public static function Login() { $DB = GetDB(); self::$authenticated = false; self::$superuser = false; self::$username = null; $cookie_settings = self::GetCookieSettings(); if (isset($_REQUEST[self::FIELD_USERNAME])) { if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) { self::$error = 'The username field was left blank'; return; } if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) { self::$error = 'The password field was left blank'; return; } $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD]))); if (!$account) { self::$error = 'The supplied username/password combination is not valid'; return; } else { $session = sha1(uniqid(rand(), true)); $DB->Update('INSERT INTO `tbx_administrator_session` VALUES (?,?,?,?,?)', array($account['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time())); $DB->Update('INSERT INTO `tbx_administrator_login_history` VALUES (?,?,?)', array($account['username'], Database_MySQL::Now(), $_SERVER['REMOTE_ADDR'])); setcookie(self::COOKIE_NAME, self::FIELD_USERNAME . '=' . urlencode($account['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::SESSION_LENGTH : null, $cookie_settings['path'], $cookie_settings['domain']); self::$username = $account['username']; self::$superuser = $account['type'] == self::TYPE_SUPERUSER; self::$privileges = $account['privileges']; self::$authenticated = true; } } else { if (isset($_COOKIE[self::COOKIE_NAME])) { $cookie = array(); parse_str($_COOKIE[self::COOKIE_NAME], $cookie); $DB->Update('DELETE FROM `tbx_administrator_session` WHERE `timestamp` < ?', array(time() - self::SESSION_LENGTH)); $session = $DB->Row('SELECT * FROM `tbx_administrator_session` WHERE `username`=? AND `session`=? AND `browser`=? AND `ip_address`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION], sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'])); if (!$session) { setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']); self::$error = 'Your control panel session has expired'; return; } else { $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=?', array($session['username'])); if (!$account) { setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']); self::$error = 'Invalid control panel account'; return; } else { self::$username = $account['username']; self::$superuser = $account['type'] == self::TYPE_SUPERUSER; self::$privileges = $account['privileges']; self::$authenticated = true; } } } } return self::$authenticated; }