/** * Attempts to auto-login a user based on data stored in cookies. * If successful, this will log in the user and set up this instance for * a registered member. It will then regenerate the auto-login information * for the user to another random value. * * @return bool True if logged in, false if not. */ protected function _attemptAutoLogin() { $userId = $this->_input->cookie('userid', 'uint'); $loginKey = $this->_input->cookie('autologin', 'string'); if (!$userId or !$loginKey) { return false; } // we check the auto-login to make sure it isn't older than 30 days $user = $this->_model->getAutoLoginInfo($userId); if ($user['user_autologin_time'] < RPG_NOW - 86400 * 30) { return false; } if (sha1($user['user_autologin'] . RPG::config('cookieSalt')) !== $loginKey) { return false; } // we succeeded. log in, set up the member, and refresh auto login details. $this->_session->loggedIn = true; $this->_session->userId = $userId; $this->setupMember(); $this->refreshAutoLogin(); return true; }