* @package WoltLabSuite\Core\Page */ abstract class AbstractAuthedPage extends AbstractPage { /** * @inheritDoc */ public function readParameters() { parent::readParameters(); // check security token $this->checkAccessToken(); } /** * Validates the access-token and performs the login. */ protected function checkAccessToken() { if (isset($_REQUEST['at'])) { list($userID, $token) = array_pad(explode('-', StringUtil::trim($_REQUEST['at']), 2), 2, null); if (WCF::getUser()->userID) { if ($userID == WCF::getUser()->userID && CryptoUtil::secureCompare(WCF::getUser()->accessToken, $token)) { // everything is fine, but we are already logged in return; } else { // token is invalid throw new IllegalLinkException(); } } else { $user = new User($userID); if (CryptoUtil::secureCompare($user->accessToken, $token)) { // token is valid -> change user SessionHandler::getInstance()->changeUser($user, true); } else { // token is invalid throw new IllegalLinkException(); } } } } }