<?php ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Check if the user is logged in // With cookie? check_user_cookie(); if (isset($_SESSION['cms_user_id'])) { ////////////////////////////////////////////////////////////////////////////// // Check if user still exists and is active $sth = $dbh->prepare("SELECT * FROM `directus_users` WHERE `id` = :id AND `active` = '1' LIMIT 1 "); $sth->bindParam(':id', $_SESSION['cms_user_id']); $sth->execute(); if ($cms_user = $sth->fetch()) { ////////////////////////////////////////////////////////////////////////////// // Check to ensure that user is only online once (USE IP ADDRESS) if (!$_SESSION['duplicate_user'] && $cms_user["ip"] != $_SERVER['REMOTE_ADDR'] && (strtotime('-2 minutes', CMS_TIME_RAW) < strtotime($cms_user["last_login"]) && strtotime($cms_user["last_login"]) < strtotime('+5 seconds', CMS_TIME_RAW))) { $_SESSION['duplicate_user'] = $_SERVER['REMOTE_ADDR']; $alert[] = "duplicate_user"; } ////////////////////////////////////////////////////////////////////////////// // Check if user wants to "Remember Me" and update cookie if so (we can regenerate token here for more security) if (isset($_COOKIE['token'])) { setcookie("token", $cms_user["token"], time() + 60 * $settings['cms']['cookie_life'], CMS_PATH); } ////////////////////////////////////////////////////////////////////////////// // Update the time/page the user logged in -- Except for AJAX pages if ($setup_ajax) { // If this is an AJAX page then dont save the page we're on $last_page = ""; } else { $_SESSION['cms_last_page'] = CMS_PAGE_FILE . CMS_PAGE_QUERYSTRING;
<?php require_once 'global.php'; require_once __DIR__ . '/../users/autoLogin.php'; function auto_login_fail() { redirect('login.php'); } if (isset($_COOKIE['remember_me'])) { //Get User Cookie $user_cookie = $_COOKIE['remember_me']; $user_cookie = addslashes($user_cookie); $user_cookie = strip_tags($user_cookie); if (!check_user_cookie($user_cookie)) { //Remove Cookie setcookie('remember_me', "", time() - 10, '/'); auto_login_fail(); } } if (!$_SESSION['auth']) { auto_login_fail(); }