/**
* Validate authentication data
* @see http://phpsec.org/projects/guide/4.html
* @see http://www.serversidemagazine.com/php/session-hijacking
* @return <Boolean>
*/
public function validate()
{
if (isset($this->appSession) && $this->appSession->AuthData['_initialized'] !== null) {
if ($this->_securityLevel == self::LEVEL_LOW && ($this->_initialized || isset($this->appSession->AuthData['_username']) || time() - $this->appSession->AuthData['_time'] <= $this->_authSessionExpire) || ($this->_securityLevel == self::LEVEL_MEDIUM || $this->_securityLevel == self::LEVEL_HIGH) && $this->_fingerprint == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $this->_securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) {
//LEVEL_HIGH
$this->_time = time();
$this->isValid = true;
$this->username = $this->appSession->AuthData['_username'];
$this->group = $this->appSession->AuthData['_group'];
}
} else {
$this->isValid = false;
}
}
/**
* Validate authentication data
* @see http://phpsec.org/projects/guide/4.html
* @see http://www.serversidemagazine.com/php/session-hijacking
* @return boolean
*/
public function validate()
{
$authData = $this->appSession->AuthData;
$securityLevel = $authData['_securityLevel'];
if (isset($this->appSession) && $authData !== null) {
if ($securityLevel == self::LEVEL_LOW && (isset($authData['_username']) || time() - $authData['_time'] <= $this->getSessionExpire()) || ($securityLevel == self::LEVEL_MEDIUM || $securityLevel == self::LEVEL_HIGH) && $authData['_fingerprint'] == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) {
//LEVEL_HIGH
$this->isValid = true;
$this->appSession->AuthData['_time'] = time();
$this->username = $authData['_username'];
if (isset($authData['_userID'])) {
$this->userID = $authData['_userID'];
}
$this->group = $authData['_group'];
}
} else {
$this->isValid = false;
}
}
