function ldCheckCredentials($login) { global $ARCurrent, $AR; debug("ldCheckCredentials()", "object"); $result = false; $cookie = ldGetCredentials(); $data = ldDecodeCookie($cookie[$ARCurrent->session->id]); if ($login === $data['login'] && ($saved = $data['check'])) { $check = ldGenerateSessionKeyCheck(); if ($check === $saved && !$ARCurrent->session->get('ARSessionTimedout', 1)) { $result = true; } else { debug("login check failed", "all"); } } else { $ARSessionKeyCheck = $_GET['ARSessionKeyCheck']; if (!$ARSessionKeyCheck) { $ARSessionKeyCheck = $_POST['ARSessionKeyCheck']; } if ($ARSessionKeyCheck) { debug("ldCheckCredentials: trying ARSessionKeyCheck ({$ARSessionKeyCheck})"); if ($ARSessionKeyCheck == ldGenerateSessionKeyCheck()) { $result = true; } } else { debug("wrong login or corrupted cookie", "all"); } } return $result; }
public function _getSetting($setting) { global $AR; switch ($setting) { case 'www': case 'dir:www': return $AR->dir->www; case 'images': case 'dir:images': return $AR->dir->images; case 'ARSessionKeyCheck': $result = null; if (function_exists('ldGenerateSessionKeyCheck')) { $result = ldGenerateSessionKeyCheck(); } return $result; break; case 'nls:list': return $AR->nls->list; break; case 'nls:default': return $AR->nls->default; break; case 'svn': return $AR->SVN->enabled; break; } }
<?php if ($this->CheckConfig()) { $hideSession = $AR->hideSessionIDfromURL; $AR->hideSessionIDfromURL = false; global $auth_config; $auth_class = "mod_auth_" . $auth_config["method"]; $mod_auth = new $auth_class($auth_config); $result = $mod_auth->checkLogin($username, $password, $path); if ($result === true) { $keyCheck = ldGenerateSessionKeyCheck(); $arResult = $this->make_local_url() . '?ARSessionKeyCheck=' . RawURLEncode($keyCheck); } else { $arResult = $result; } $AR->hideSessionIDfromURL = $hideSession; } else { $arResult = false; }