php lint + code standard PSR-2

2025-09-15 02:39:55 +03:00 · 2018-05-20 22:17:29 +03:00 · 2018-05-20 22:17:29 +03:00 · 73f290e896
commit 73f290e896
parent ebd12ebeb2
15 changed files with 796 additions and 531 deletions
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@ -1,28 +1,30 @@
 <?php

-include_once('config.inc.php');
-include_once('misc.inc.php');
-include_once('wefactauth.inc.php');
+include_once 'config.inc.php';
+include_once 'misc.inc.php';
+include_once 'wefactauth.inc.php';

 global $current_user;

 $current_user = false;

 // session startup
-function _set_current_user($username, $userid, $localauth = true, $is_admin = false, $has_csrf_token = false, $is_api = false) {
+function _set_current_user($username, $userid, $localauth = true, $is_admin = false, $has_csrf_token = false, $is_api = false)
+{
    global $current_user;

-    $current_user = array(
+    $current_user = [
        'username' => $username,
        'id' => $userid,
        'localauth' => $localauth,
        'is_admin' => $is_admin,
        'has_csrf_token' => $has_csrf_token,
        'is_api' => $is_api,
-    );
+    ];
 }

-function _check_csrf_token($user) {
+function _check_csrf_token($user)
+{
    global $secret;

    if (isset($_SERVER['HTTP_X_CSRF_TOKEN']) && $_SERVER['HTTP_X_CSRF_TOKEN']) {
@ -55,7 +57,8 @@ function _check_csrf_token($user) {
    header("X-CSRF-Token: ${csrf_token}");
 }

-function enc_secret($message) {
+function enc_secret($message)
+{
    global $secret;

    if (isset($secret) && $secret) {
@ -81,14 +84,19 @@ function enc_secret($message) {
    return base64_encode($message);
 }

-function dec_secret($code) {
+function dec_secret($code)
+{
    global $secret;
    $is_encrypted = (substr($code, 0, 4) === 'enc:');
    if (isset($secret) && $secret) {
-        if (!$is_encrypted) return false;
+        if (!$is_encrypted) {
+            return false;
+        }

        $msg = explode(':', $code);
-        if (3 != count($msg)) return false;
+        if (3 != count($msg)) {
+            return false;
+        }

        $enc_secret = hash_pbkdf2('sha256', 'encryption', $secret, 100, 0, true);
        $hmac_secret = hash_pbkdf2('sha256', 'encryption_hmac', $secret, 100, 0, true);
@ -98,8 +106,12 @@ function dec_secret($code) {

        $mac = hash_hmac('sha256', $msg[1], $hmac_secret, true);
        # compare hashes first: this should prevent any timing leak
-        if (hash('sha256', $mac, true) !== hash('sha256', $msg[2], true)) return false;
-        if ($mac !== $msg[2]) return false;
+        if (hash('sha256', $mac, true) !== hash('sha256', $msg[2], true)) {
+            return false;
+        }
+        if ($mac !== $msg[2]) {
+            return false;
+        }

        $mcrypt = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '') or die('missing mcrypt');
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
@ -116,31 +128,36 @@ function dec_secret($code) {
        return $plaintext;
    }

-    if ($is_encrypted) return false;
+    if ($is_encrypted) {
+        return false;
+    }
    return base64_decode($code);
 }

-function _unset_cookie($name) {
+function _unset_cookie($name)
+{
    $is_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
    setcookie($name, null, -1, null, null, $is_ssl);
 }

-function _store_auto_login($value) {
+function _store_auto_login($value)
+{
    $is_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
    // set for 30 days
    setcookie('NSEDIT_AUTOLOGIN', $value, time()+60*60*24*30, null, null, $is_ssl);
 }

-function try_login() {
+function try_login()
+{
    if (isset($_POST['username']) and isset($_POST['password'])) {
        if (_try_login($_POST['username'], $_POST['password'])) {
            global $secret;

            # only store if we have a secret.
            if ($secret && isset($_POST['autologin']) && $_POST['autologin']) {
-                _store_auto_login(enc_secret(json_encode(array(
+                _store_auto_login(enc_secret(json_encode([
                    'username' => $_POST['username'],
-                    'password' => $_POST['password']))));
+                    'password' => $_POST['password']])));
            }
            return true;
        }
@ -148,11 +165,12 @@ function try_login() {
    return false;
 }

-function _try_login($username, $password) {
+function _try_login($username, $password)
+{
    global $wefactapiurl, $wefactapikey;

    if (!valid_user($username)) {
-        writelog("Illegal username at login!", $username);
+        writelog('Illegal username at login!', $username);
        return false;
    }

@ -160,8 +178,8 @@ function _try_login($username, $password) {

    if (isset($wefactapiurl) && isset($wefactapikey)) {
        $wefact = do_wefact_auth($username, $password);
-        if (false === $wefact ) {
-            writelog("Failed Wefact login!", $username);
+        if (false === $wefact) {
+            writelog('Failed Wefact login!', $username);
            return false;
        }
        if (-1 !== $wefact) {
@ -170,13 +188,13 @@ function _try_login($username, $password) {
    }

    if ($do_local_auth && !do_db_auth($username, $password)) {
-        writelog("Failed login!", $username);
+        writelog('Failed login!', $username);
        return false;
    }

    $user = get_user_info($username);
    if (!$user) {
-        writelog("Failed to find user!", $username);
+        writelog('Failed to find user!', $username);
        return false;
    } else {
        _set_current_user($username, $user['id'], (bool) $do_local_auth, (bool) $user['isadmin']);
@ -198,7 +216,8 @@ function _try_login($username, $password) {
    }
 }

-function _check_session() {
+function _check_session()
+{
    global $adminapikey, $adminapiips;

    $is_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
@ -207,13 +226,10 @@ function _check_session() {

    if (isset($adminapikey) && '' !== $adminapikey && isset($adminapiips) && isset($_POST['adminapikey'])) {
        if (false !== array_search($_SERVER['REMOTE_ADDR'], $adminapiips)
-            and $_POST['adminapikey'] === $adminapikey)
-        {
+            and $_POST['adminapikey'] === $adminapikey) {
            # Allow this request, fake that we're logged in as user.
            return _set_current_user('admin', 1, false, true, true, true);
-        }
-        else
-        {
+        } else {
            header('Status: 403 Forbidden');
            exit(0);
        }
@ -251,14 +267,16 @@ function _check_session() {
 # auto load session if possible
 _check_session();

-function is_logged_in() {
+function is_logged_in()
+{
    global $current_user;
    return (bool) $current_user;
 }

 # GET/HEAD requests only require a logged in user (they shouldn't trigger any
 # "writes"); all other requests require the X-CSRF-Token to be present.
-function is_csrf_safe() {
+function is_csrf_safe()
+{
    global $current_user;

    switch ($_SERVER['REQUEST_METHOD']) {
@ -270,32 +288,38 @@ function is_csrf_safe() {
    }
 }

-function is_apiuser() {
+function is_apiuser()
+{
    global $current_user;
    return $current_user && (bool) $current_user['is_api'];
 }

-function is_adminuser() {
+function is_adminuser()
+{
    global $current_user;
    return $current_user && (bool) $current_user['is_admin'];
 }

-function get_sess_user() {
+function get_sess_user()
+{
    global $current_user;
    return $current_user ? $current_user['username'] : null;
 }

-function get_sess_userid() {
+function get_sess_userid()
+{
    global $current_user;
    return $current_user ? $current_user['id'] : null;
 }

-function has_local_auth() {
+function has_local_auth()
+{
    global $current_user;
    return $current_user ? $current_user['localauth'] : null;
 }

-function logout() {
+function logout()
+{
    @session_destroy();
    @session_unset();
    if (isset($_COOKIE['NSEDIT_AUTOLOGIN'])) {