private function handleResponseAuth()
{
$FHANDLER = new CoreRequestHandler(array_merge($_GET, $_POST));
// Don't try to auth if one of the vars is missing
if (!$FHANDLER->issetAndNotEmpty('_username') || !$FHANDLER->issetAndNotEmpty('_password')) {
return null;
}
if (!$FHANDLER->match('_username', MATCH_USER_NAME) || $FHANDLER->isLongerThan('_username', AUTH_MAX_USERNAME_LENGTH)) {
throw new FieldInputError('_username', l('Invalid username.'));
}
if (!$FHANDLER->issetAndNotEmpty('_password') || $FHANDLER->isLongerThan('_password', AUTH_MAX_PASSWORD_LENGTH)) {
throw new FieldInputError('_password', l('Invalid password.'));
}
$a = array('user' => $FHANDLER->get('_username'), 'password' => $FHANDLER->get('_password'));
// It is possible to only request onetime access to prevent getting added
// and authentication cookie
if (isset($_REQUEST['_onetime'])) {
$a['onetime'] = true;
}
// Remove authentication infos. Hide it from the following code
if (isset($_REQUEST['_username'])) {
unset($_REQUEST['_username']);
}
if (isset($_REQUEST['_password'])) {
unset($_REQUEST['_password']);
}
if (isset($_POST['_username'])) {
unset($_POST['_username']);
}
if (isset($_POST['_password'])) {
unset($_POST['_password']);
}
if (isset($_GET['_username'])) {
unset($_GET['_username']);
}
if (isset($_GET['_password'])) {
unset($_GET['_password']);
}
return $a;
}
