private function validate() { $auth_cookie_name = is_ssl() ? SIMPLE_WP_MEMBERSHIP_SEC_AUTH : SIMPLE_WP_MEMBERSHIP_AUTH; if (!isset($_COOKIE[$auth_cookie_name]) || empty($_COOKIE[$auth_cookie_name])) { return false; } $cookie_elements = explode('|', $_COOKIE[$auth_cookie_name]); if (count($cookie_elements) != 3) { return false; } //SwpmLog::log_auth_debug("validate() - " . $_COOKIE[$auth_cookie_name], true); list($username, $expiration, $hmac) = $cookie_elements; $expired = $expiration; // Allow a grace period for POST and AJAX requests if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) { $expired += HOUR_IN_SECONDS; } // Quick check to see if an honest cookie has expired if ($expired < time()) { $this->lastStatusMsg = SwpmUtils::_("Session Expired."); //do_action('auth_cookie_expired', $cookie_elements); SwpmLog::log_auth_debug("validate() - Session Expired", true); return false; } global $wpdb; $query = " SELECT * FROM " . $wpdb->prefix . "swpm_members_tbl WHERE user_name = %s"; $user = $wpdb->get_row($wpdb->prepare($query, $username)); if (empty($user)) { $this->lastStatusMsg = SwpmUtils::_("Invalid User Name"); return false; } $pass_frag = substr($user->password, 8, 4); $key = SwpmAuth::b_hash($username . $pass_frag . '|' . $expiration); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ($hmac != $hash) { $this->lastStatusMsg = SwpmUtils::_("Please login again."); SwpmLog::log_auth_debug("validate() - Bad Hash", true); return false; } if ($expiration < time()) { $GLOBALS['login_grace_period'] = 1; } $this->userData = $user; return $this->check_constraints(); }