public function LegalLogin::access in Legal 8

Same name and namespace in other branches

2.0.x src/Form/LegalLogin.php \Drupal\legal\Form\LegalLogin::access()

Access control callback.

Check that access cookie and hash have been set.

Parameters

\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.

1 string reference to 'LegalLogin::access'

legal.routing.yml in ./legal.routing.yml: legal.routing.yml

File

src/Form/LegalLogin.php, line 248

Class

LegalLogin: After login display new T&Cs to user and require that they are agreed to.

Namespace

Drupal\legal\Form

Code

public function access(AccountInterface $account) {

  // Check we have all the data and there are no shenanigans.
  if (!isset($_GET['token']) || !isset($_COOKIE['Drupal_visitor_legal_id']) || !is_numeric($_COOKIE['Drupal_visitor_legal_id']) || !isset($_COOKIE['Drupal_visitor_legal_hash'])) {
    return AccessResult::forbidden();
  }
  $visitor = User::load($_COOKIE['Drupal_visitor_legal_id']);
  $last_login = $visitor
    ->get('login')->value;
  if (empty($last_login)) {
    return AccessResult::forbidden();
  }

  // Limit how long $id_hash can be used to 1 hour.
  // Timestamp and $id_hash are used to generate the authentication token.
  if (\Drupal::time()
    ->getRequestTime() - $last_login > 3600) {
    return AccessResult::forbidden();
  }
  return AccessResult::allowed();
}

You are here