/**
* Verify user authentication
* @return boolean True if authentication is okay,
* false otherwise
*/
function checkAuth()
{
global $sessionObj, $_CORELANG;
$username = isset($_POST['USERNAME']) && $_POST['USERNAME'] != '' ? contrexx_stripslashes($_POST['USERNAME']) : null;
$password = isset($_POST['PASSWORD']) && $_POST['PASSWORD'] != '' ? md5(contrexx_stripslashes($_POST['PASSWORD'])) : null;
$authToken = !empty($_GET['auth-token']) ? contrexx_input2raw($_GET['auth-token']) : null;
$userId = !empty($_GET['user-id']) ? contrexx_input2raw($_GET['user-id']) : null;
if ((!isset($username) || !isset($password)) && (!isset($authToken) || !isset($userId))) {
return false;
}
if (empty($sessionObj)) {
$sessionObj = cmsSession::getInstance();
}
if (!isset($_SESSION['auth'])) {
$_SESSION['auth'] = array();
}
if (isset($username) && isset($password) && $this->objUser->auth($username, $password, $this->isBackendMode(), \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) || isset($authToken) && isset($userId) && $this->objUser->authByToken($userId, $authToken, $this->isBackendMode())) {
if ($this->isBackendMode()) {
$this->log();
}
$this->loginUser($this->objUser);
return true;
}
$_SESSION['auth']['loginLastAuthFailed'] = 1;
User::registerFailedLogin($username);
$this->arrStatusMsg['error'][] = $_CORELANG['TXT_PASSWORD_OR_USERNAME_IS_INCORRECT'];
$_SESSION->cmsSessionUserUpdate();
$_SESSION->cmsSessionStatusUpdate($this->isBackendMode() ? 'backend' : 'frontend');
return false;
}
