/** * Check whether a back end or front end user is logged in * * @param string $strCookie * * @return boolean */ protected function getLoginStatus($strCookie) { $hash = $this->getSessionHash($strCookie); // Validate the cookie hash if (\Input::cookie($strCookie) == $hash) { // Try to find the session $objSession = \SessionModel::findByHashAndName($hash, $strCookie); // Validate the session ID and timeout if ($objSession !== null && $objSession->sessionID == \System::getContainer()->get('session')->getId() && (\System::getContainer()->getParameter('contao.security.disable_ip_check') || $objSession->ip == \Environment::get('ip')) && $objSession->tstamp + \Config::get('sessionTimeout') > time()) { // Disable the cache if a back end user is logged in if (TL_MODE == 'FE' && $strCookie == 'BE_USER_AUTH') { $_SESSION['DISABLE_CACHE'] = true; // Always return false if we are not in preview mode (show hidden elements) if (!\Input::cookie('FE_PREVIEW')) { return false; } } // The session could be verified return true; } } // Reset the cache settings if (TL_MODE == 'FE' && $strCookie == 'BE_USER_AUTH') { $_SESSION['DISABLE_CACHE'] = false; } // Remove the cookie if it is invalid to enable loading cached pages $this->setCookie($strCookie, $hash, time() - 86400, null, null, false, true); return false; }