.");
return array('SID' => '', 'error' => $login_error);
} }
elseif ( $userID && isset($_REQUEST['passwd'])
&& valid_passwd($userID, $_REQUEST['passwd']) ) {
$logged_in = 0; $logged_in = 0;
$num_tries = 0; $num_tries = 0;
@ -460,15 +481,18 @@ function try_login() {
$num_tries++; $num_tries++;
} }
if ($logged_in) { if (!$logged_in) {
$login_error = __('An error occurred trying to generate a user session.');
return array('SID' => $new_sid, 'error' => $login_error);
}
$q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), "; $q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
$q.= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " "; $q.= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
$q.= "WHERE ID = '$userID'"; $q.= "WHERE ID = '$userID'";
$dbh->exec($q); $dbh->exec($q);
/* Set the SID cookie. */ /* Set the SID cookie. */
if (isset($_POST['remember_me']) && if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
$_POST['remember_me'] == "on") {
/* Set cookies for 30 days. */ /* Set cookies for 30 days. */
$cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT; $cookie_time = time() + $PERSISTENT_COOKIE_TIMEOUT;
@ -476,32 +500,13 @@ function try_login() {
$q = "UPDATE Sessions SET LastUpdateTS = $cookie_time "; $q = "UPDATE Sessions SET LastUpdateTS = $cookie_time ";
$q.= "WHERE SessionID = '$new_sid'"; $q.= "WHERE SessionID = '$new_sid'";
$dbh->exec($q); $dbh->exec($q);
} } else {
else
$cookie_time = 0; $cookie_time = 0;
}
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true); setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
header("Location: " . get_uri('/')); header("Location: " . get_uri('/'));
$login_error = ""; $login_error = "";
}
else {
$login_error = __('An error occurred trying to generate a user session.');
}
} elseif (passwd_is_empty($userID)) {
$login_error = __('Your password has been reset. ' .
'If you just created a new account, please ' .
'use the link from the confirmation email ' .
'to set an initial password. Otherwise, ' .
'please request a reset key on the %s' .
'Password Reset%s page.', '<a href="' .
htmlspecialchars(get_uri('/passreset')) . '">',
'</a>');
} else {
$login_error = __("Bad username or password.");
}
}
return array('SID' => $new_sid, 'error' => $login_error);
} }
/** /**
@ -515,11 +520,7 @@ function is_ipbanned() {
$q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])); $q = "SELECT * FROM Bans WHERE IPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR']));
$result = $dbh->query($q); $result = $dbh->query($q);
if ($result->fetchColumn()) { return ($result->fetchColumn() ? true : false);
return true;
} else {
return false;
}
} }
/** /**
@ -553,17 +554,21 @@ function valid_username($user) {
* @return string|void Return user ID if in database, otherwise void * @return string|void Return user ID if in database, otherwise void
*/ */
function valid_user($user) { function valid_user($user) {
if ($user) { if (!$user) {
return false;
}
$dbh = DB::connect(); $dbh = DB::connect();
$q = "SELECT ID FROM Users WHERE "; $q = "SELECT ID FROM Users WHERE ";
$q.= "Username = " . $dbh->quote($user); $q.= "Username = " . $dbh->quote($user);
$result = $dbh->query($q); $result = $dbh->query($q);
if ($result) { if (!$result) {
return null;
}
$row = $result->fetch(PDO::FETCH_NUM); $row = $result->fetch(PDO::FETCH_NUM);
return $row[0]; return $row[0];
}
}
} }
/** /**
@ -578,12 +583,8 @@ function open_user_proposals($user) {
$q = "SELECT * FROM TU_VoteInfo WHERE User = " . $dbh->quote($user) . " "; $q = "SELECT * FROM TU_VoteInfo WHERE User = " . $dbh->quote($user) . " ";
$q.= "AND End > UNIX_TIMESTAMP()"; $q.= "AND End > UNIX_TIMESTAMP()";
$result = $dbh->query($q); $result = $dbh->query($q);
if ($result->fetchColumn()) {
return true; return ($result->fetchColumn() ? true : false);
}
else {
return false;
}
} }
/** /**
@ -642,13 +643,14 @@ function send_resetkey($email, $subject, $body) {
global $AUR_LOCATION; global $AUR_LOCATION;
$uid = uid_from_email($email); $uid = uid_from_email($email);
if ($uid != null) { if ($uid == null) {
/* return;
* We (ab)use new_sid() to get a random 32 characters long }
* string.
*/ /* We (ab)use new_sid() to get a random 32 characters long string. */
$resetkey = new_sid(); $resetkey = new_sid();
create_resetkey($resetkey, $uid); create_resetkey($resetkey, $uid);
/* Send e-mail with confirmation link. */ /* Send e-mail with confirmation link. */
$body = wordwrap($body, 70); $body = wordwrap($body, 70);
$body .= "\n\n". $body .= "\n\n".
@ -661,7 +663,6 @@ function send_resetkey($email, $subject, $body) {
"X-Mailer: PHP\r\n" . "X-Mailer: PHP\r\n" .
"X-MimeOLE: Produced By AUR"; "X-MimeOLE: Produced By AUR";
@mail($email, $subject, $body, $headers); @mail($email, $subject, $body, $headers);
}
} }
/** /**
@ -718,7 +719,10 @@ function good_passwd($passwd) {
*/ */
function valid_passwd($userID, $passwd) { function valid_passwd($userID, $passwd) {
$dbh = DB::connect(); $dbh = DB::connect();
if ( strlen($passwd) > 0 ) { if ($passwd == "") {
return false;
}
/* Get salt for this user. */ /* Get salt for this user. */
$salt = get_salt($userID); $salt = get_salt($userID);
if ($salt) { if ($salt) {
@ -726,33 +730,36 @@ function valid_passwd($userID, $passwd) {
$q.= "WHERE ID = " . $userID . " "; $q.= "WHERE ID = " . $userID . " ";
$q.= "AND Passwd = " . $dbh->quote(salted_hash($passwd, $salt)); $q.= "AND Passwd = " . $dbh->quote(salted_hash($passwd, $salt));
$result = $dbh->query($q); $result = $dbh->query($q);
if ($result) { if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM); $row = $result->fetch(PDO::FETCH_NUM);
if ($row[0]) { return ($row[0] > 0);
return true;
}
}
} else { } else {
/* Check password without using salt. */ /* Check password without using salt. */
$q = "SELECT ID FROM Users "; $q = "SELECT ID FROM Users ";
$q.= "WHERE ID = " . $userID . " "; $q.= "WHERE ID = " . $userID . " ";
$q.= "AND Passwd = " . $dbh->quote(md5($passwd)); $q.= "AND Passwd = " . $dbh->quote(md5($passwd));
$result = $dbh->query($q); $result = $dbh->query($q);
if ($result) { if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM); $row = $result->fetch(PDO::FETCH_NUM);
if ($row[0]) { if (!$row[0]) {
return false;
}
/* Password correct, but salt it first! */ /* Password correct, but salt it first! */
if (!save_salt($userID, $passwd)) { if (!save_salt($userID, $passwd)) {
trigger_error("Unable to salt user's password;" . trigger_error("Unable to salt user's password;" .
" ID " . $userID, E_USER_WARNING); " ID " . $userID, E_USER_WARNING);
return false; return false;
} }
return true; return true;
} }
}
}
}
return false;
} }
/** /**