public static function Login()
{
$DB = GetDB();
self::$authenticated = false;
self::$superuser = false;
self::$username = null;
$cookie_settings = self::GetCookieSettings();
if (isset($_REQUEST[self::FIELD_USERNAME])) {
if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) {
self::$error = 'The username field was left blank';
return;
}
if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) {
self::$error = 'The password field was left blank';
return;
}
$account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD])));
if (!$account) {
self::$error = 'The supplied username/password combination is not valid';
return;
} else {
$session = sha1(uniqid(rand(), true));
$DB->Update('INSERT INTO `tbx_administrator_session` VALUES (?,?,?,?,?)', array($account['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time()));
$DB->Update('INSERT INTO `tbx_administrator_login_history` VALUES (?,?,?)', array($account['username'], Database_MySQL::Now(), $_SERVER['REMOTE_ADDR']));
setcookie(self::COOKIE_NAME, self::FIELD_USERNAME . '=' . urlencode($account['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::SESSION_LENGTH : null, $cookie_settings['path'], $cookie_settings['domain']);
self::$username = $account['username'];
self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
self::$privileges = $account['privileges'];
self::$authenticated = true;
}
} else {
if (isset($_COOKIE[self::COOKIE_NAME])) {
$cookie = array();
parse_str($_COOKIE[self::COOKIE_NAME], $cookie);
$DB->Update('DELETE FROM `tbx_administrator_session` WHERE `timestamp` < ?', array(time() - self::SESSION_LENGTH));
$session = $DB->Row('SELECT * FROM `tbx_administrator_session` WHERE `username`=? AND `session`=? AND `browser`=? AND `ip_address`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION], sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR']));
if (!$session) {
setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
self::$error = 'Your control panel session has expired';
return;
} else {
$account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=?', array($session['username']));
if (!$account) {
setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
self::$error = 'Invalid control panel account';
return;
} else {
self::$username = $account['username'];
self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
self::$privileges = $account['privileges'];
self::$authenticated = true;
}
}
}
}
return self::$authenticated;
}