/** * check if be user is logged in * * @param \BackendUser $objUser * * @return bool */ public function beUserLoggedIn($objUser) { $objUser->strIp = \Environment::get('ip'); $strCookie = 'BE_USER_AUTH'; $objUser->strHash = \Input::cookie($strCookie); // Check the cookie hash if ($objUser->strHash != sha1(session_id() . (!\Config::get('disableIpCheck') ? $objUser->strIp : '') . $strCookie)) { return false; } $objSession = \Database::getInstance()->prepare("SELECT * FROM tl_session WHERE hash=? AND name=?")->execute($objUser->strHash, $strCookie); // Try to find the session in the database if ($objSession->numRows < 1) { \Controller::log('Could not find the session record', __METHOD__, TL_ACCESS); return false; } $time = time(); // Validate the session if ($objSession->sessionID != session_id() || !\Config::get('disableIpCheck') && $objSession->ip != $objUser->strIp || $objSession->hash != $objUser->strHash || $objSession->tstamp + \Config::get('sessionTimeout') < $time) { \Controller::log('Could not verify the session', __METHOD__, TL_ACCESS); return false; } $objUser->intId = $objSession->pid; // Load the user object if ($objUser->findBy('id', $objUser->intId) == false) { \Controller::log('Could not find the session user', __METHOD__, TL_ACCESS); return false; } return true; }