public function LegalLogin::access in Legal 8
Same name and namespace in other branches
- 2.0.x src/Form/LegalLogin.php \Drupal\legal\Form\LegalLogin::access()
Access control callback.
Check that access cookie and hash have been set.
Parameters
\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.
1 string reference to 'LegalLogin::access'
File
- src/
Form/ LegalLogin.php, line 248
Class
- LegalLogin
- After login display new T&Cs to user and require that they are agreed to.
Namespace
Drupal\legal\FormCode
public function access(AccountInterface $account) {
// Check we have all the data and there are no shenanigans.
if (!isset($_GET['token']) || !isset($_COOKIE['Drupal_visitor_legal_id']) || !is_numeric($_COOKIE['Drupal_visitor_legal_id']) || !isset($_COOKIE['Drupal_visitor_legal_hash'])) {
return AccessResult::forbidden();
}
$visitor = User::load($_COOKIE['Drupal_visitor_legal_id']);
$last_login = $visitor
->get('login')->value;
if (empty($last_login)) {
return AccessResult::forbidden();
}
// Limit how long $id_hash can be used to 1 hour.
// Timestamp and $id_hash are used to generate the authentication token.
if (\Drupal::time()
->getRequestTime() - $last_login > 3600) {
return AccessResult::forbidden();
}
return AccessResult::allowed();
}