private function validate()
{
$auth_cookie_name = is_ssl() ? SIMPLE_WP_MEMBERSHIP_SEC_AUTH : SIMPLE_WP_MEMBERSHIP_AUTH;
if (!isset($_COOKIE[$auth_cookie_name]) || empty($_COOKIE[$auth_cookie_name])) {
return false;
}
$cookie_elements = explode('|', $_COOKIE[$auth_cookie_name]);
if (count($cookie_elements) != 3) {
return false;
}
//SwpmLog::log_auth_debug("validate() - " . $_COOKIE[$auth_cookie_name], true);
list($username, $expiration, $hmac) = $cookie_elements;
$expired = $expiration;
// Allow a grace period for POST and AJAX requests
if (defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD']) {
$expired += HOUR_IN_SECONDS;
}
// Quick check to see if an honest cookie has expired
if ($expired < time()) {
$this->lastStatusMsg = SwpmUtils::_("Session Expired.");
//do_action('auth_cookie_expired', $cookie_elements);
SwpmLog::log_auth_debug("validate() - Session Expired", true);
return false;
}
global $wpdb;
$query = " SELECT * FROM " . $wpdb->prefix . "swpm_members_tbl WHERE user_name = %s";
$user = $wpdb->get_row($wpdb->prepare($query, $username));
if (empty($user)) {
$this->lastStatusMsg = SwpmUtils::_("Invalid User Name");
return false;
}
$pass_frag = substr($user->password, 8, 4);
$key = SwpmAuth::b_hash($username . $pass_frag . '|' . $expiration);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ($hmac != $hash) {
$this->lastStatusMsg = SwpmUtils::_("Please login again.");
SwpmLog::log_auth_debug("validate() - Bad Hash", true);
return false;
}
if ($expiration < time()) {
$GLOBALS['login_grace_period'] = 1;
}
$this->userData = $user;
return $this->check_constraints();
}
