/** * Do Multi-site authentication * * @param array array of sites * @return object member auth object */ function _do_multi_auth($sites, $session_id) { if (!$sites or $this->EE->config->item('allow_multi_logins') == 'n') { return array('login' => lang('not_authorized')); } // Kill old sessions first $this->EE->session->gc_probability = 100; $this->EE->session->delete_old_sessions(); // Grab session $sess_q = $this->EE->db->get_where('sessions', array('session_id' => $session_id)); if (!$sess_q->num_rows()) { return FALSE; } // Grab member $mem_q = $this->EE->db->get_where('members', array('member_id' => $sess_q->row('member_id'))); if (!$mem_q->num_rows()) { return FALSE; } $incoming = new Auth_result($mem_q->row()); // this is silly - only works for the first site if (isset($_POST['auto_login'])) { $incoming->remember_me(60 * 60 * 24 * 365); } // hook onto an existing session $incoming->use_session_id($session_id); $incoming->start_session(); $new_row = $sess_q->row_array(); $some_row['site_id'] = $this->EE->config->item('site_id'); return $incoming; }
/** * Do Multi-site authentication * * @param array $sites Array of site URLs to login to * @param string $login_state The hash identifying the member * @return object member auth object */ private function _do_multi_auth($sites, $login_state) { if (!$sites or ee()->config->item('allow_multi_logins') == 'n' or empty($login_state)) { return ee()->output->show_user_error('general', lang('not_authorized')); } // Kill old sessions first ee()->session->gc_probability = 100; ee()->session->delete_old_sessions(); // Grab session $sess_q = ee()->db->get_where('sessions', array('user_agent' => substr(ee()->input->user_agent(), 0, 120), 'login_state' => $login_state)); if (!$sess_q->num_rows()) { return ee()->output->show_user_error('general', lang('not_authorized')); } // Grab member $mem_q = ee()->db->get_where('members', array('member_id' => $sess_q->row('member_id'))); if (!$mem_q->num_rows()) { return FALSE; } $incoming = new Auth_result($mem_q->row()); $csrf_token = ee()->csrf->refresh_token(); // this is silly - only works for the first site if (isset($_POST['auto_login'])) { $incoming->remember_me(); } // hook onto an existing session $incoming->use_session_id($sess_q->row('session_id')); $incoming->start_session(); $new_row = $sess_q->row_array(); $some_row['site_id'] = ee()->config->item('site_id'); return $incoming; }