sub auth
{
  my ($class,$session,$staff_only,$login_func)=@_;
  
  &$login_func() unless ($session->get_session_from_user());
  
  my ($userid,$password)=$session->get_value('userid','password');
  
  my $ip=$session->remote_addr();
  
  my $user=MultiDesk::UserID->retrieve($userid);
  
  if (!defined $user) {
     $session->del_session();
     $session->flush();
     &$login_func() ;
    }
  
  my $username=$user->username();    
  my ($rc,$staff)=$class->check($username,$password);

  unless ($rc && ($staff_only && $staff))    
    {
      $session->del_session();
      $session->flush();
      &$login_func();
    }

  &$login_func() unless ($ip eq $ENV{REMOTE_ADDR});
  
  return ($username, $userid, $staff); 
}