public static function validateAuthUser($userCookie = true)
{
if (isset($_COOKIE[COOKIE_USER]) && $_COOKIE[COOKIE_USER] != "") {
$cookieDataArr = explode(".", $_COOKIE[COOKIE_USER]);
if (count($cookieDataArr) == 3) {
list($userID, $cookieExpiration, $cookieHash) = $cookieDataArr;
if ($cookieExpiration > time()) {
$result = dbquery("SELECT * FROM " . DB_USERS . "\n\t\t\t\t\t\tWHERE user_id='" . (isnum($userID) ? $userID : 0) . "' AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
Authenticate::_setUserTheme($user);
$key = hash_hmac($user['user_algo'], $userID . $cookieExpiration, $user['user_salt']);
$hash = hash_hmac($user['user_algo'], $userID . $cookieExpiration, $key);
if ($cookieHash == $hash) {
return $user;
} else {
// Cookie has been tampered with!
return Authenticate::logOut();
}
} else {
// User id does not exist or user_status / user_actiontime != 0
return Authenticate::logOut();
}
} else {
// Cookie expired
Authenticate::logOut();
redirect(Authenticate::getRedirectUrl(2));
}
} else {
// Missing arguments in cookie
Authenticate::logOut();
redirect(Authenticate::getRedirectUrl(2));
}
} else {
return Authenticate::getEmptyUserData();
}
}
