/** * Gets the account that is stored in the "remember me"-cookie. Returns null * if the cookie is invalid. * @return null|User The user, or null if the cookie is invalid. */ public function getUserFromCookie() { if (!isset($_COOKIE[self::AUTHENTIATION_COOKIE])) { return null; } // Get and split the cookie $auth_cookie = $_COOKIE[self::AUTHENTIATION_COOKIE]; $cookie_split = explode('|', $auth_cookie); if (count($cookie_split) != 3) { // Invalid cookie, not consisting of three parts return null; } try { $user = $this->getUserRepository()->getById($cookie_split[0]); } catch (NotFoundException $e) { // Invalid user id return null; } $stored_hash = $cookie_split[1]; $expires = $cookie_split[2]; $verification_string = $expires . "|" . $user->getPasswordHashed(); if (HashHelper::verifyHash($verification_string, $stored_hash)) { return $user; } else { // Invalid hash return null; } }