/** * performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently) * TODO add throttling here ? * * @param $cookie string The cookie "remember_me" * * @return bool success state */ public static function loginWithCookie($cookie) { if (!$cookie) { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // check cookie's contents, check if cookie contents belong together or token is empty list($user_id, $token, $hash) = explode(':', $cookie); if ($hash !== hash('sha256', $user_id . ':' . $token) or empty($token)) { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // get data of user that has this id and this token $result = UserModel::getUserDataByUserIdAndToken($user_id, $token); if ($result) { // successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true self::setSuccessfulLoginIntoSession($result->user_id, $result->user_name, $result->user_email, $result->user_account_type); // save timestamp of this login in the database line of that user self::saveTimestampOfLoginOfUser($result->user_name); Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL')); return true; } else { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } }