private function handleResponseAuth() { $FHANDLER = new CoreRequestHandler(array_merge($_GET, $_POST)); // Don't try to auth if one of the vars is missing if (!$FHANDLER->issetAndNotEmpty('_username') || !$FHANDLER->issetAndNotEmpty('_password')) { return null; } if (!$FHANDLER->match('_username', MATCH_USER_NAME) || $FHANDLER->isLongerThan('_username', AUTH_MAX_USERNAME_LENGTH)) { throw new FieldInputError('_username', l('Invalid username.')); } if (!$FHANDLER->issetAndNotEmpty('_password') || $FHANDLER->isLongerThan('_password', AUTH_MAX_PASSWORD_LENGTH)) { throw new FieldInputError('_password', l('Invalid password.')); } $a = array('user' => $FHANDLER->get('_username'), 'password' => $FHANDLER->get('_password')); // It is possible to only request onetime access to prevent getting added // and authentication cookie if (isset($_REQUEST['_onetime'])) { $a['onetime'] = true; } // Remove authentication infos. Hide it from the following code if (isset($_REQUEST['_username'])) { unset($_REQUEST['_username']); } if (isset($_REQUEST['_password'])) { unset($_REQUEST['_password']); } if (isset($_POST['_username'])) { unset($_POST['_username']); } if (isset($_POST['_password'])) { unset($_POST['_password']); } if (isset($_GET['_username'])) { unset($_GET['_username']); } if (isset($_GET['_password'])) { unset($_GET['_password']); } return $a; }