/** * Verify user authentication * @return boolean True if authentication is okay, * false otherwise */ function checkAuth() { global $sessionObj, $_CORELANG; $username = isset($_POST['USERNAME']) && $_POST['USERNAME'] != '' ? contrexx_stripslashes($_POST['USERNAME']) : null; $password = isset($_POST['PASSWORD']) && $_POST['PASSWORD'] != '' ? md5(contrexx_stripslashes($_POST['PASSWORD'])) : null; $authToken = !empty($_GET['auth-token']) ? contrexx_input2raw($_GET['auth-token']) : null; $userId = !empty($_GET['user-id']) ? contrexx_input2raw($_GET['user-id']) : null; if ((!isset($username) || !isset($password)) && (!isset($authToken) || !isset($userId))) { return false; } if (empty($sessionObj)) { $sessionObj = cmsSession::getInstance(); } if (!isset($_SESSION['auth'])) { $_SESSION['auth'] = array(); } if (isset($username) && isset($password) && $this->objUser->auth($username, $password, $this->isBackendMode(), \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) || isset($authToken) && isset($userId) && $this->objUser->authByToken($userId, $authToken, $this->isBackendMode())) { if ($this->isBackendMode()) { $this->log(); } $this->loginUser($this->objUser); return true; } $_SESSION['auth']['loginLastAuthFailed'] = 1; User::registerFailedLogin($username); $this->arrStatusMsg['error'][] = $_CORELANG['TXT_PASSWORD_OR_USERNAME_IS_INCORRECT']; $_SESSION->cmsSessionUserUpdate(); $_SESSION->cmsSessionStatusUpdate($this->isBackendMode() ? 'backend' : 'frontend'); return false; }