public static function verifySession()
{
if (isset($_SESSION["username"]) && isset($_SESSION["token"])) {
// they are logged in
$agent = apache_request_headers()["User-Agent"];
$encrypted = sha1($_SESSION["username"] . $agent);
//echo $agent . "<br />";
//echo "[sha!]" . sha1($agent) . "[!sha]";
if ($encrypted == $_SESSION["token"]) {
// echo "valid";
// echo "<br />Token: ".$_SESSION["token"];
//echo "<br />Challenge: ".$encrypted;
//echo "<br />Username: "******"username"];
//verified
} else {
AuthenticationManager::destroySession();
//echo "failed <br />".$encrypted."<br />";
}
} else {
//echo "not logged in";
//not logged in
}
}