| public static validateAuthUser ( $userCookie = TRUE ) |
public static function validateAuthUser($userCookie = TRUE)
{
if (isset($_COOKIE[COOKIE_USER]) && $_COOKIE[COOKIE_USER] != "") {
$cookieDataArr = explode(".", $_COOKIE[COOKIE_USER]);
if (count($cookieDataArr) == 3) {
list($userID, $cookieExpiration, $cookieHash) = $cookieDataArr;
if ($cookieExpiration > time()) {
$result = dbquery("SELECT * FROM " . DB_USERS . "\n\t\t\t\t\t\tWHERE user_id='" . (isnum($userID) ? $userID : 0) . "' AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
Authenticate::_setUserTheme($user);
$key = hash_hmac($user['user_algo'], $userID . $cookieExpiration, $user['user_salt']);
$hash = hash_hmac($user['user_algo'], $userID . $cookieExpiration, $key);
if ($cookieHash == $hash) {
return $user;
} else {
// Cookie has been tampered with!
return Authenticate::logOut();
}
} else {
// User id does not exist or user_status / user_actiontime != 0
return Authenticate::logOut();
}
} else {
// Cookie expired
Authenticate::logOut();
redirect(Authenticate::getRedirectUrl(2));
}
} else {
// Missing arguments in cookie
Authenticate::logOut();
redirect(Authenticate::getRedirectUrl(2));
}
} else {
return Authenticate::getEmptyUserData();
}
}// Set TRUE_PHP_SELF and START_PAGE
define("TRUE_PHP_SELF", $current_page);
define("START_PAGE", substr(preg_replace("#(&|\\?)(s_action=edit&shout_id=)([0-9]+)#s", "", TRUE_PHP_SELF . (FUSION_QUERY ? "?" . FUSION_QUERY : "")), 1));
/**
* Login / Logout / Revalidate
*/
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$auth = new Authenticate($_POST['user_name'], $_POST['user_pass'], isset($_POST['remember_me']) ? TRUE : FALSE);
$userdata = $auth->getUserData();
unset($auth, $_POST['user_name'], $_POST['user_pass']);
redirect(FUSION_REQUEST);
} elseif (isset($_GET['logout']) && $_GET['logout'] == "yes") {
$userdata = Authenticate::logOut();
redirect(BASEDIR . "index.php");
} else {
$userdata = Authenticate::validateAuthUser();
// ok userdata never add _1.
}
// User level, Admin Rights & User Group definitions
define("iGUEST", $userdata['user_level'] == 0 ? 1 : 0);
define("iMEMBER", $userdata['user_level'] <= -101 ? 1 : 0);
define("iADMIN", $userdata['user_level'] <= -102 ? 1 : 0);
define("iSUPERADMIN", $userdata['user_level'] == -103 ? 1 : 0);
define("iUSER", $userdata['user_level']);
define("iUSER_RIGHTS", $userdata['user_rights']);
define("iUSER_GROUPS", substr($userdata['user_groups'], 1));
// Get enabled language settings
$language_opts = fusion_get_enabled_languages();
$enabled_languages = array_keys($language_opts);
// If language change is initiated and if the selected language is valid
if (isset($_GET['lang']) && valid_language($_GET['lang'])) {
