jdarwood007 commited on 2024-01-06 16:00:05
Showing 2 changed files, with 52 additions and 42 deletions.
... | ... |
@@ -19,8 +19,9 @@ function hibp_password(string $password, bool $hashed = false): ?bool |
19 | 19 |
{ |
20 | 20 |
global $smcFunc; |
21 | 21 |
|
22 |
- if (!$hashed) |
|
22 |
+ if (!$hashed) { |
|
23 | 23 |
$password = sha1($password); |
24 |
+ } |
|
24 | 25 |
|
25 | 26 |
$passhash_prefix = $smcFunc['substr']($password, 0, 5); |
26 | 27 |
$passhash_suffix = $smcFunc['substr']($password, 5); |
... | ... |
@@ -34,21 +35,25 @@ function hibp_password(string $password, bool $hashed = false): ?bool |
34 | 35 |
$results = fetch_web_data($call_url); |
35 | 36 |
|
36 | 37 |
// Invalid results, just pass them through. |
37 |
- if (empty($results)) |
|
38 |
+ if (empty($results)) { |
|
38 | 39 |
return null; |
40 |
+ } |
|
39 | 41 |
|
40 | 42 |
// Sure we could make an array of the data, but we just want to see if its found. |
41 | 43 |
$found = preg_match( |
42 | 44 |
'~\s+' . preg_quote($passhash_suffix) . ':\d+~i', |
43 |
- $results |
|
45 |
+ $results, |
|
44 | 46 |
); |
45 | 47 |
|
46 | 48 |
// We found a result, its found. |
47 |
- if ($found === 1) |
|
49 |
+ if ($found === 1) { |
|
48 | 50 |
return true; |
51 |
+ } |
|
52 |
+ |
|
49 | 53 |
// No result, return false. |
50 |
- elseif ($found === 0) |
|
54 |
+ if ($found === 0) { |
|
51 | 55 |
return false; |
56 |
+ } |
|
52 | 57 |
|
53 | 58 |
// $found returned something invalid, also fail. |
54 | 59 |
return null; |
... | ... |
@@ -62,22 +67,21 @@ function hibp_password(string $password, bool $hashed = false): ?bool |
62 | 67 |
* @param string $username Currently ignored by this hook. |
63 | 68 |
* @param array $restrict_in Currently ignored by this hook. |
64 | 69 |
* @param string $pass_error A password error if any. If this is set, we won't process our hook. |
65 |
- * @return void |
|
66 | 70 |
*/ |
67 | 71 |
function hibp_validatePassword(string $password, string $username, array $restrict_in, string &$pass_error): void |
68 | 72 |
{ |
69 | 73 |
global $modSettings; |
70 | 74 |
|
71 | 75 |
// If another hook has set this, leave it alone. |
72 |
- if (!empty($pass_error) || empty($modSettings['enableHibP'])) |
|
76 |
+ if (!empty($pass_error) || empty($modSettings['enableHibP'])) { |
|
73 | 77 |
return; |
78 |
+ } |
|
74 | 79 |
|
75 | 80 |
// Send it to the backend. |
76 | 81 |
$res = hibp_password($password); |
77 | 82 |
|
78 | 83 |
// If the result is true, we want to present a error to the prefix of $txt['profile_error_password_*'] |
79 |
- if ($res === true) |
|
80 |
- { |
|
84 |
+ if ($res === true) { |
|
81 | 85 |
loadLanguage('Hibp'); |
82 | 86 |
$pass_error = 'hibp'; |
83 | 87 |
} |
... | ... |
@@ -88,14 +92,14 @@ function hibp_validatePassword(string $password, string $username, array $restri |
88 | 92 |
* |
89 | 93 |
* @calledby call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area)); |
90 | 94 |
* @param array $fields User profile fields we are loading. |
91 |
- * @return void |
|
92 | 95 |
*/ |
93 | 96 |
function hibp_load_custom_profile_fields(int $memID, string $area): void |
94 | 97 |
{ |
95 | 98 |
global $modSettings; |
96 | 99 |
|
97 |
- if ($area !== 'register' || empty($modSettings['enableHibPjs'])) |
|
100 |
+ if ($area !== 'register' || empty($modSettings['enableHibPjs'])) { |
|
98 | 101 |
return; |
102 |
+ } |
|
99 | 103 |
|
100 | 104 |
// <input type="password" name="passwrd1" id="smf_autov_pwmain" size="50" tabindex="3" class=" invalid_input"> |
101 | 105 |
hibp_build_javascript('#smf_autov_pwmain', '#smf_autov_pwmain_div'); |
... | ... |
@@ -107,15 +111,15 @@ function hibp_load_custom_profile_fields(int $memID, string $area): void |
107 | 111 |
* |
108 | 112 |
* @calledby call_integration_hook('integrate_setup_profile_context', array(&$fields)); |
109 | 113 |
* @param array $fields User profile fields we are loading. |
110 |
- * @return void |
|
111 | 114 |
*/ |
112 | 115 |
function hibp_setup_profile_context(array $fields): void |
113 | 116 |
{ |
114 | 117 |
global $modSettings; |
115 | 118 |
|
116 | 119 |
// If we are not loading the password field, don't bother. |
117 |
- if (!in_array('passwrd1', $fields) || empty($modSettings['enableHibPjs'])) |
|
120 |
+ if (!in_array('passwrd1', $fields) || empty($modSettings['enableHibPjs'])) { |
|
118 | 121 |
return; |
122 |
+ } |
|
119 | 123 |
|
120 | 124 |
// <input type="password" name="passwrd1" id="passwrd1" size="20" value=""> |
121 | 125 |
hibp_build_javascript('#passwrd1', '#passwrd1'); |
... | ... |
@@ -186,26 +190,28 @@ function hibp_general_security_settings(array &$config_vars): void |
186 | 190 |
loadLanguage('Hibp'); |
187 | 191 |
|
188 | 192 |
// Find the last password setting. |
189 |
- foreach ($config_vars as $id => $val) |
|
190 |
- if (is_array($val) && $val[1] == 'enable_password_conversion' && is_string($config_vars[$id + 1]) && $config_vars[$id + 1] == '') |
|
193 |
+ foreach ($config_vars as $id => $val) { |
|
194 |
+ if (is_array($val) && $val[1] == 'enable_password_conversion' && is_string($config_vars[$id + 1]) && $config_vars[$id + 1] == '') { |
|
191 | 195 |
break; |
196 |
+ } |
|
197 |
+ } |
|
192 | 198 |
|
193 | 199 |
$varsA = array_slice($config_vars, 0, $id + 1); |
194 | 200 |
$varsB = array_slice($config_vars, $id + 1); |
195 | 201 |
|
196 |
- $new_vars = array( |
|
202 |
+ $new_vars = [ |
|
197 | 203 |
'', |
198 |
- array('check', 'enableHibP'), |
|
199 |
- array('check', 'enableHibPjs'), |
|
200 |
- ); |
|
204 |
+ ['check', 'enableHibP'], |
|
205 |
+ ['check', 'enableHibPjs'], |
|
206 |
+ ]; |
|
201 | 207 |
|
202 | 208 |
$config_vars = array_merge($varsA, $new_vars, $varsB); |
203 | 209 |
|
204 | 210 |
// Saving? |
205 |
- if (isset($_GET['save'])) |
|
206 |
- { |
|
211 |
+ if (isset($_GET['save'])) { |
|
207 | 212 |
// Can't have one without the other. |
208 |
- if (!empty($_POST['enableHibPjs']) && empty($_POST['enableHibP'])) |
|
213 |
+ if (!empty($_POST['enableHibPjs']) && empty($_POST['enableHibP'])) { |
|
209 | 214 |
$_POST['enableHibP'] = $_POST['enableHibPjs']; |
210 | 215 |
} |
211 | 216 |
} |
217 |
+} |
... | ... |
@@ -11,12 +11,10 @@ |
11 | 11 |
#namespace SMF\Mod\ErrorPopup; |
12 | 12 |
|
13 | 13 |
use SMF\Config; |
14 |
-use SMF\Db\DatabaseApi as Db; |
|
15 | 14 |
use SMF\Lang; |
16 | 15 |
use SMF\Theme; |
17 | 16 |
use SMF\User; |
18 | 17 |
use SMF\Utils; |
19 |
-use SMF\WebFetch; |
|
20 | 18 |
|
21 | 19 |
class hibp |
22 | 20 |
{ |
... | ... |
@@ -29,8 +27,9 @@ class hibp |
29 | 27 |
*/ |
30 | 28 |
public static function checkPassword(string $password, bool $hashed = false): ?bool |
31 | 29 |
{ |
32 |
- if (!$hashed) |
|
30 |
+ if (!$hashed) { |
|
33 | 31 |
$password = sha1($password); |
32 |
+ } |
|
34 | 33 |
|
35 | 34 |
$passhash_prefix = Utils::entitySubstr($password, 0, 5); |
36 | 35 |
$passhash_suffix = Utils::entitySubstr($password, 5); |
... | ... |
@@ -44,21 +43,25 @@ class hibp |
44 | 43 |
$results = WebFetchApi::fetch($call_url); |
45 | 44 |
|
46 | 45 |
// Invalid results, just pass them through. |
47 |
- if (empty($results)) |
|
46 |
+ if (empty($results)) { |
|
48 | 47 |
return null; |
48 |
+ } |
|
49 | 49 |
|
50 | 50 |
// Sure we could make an array of the data, but we just want to see if its found. |
51 | 51 |
$found = preg_match( |
52 | 52 |
'~\s+' . preg_quote($passhash_suffix) . ':\d+~i', |
53 |
- $results |
|
53 |
+ $results, |
|
54 | 54 |
); |
55 | 55 |
|
56 | 56 |
// We found a result, its found. |
57 |
- if ($found === 1) |
|
57 |
+ if ($found === 1) { |
|
58 | 58 |
return true; |
59 |
+ } |
|
60 |
+ |
|
59 | 61 |
// No result, return false. |
60 |
- elseif ($found === 0) |
|
62 |
+ if ($found === 0) { |
|
61 | 63 |
return false; |
64 |
+ } |
|
62 | 65 |
|
63 | 66 |
// $found returned something invalid, also fail. |
64 | 67 |
return null; |
... | ... |
@@ -72,20 +75,19 @@ class hibp |
72 | 75 |
* @param string $username Currently ignored by this hook. |
73 | 76 |
* @param array $restrict_in Currently ignored by this hook. |
74 | 77 |
* @param string $pass_error A password error if any. If this is set, we won't process our hook. |
75 |
- * @return void |
|
76 | 78 |
*/ |
77 | 79 |
public static function validatePassword(string $password, string $username, array $restrict_in, string &$pass_error): void |
78 | 80 |
{ |
79 | 81 |
// If another hook has set this, leave it alone. |
80 |
- if (!empty($pass_error) || empty(Config::$modSettings['enableHibP'])) |
|
82 |
+ if (!empty($pass_error) || empty(Config::$modSettings['enableHibP'])) { |
|
81 | 83 |
return; |
84 |
+ } |
|
82 | 85 |
|
83 | 86 |
// Send it to the backend. |
84 | 87 |
$res = self::checkPassword($password); |
85 | 88 |
|
86 | 89 |
// If the result is true, we want to present a error to the prefix of $txt['profile_error_password_*'] |
87 |
- if ($res === true) |
|
88 |
- { |
|
90 |
+ if ($res === true) { |
|
89 | 91 |
Lang::load('Hibp'); |
90 | 92 |
$pass_error = 'hibp'; |
91 | 93 |
} |
... | ... |
@@ -96,12 +98,12 @@ class hibp |
96 | 98 |
* |
97 | 99 |
* @calledby call_integration_hook('integrate_load_custom_profile_fields', array($memID, $area)); |
98 | 100 |
* @param array $fields User profile fields we are loading. |
99 |
- * @return void |
|
100 | 101 |
*/ |
101 | 102 |
public static function addToRegistrationPage(int $memID, string $area): void |
102 | 103 |
{ |
103 |
- if ($area !== 'register' || empty(Config::$modSettings['enableHibPjs'])) |
|
104 |
+ if ($area !== 'register' || empty(Config::$modSettings['enableHibPjs'])) { |
|
104 | 105 |
return; |
106 |
+ } |
|
105 | 107 |
|
106 | 108 |
// <input type="password" name="passwrd1" id="smf_autov_pwmain" size="50" tabindex="3" class=" invalid_input"> |
107 | 109 |
self::buildJavascript('#smf_autov_pwmain', '#smf_autov_pwmain_div'); |
... | ... |
@@ -113,15 +115,15 @@ class hibp |
113 | 115 |
* |
114 | 116 |
* @calledby call_integration_hook('integrate_setup_profile_context', array(&$fields)); |
115 | 117 |
* @param array $fields User profile fields we are loading. |
116 |
- * @return void |
|
117 | 118 |
*/ |
118 | 119 |
public static function addToProfileContext(array $fields): void |
119 | 120 |
{ |
120 | 121 |
global $modSettings; |
121 | 122 |
|
122 | 123 |
// If we are not loading the password field, don't bother. |
123 |
- if (!in_array('passwrd1', $fields) || empty($modSettings['enableHibPjs'])) |
|
124 |
+ if (!in_array('passwrd1', $fields) || empty($modSettings['enableHibPjs'])) { |
|
124 | 125 |
return; |
126 |
+ } |
|
125 | 127 |
|
126 | 128 |
// <input type="password" name="passwrd1" id="passwrd1" size="20" value=""> |
127 | 129 |
self::buildJavascript('#passwrd1', '#passwrd1'); |
... | ... |
@@ -184,9 +186,11 @@ class hibp |
184 | 186 |
Lang::load('Hibp'); |
185 | 187 |
|
186 | 188 |
// Find the last password setting. |
187 |
- foreach ($config_vars as $id => $val) |
|
188 |
- if (is_array($val) && $val[1] == 'enable_password_conversion' && is_string($config_vars[$id + 1]) && $config_vars[$id + 1] == '') |
|
189 |
+ foreach ($config_vars as $id => $val) { |
|
190 |
+ if (is_array($val) && $val[1] == 'enable_password_conversion' && is_string($config_vars[$id + 1]) && $config_vars[$id + 1] == '') { |
|
189 | 191 |
break; |
192 |
+ } |
|
193 |
+ } |
|
190 | 194 |
|
191 | 195 |
$varsA = array_slice($config_vars, 0, $id + 1); |
192 | 196 |
$varsB = array_slice($config_vars, $id + 1); |
... | ... |
@@ -200,11 +204,11 @@ class hibp |
200 | 204 |
$config_vars = array_merge($varsA, $new_vars, $varsB); |
201 | 205 |
|
202 | 206 |
// Saving? |
203 |
- if (isset($_GET['save'])) |
|
204 |
- { |
|
207 |
+ if (isset($_GET['save'])) { |
|
205 | 208 |
// Can't have one without the other. |
206 |
- if (!empty($_POST['enableHibPjs']) && empty($_POST['enableHibP'])) |
|
209 |
+ if (!empty($_POST['enableHibPjs']) && empty($_POST['enableHibP'])) { |
|
207 | 210 |
$_POST['enableHibP'] = $_POST['enableHibPjs']; |
208 | 211 |
} |
209 | 212 |
} |
210 | 213 |
} |
214 |
+} |
|
211 | 215 |