Refactor process_login_request 8: Extract method validate_and_fetch_user().

mladenb · mladenb · commit 480b97a607a7 · 2021-12-07T03:36:50.000+01:00
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
@@ -95,68 +95,7 @@ function process_login_request(app $app, &$error, $conf, $module)
 		return;
 	}
 
-	if ($loginAs) {
-		$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
-		$user = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
-	} else {
-		if (stristr($username, '@')) {
-			//* mailuser login
-			$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
-			$mailuser = $app->db->queryOneRecord($sql, (string)$username, $app->functions->idn_encode($username));
-			$user = false;
-			if ($mailuser) {
-				$saved_password = stripslashes($mailuser['password']);
-				//* Check if mailuser password is correct
-				if (crypt(stripslashes($password), $saved_password) == $saved_password) {
-					//* Get the sys_user language of the client of the mailuser
-					$sys_user_lang = $app->db->queryOneRecord("SELECT language FROM sys_user WHERE default_group = ?", $mailuser['sys_groupid']);
-
-					//* we build a fake user here which has access to the mailuser module only and userid 0
-					$user = array();
-					$user['userid'] = 0;
-					$user['active'] = 1;
-					$user['startmodule'] = 'mailuser';
-					$user['modules'] = 'mailuser';
-					$user['typ'] = 'user';
-					$user['email'] = $mailuser['email'];
-					$user['username'] = $username;
-					if (is_array($sys_user_lang) && $sys_user_lang['language'] != '') {
-						$user['language'] = $sys_user_lang['language'];
-					} else {
-						$user['language'] = $conf['language'];
-					}
-					$user['theme'] = $conf['theme'];
-					$user['app_theme'] = $conf['theme'];
-					$user['mailuser_id'] = $mailuser['mailuser_id'];
-					$user['default_group'] = $mailuser['sys_groupid'];
-				}
-			}
-		} else {
-			//* normal cp user login
-			$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
-			$user = $app->db->queryOneRecord($sql, (string)$username);
-			if ($user) {
-				$saved_password = stripslashes($user['passwort']);
-				if (substr($saved_password, 0, 1) == '$') {
-					//* The password is encrypted with crypt
-					if (crypt(stripslashes($password), $saved_password) != $saved_password) {
-						$user = false;
-					}
-				} else {
-					//* The password is md5 encrypted
-					if (md5($password) != $saved_password) {
-						$user = false;
-					} else {
-						// update password with secure algo
-						$sql = 'UPDATE `sys_user` SET `passwort` = ? WHERE `username` = ?';
-						$app->db->query($sql, $app->auth->crypt_password($password), (string)$username);
-					}
-				}
-			} else {
-				$user = false;
-			}
-		}
-	}
+	$user = validate_and_fetch_user($app, $username, $password, $loginAs, $conf);
 
 	if ($user) {
 		if ($user['active'] == 1) {
@@ -250,6 +189,83 @@ function process_login_request(app $app, &$error, $conf, $module)
 	}
 }
 
+/**
+ * Validates user credentials and fetches the user if validation succeeded
+ * @param app $app
+ * @param $username
+ * @param $password
+ * @param $loginAs
+ * @param $conf
+ * @return array | bool
+ */
+function validate_and_fetch_user(app $app, $username, $password, $loginAs, $conf)
+{
+	if ($loginAs) {
+		$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
+		$user = $app->db->queryOneRecord($sql, (string)$username, (string)$password);
+	} else {
+		if (stristr($username, '@')) {
+			//* mailuser login
+			$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
+			$mailuser = $app->db->queryOneRecord($sql, (string)$username, $app->functions->idn_encode($username));
+			$user = false;
+			if ($mailuser) {
+				$saved_password = stripslashes($mailuser['password']);
+				//* Check if mailuser password is correct
+				if (crypt(stripslashes($password), $saved_password) == $saved_password) {
+					//* Get the sys_user language of the client of the mailuser
+					$sys_user_lang = $app->db->queryOneRecord("SELECT language FROM sys_user WHERE default_group = ?", $mailuser['sys_groupid']);
+
+					//* we build a fake user here which has access to the mailuser module only and userid 0
+					$user = array();
+					$user['userid'] = 0;
+					$user['active'] = 1;
+					$user['startmodule'] = 'mailuser';
+					$user['modules'] = 'mailuser';
+					$user['typ'] = 'user';
+					$user['email'] = $mailuser['email'];
+					$user['username'] = $username;
+					if (is_array($sys_user_lang) && $sys_user_lang['language'] != '') {
+						$user['language'] = $sys_user_lang['language'];
+					} else {
+						$user['language'] = $conf['language'];
+					}
+					$user['theme'] = $conf['theme'];
+					$user['app_theme'] = $conf['theme'];
+					$user['mailuser_id'] = $mailuser['mailuser_id'];
+					$user['default_group'] = $mailuser['sys_groupid'];
+				}
+			}
+		} else {
+			//* normal cp user login
+			$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
+			$user = $app->db->queryOneRecord($sql, (string)$username);
+			if ($user) {
+				$saved_password = stripslashes($user['passwort']);
+				if (substr($saved_password, 0, 1) == '$') {
+					//* The password is encrypted with crypt
+					if (crypt(stripslashes($password), $saved_password) != $saved_password) {
+						$user = false;
+					}
+				} else {
+					//* The password is md5 encrypted
+					if (md5($password) != $saved_password) {
+						$user = false;
+					} else {
+						// update password with secure algo
+						$sql = 'UPDATE `sys_user` SET `passwort` = ? WHERE `username` = ?';
+						$app->db->query($sql, $app->auth->crypt_password($password), (string)$username);
+					}
+				}
+			} else {
+				$user = false;
+			}
+		}
+	}
+
+	return $user;
+}
+
 /**
  * Checks if there is a "login as" instead of a "normal" login
  * @param app $app
