diff --git a/PasswordHash.php b/PasswordHash.php index 12958c7..474b2e3 100644 --- a/PasswordHash.php +++ b/PasswordHash.php @@ -104,12 +104,12 @@ class PasswordHash { function crypt_private($password, $setting) { $output = '*0'; - if (substr($setting, 0, 2) == $output) + if (substr($setting, 0, 2) === $output) $output = '*1'; $id = substr($setting, 0, 3); # We use "$P$", phpBB3 uses "$H$" for the same thing - if ($id != '$P$' && $id != '$H$') + if ($id !== '$P$' && $id !== '$H$') return $output; $count_log2 = strpos($this->itoa64, $setting[3]); @@ -119,7 +119,7 @@ class PasswordHash { $count = 1 << $count_log2; $salt = substr($setting, 4, 8); - if (strlen($salt) != 8) + if (strlen($salt) !== 8) return $output; # We're kind of forced to use MD5 here since it's the only @@ -209,20 +209,20 @@ class PasswordHash { { $random = ''; - if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) { + if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); - if (strlen($hash) == 60) + if (strlen($hash) === 60) return $hash; } - if (CRYPT_EXT_DES == 1 && !$this->portable_hashes) { + if (CRYPT_EXT_DES === 1 && !$this->portable_hashes) { if (strlen($random) < 3) $random = $this->get_random_bytes(3); $hash = crypt($password, $this->gensalt_extended($random)); - if (strlen($hash) == 20) + if (strlen($hash) === 20) return $hash; } @@ -231,7 +231,7 @@ class PasswordHash { $hash = $this->crypt_private($password, $this->gensalt_private($random)); - if (strlen($hash) == 34) + if (strlen($hash) === 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe @@ -243,10 +243,10 @@ class PasswordHash { function CheckPassword($password, $stored_hash) { $hash = $this->crypt_private($password, $stored_hash); - if ($hash[0] == '*') + if ($hash[0] === '*') $hash = crypt($password, $stored_hash); - return $hash == $stored_hash; + return $hash === $stored_hash; } } diff --git a/ajax/settings.php b/ajax/settings.php index 3b85780..9a85ca5 100644 --- a/ajax/settings.php +++ b/ajax/settings.php @@ -18,7 +18,7 @@ $params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'allow_password_change', 'sql_column_active_invert', 'sql_column_email', 'mail_sync_mode'); -if(isset($_POST['appname']) && $_POST['appname'] == "user_sql") +if(isset($_POST['appname']) && $_POST['appname'] === "user_sql") { foreach($params as $param) { diff --git a/templates/settings.php b/templates/settings.php index 33d4b58..b9b34f2 100644 --- a/templates/settings.php +++ b/templates/settings.php @@ -21,7 +21,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; $name): echo $_['sql_type']; - if($_['sql_type'] == $driver): ?> + if($_['sql_type'] === $driver): ?> @@ -53,7 +53,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; $name): echo $_['crypt_type']; - if($_['crypt_type'] == $driver): ?> + if($_['crypt_type'] === $driver): ?> @@ -74,7 +74,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; $name): echo $_['mail_sync_mode']; - if($_['mail_sync_mode'] == $mode): ?> + if($_['mail_sync_mode'] === $mode): ?> @@ -89,19 +89,19 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
>t('No Mapping') ?>
>t('Append Server Hostname') ?>
>t('Append Default') ?>
>t('Map Domains') ?> @@ -111,7 +111,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; $maps = explode(",", $_['map_array']); for($i = 0; $i < count($domains); $i++) { - if(trim($domains[$i]) != "" && trim($domains[$i]) != "") + if(trim($domains[$i]) !== "" && trim($domains[$i]) !== "") echo ""; } ?> diff --git a/user_sql.php b/user_sql.php index f3326d8..3043be4 100644 --- a/user_sql.php +++ b/user_sql.php @@ -102,7 +102,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface if($this -> sql_column_email === '') return false; - if($this -> mail_sync_mode == 'none') + if($this -> mail_sync_mode === 'none') return false; $ocUid = $uid; @@ -133,11 +133,11 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface OCP\Config::setUserValue($ocUid, 'settings', 'email', $newMail); break; case 'forcesql': - if($currMail != $newMail) + if($currMail !== $newMail) OCP\Config::setUserValue($ocUid, 'settings', 'email', $newMail); break; case 'forceoc': - if(($currMail !== '') && ($currMail != $newMail)) + if(($currMail !== '') && ($currMail !== $newMail)) { $query = "UPDATE $this->sql_table SET $this->sql_column_email = :currMail WHERE $this->sql_column_username = :uid"; OC_Log::write('OC_USER_SQL', "Preapring query: $query", OC_Log::DEBUG); @@ -181,7 +181,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface for($i = 0; $i < count($this -> domain_array); $i++) { OC_Log::write('OC_USER_SQL', 'Checking domain in mapping: ' . $this -> domain_array[$i], OC_Log::DEBUG); - if($_SERVER['SERVER_NAME'] == trim($this -> domain_array[$i])) + if($_SERVER['SERVER_NAME'] === trim($this -> domain_array[$i])) { OC_Log::write('OC_USER_SQL', 'Found domain in mapping: ' . $this -> domain_array[$i], OC_Log::DEBUG); $uid .= "@" . trim($this -> map_array[$i]); @@ -252,7 +252,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface return false; } $old_password = $row[$this -> sql_column_password]; - if($this -> crypt_type == 'joomla2') + if($this -> crypt_type === 'joomla2') { if(!class_exists('PasswordHash')) require_once('PasswordHash.php'); @@ -261,7 +261,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } // Redmine stores the salt separatedly, this doesn't play nice with the way // we check passwords - elseif($this -> crypt_type == 'redmine') + elseif($this -> crypt_type === 'redmine') { $query = "SELECT salt FROM $this->sql_table WHERE $this->sql_column_username =:uid;"; $res = $this->db->prepare($query); @@ -311,7 +311,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $uid = $this -> doUserDomainMapping($uid); $query = "SELECT $this->sql_column_username, $this->sql_column_password FROM $this->sql_table WHERE $this->sql_column_username = :uid"; - if($this -> sql_column_active != '') + if($this -> sql_column_active !== '') $query .= " AND " .($this->sql_column_active_invert ? "NOT " : "" ).$this->sql_column_active; OC_Log::write('OC_USER_SQL', "Preparing query: $query", OC_Log::DEBUG); $result = $this -> db -> prepare($query); @@ -333,7 +333,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface OC_Log::write('OC_USER_SQL', "Encrypting and checking password", OC_Log::DEBUG); // Joomla 2.5.18 switched to phPass, which doesn't play nice with the way // we check passwords - if($this -> crypt_type == 'joomla2') + if($this -> crypt_type === 'joomla2') { if(!class_exists('PasswordHash')) require_once('PasswordHash.php'); @@ -342,7 +342,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } // Redmine stores the salt separatedly, this doesn't play nice with the way // we check passwords - elseif($this -> crypt_type == 'redmine') + elseif($this -> crypt_type === 'redmine') { $query = "SELECT salt FROM $this->sql_table WHERE $this->sql_column_username =:uid;"; $res = $this->db->prepare($query); @@ -352,10 +352,10 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $salt = $res->fetch(); if(!$salt) return false; - $ret = sha1($salt['salt'].sha1($password)) == $row[$this->sql_column_password]; + $ret = sha1($salt['salt'].sha1($password)) === $row[$this->sql_column_password]; } else { - $ret = $this -> pacrypt($password, $row[$this -> sql_column_password]) == $row[$this -> sql_column_password]; + $ret = $this -> pacrypt($password, $row[$this -> sql_column_password]) === $row[$this -> sql_column_password]; } if($ret) { @@ -390,22 +390,22 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } $query = "SELECT $this->sql_column_username FROM $this->sql_table"; $query .= " WHERE $this->sql_column_username LIKE :search"; - if($this -> sql_column_active != '') + if($this -> sql_column_active !== '') $query .= " AND " .($this->sql_column_active_invert ? "NOT " : "" ).$this->sql_column_active; $query .= " ORDER BY $this->sql_column_username"; - if($limit != null) + if($limit !== null) { $limit = intval($limit); $query .= " LIMIT $limit"; } - if($offset != null) + if($offset !== null) { $offset = intval($offset); $query .= " OFFSET $offset"; } OC_Log::write('OC_USER_SQL', "Preparing query: $query", OC_Log::DEBUG); $result = $this -> db -> prepare($query); - if($search != '') + if($search !== '') { $search = "%".$this -> doUserDomainMapping($search."%")."%"; } @@ -458,7 +458,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } $uid = $this -> doUserDomainMapping($uid); $query = "SELECT $this->sql_column_username FROM $this->sql_table WHERE $this->sql_column_username = :uid"; - if($this -> sql_column_active != '') + if($this -> sql_column_active !== '') $query .= " AND " .($this->sql_column_active_invert ? "NOT " : "" ).$this->sql_column_active; OC_Log::write('OC_USER_SQL', "Preparing query: $query", OC_Log::DEBUG); $result = $this -> db -> prepare($query); @@ -503,7 +503,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } $query = "SELECT $this->sql_column_displayname FROM $this->sql_table WHERE $this->sql_column_username = :uid"; - if($this -> sql_column_active != '') + if($this -> sql_column_active !== '') $query .= " AND " .($this->sql_column_active_invert ? "NOT " : "" ).$this->sql_column_active; OC_Log::write('OC_USER_SQL', "Preparing query: $query", OC_Log::DEBUG); $result = $this -> db -> prepare($query); @@ -562,7 +562,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $password = ""; $salt = ""; - if($this -> crypt_type == 'md5crypt') + if($this -> crypt_type === 'md5crypt') { $split_salt = preg_split('/\$/', $pw_db); if(isset($split_salt[2])) @@ -570,14 +570,14 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $salt = $split_salt[2]; } $password = $this -> md5crypt($pw, $salt); - } elseif($this -> crypt_type == 'md5') + } elseif($this -> crypt_type === 'md5') { $password = md5($pw); - } elseif($this -> crypt_type == 'system') + } elseif($this -> crypt_type === 'system') { // We never generate salts, as user creation is not allowed here $password = crypt($pw, $pw_db); - } elseif($this -> crypt_type == 'cleartext') + } elseif($this -> crypt_type === 'cleartext') { $password = $pw; } @@ -585,13 +585,13 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface // See // https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583 // this is apparently useful for pam_mysql etc. - elseif($this -> crypt_type == 'mysql_encrypt') + elseif($this -> crypt_type === 'mysql_encrypt') { if(!$this -> db_conn) { return false; } - if($pw_db != "") + if($pw_db !== "") { $salt = substr($pw_db, 0, 2); $query = "SELECT ENCRYPT(:pw, :salt);"; @@ -602,7 +602,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $result = $this -> db -> prepare($query); $result -> bindParam(":pw", $pw); - if($pw_db != "") + if($pw_db !== "") $result -> bindParam(":salt", $salt); if(!$result -> execute()) { @@ -614,7 +614,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface return false; } $password = $row[0]; - } elseif($this -> crypt_type == 'mysql_password') + } elseif($this -> crypt_type === 'mysql_password') { if(!$this -> db_conn) { @@ -637,7 +637,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface } // The following is by Frédéric France - elseif($this -> crypt_type == 'joomla') + elseif($this -> crypt_type === 'joomla') { $split_salt = preg_split('/:/', $pw_db); if(isset($split_salt[1])) @@ -648,7 +648,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface $password .= ':' . $salt; } - elseif($this-> crypt_type == 'ssha256') + elseif($this-> crypt_type === 'ssha256') { $salted_password = base64_decode(preg_replace('/{SSHA256}/i','',$pw_db)); $salt = substr($salted_password,-(strlen($salted_password)-32)); @@ -672,12 +672,12 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface { $MAGIC = "$1$"; - if($magic == "") + if($magic === "") $magic = $MAGIC; - if($salt == "") + if($salt === "") $salt = $this -> create_salt(); $slist = explode("$", $salt); - if($slist[0] == "1") + if($slist[0] === "1") $salt = $slist[1]; $salt = substr($salt, 0, 8);
" . htmlspecialchars($domains[$i]) . "" . htmlspecialchars($maps[$i]) . "delete