/**
* Gets the account that is stored in the "remember me"-cookie. Returns null
* if the cookie is invalid.
* @return null|User The user, or null if the cookie is invalid.
*/
public function getUserFromCookie()
{
if (!isset($_COOKIE[self::AUTHENTIATION_COOKIE])) {
return null;
}
// Get and split the cookie
$auth_cookie = $_COOKIE[self::AUTHENTIATION_COOKIE];
$cookie_split = explode('|', $auth_cookie);
if (count($cookie_split) != 3) {
// Invalid cookie, not consisting of three parts
return null;
}
try {
$user = $this->getUserRepository()->getById($cookie_split[0]);
} catch (NotFoundException $e) {
// Invalid user id
return null;
}
$stored_hash = $cookie_split[1];
$expires = $cookie_split[2];
$verification_string = $expires . "|" . $user->getPasswordHashed();
if (HashHelper::verifyHash($verification_string, $stored_hash)) {
return $user;
} else {
// Invalid hash
return null;
}
}
