function ldCheckCredentials($login)
{
global $ARCurrent, $AR;
debug("ldCheckCredentials()", "object");
$result = false;
$cookie = ldGetCredentials();
$data = ldDecodeCookie($cookie[$ARCurrent->session->id]);
if ($login === $data['login'] && ($saved = $data['check'])) {
$check = ldGenerateSessionKeyCheck();
if ($check === $saved && !$ARCurrent->session->get('ARSessionTimedout', 1)) {
$result = true;
} else {
debug("login check failed", "all");
}
} else {
$ARSessionKeyCheck = $_GET['ARSessionKeyCheck'];
if (!$ARSessionKeyCheck) {
$ARSessionKeyCheck = $_POST['ARSessionKeyCheck'];
}
if ($ARSessionKeyCheck) {
debug("ldCheckCredentials: trying ARSessionKeyCheck ({$ARSessionKeyCheck})");
if ($ARSessionKeyCheck == ldGenerateSessionKeyCheck()) {
$result = true;
}
} else {
debug("wrong login or corrupted cookie", "all");
}
}
return $result;
}
public function _getSetting($setting)
{
global $AR;
switch ($setting) {
case 'www':
case 'dir:www':
return $AR->dir->www;
case 'images':
case 'dir:images':
return $AR->dir->images;
case 'ARSessionKeyCheck':
$result = null;
if (function_exists('ldGenerateSessionKeyCheck')) {
$result = ldGenerateSessionKeyCheck();
}
return $result;
break;
case 'nls:list':
return $AR->nls->list;
break;
case 'nls:default':
return $AR->nls->default;
break;
case 'svn':
return $AR->SVN->enabled;
break;
}
}
<?php
if ($this->CheckConfig()) {
$hideSession = $AR->hideSessionIDfromURL;
$AR->hideSessionIDfromURL = false;
global $auth_config;
$auth_class = "mod_auth_" . $auth_config["method"];
$mod_auth = new $auth_class($auth_config);
$result = $mod_auth->checkLogin($username, $password, $path);
if ($result === true) {
$keyCheck = ldGenerateSessionKeyCheck();
$arResult = $this->make_local_url() . '?ARSessionKeyCheck=' . RawURLEncode($keyCheck);
} else {
$arResult = $result;
}
$AR->hideSessionIDfromURL = $hideSession;
} else {
$arResult = false;
}
