/**
* Löscht Cookie
* @return bool
*/
public function deleteCookie()
{
$expire = $this->getLogin() - $this->config->system_session_length * 5;
return setcookie(\fpcm\classes\security::getSessionCookieName(), 0, $expire, '/', '', false, true);
}
/**
* Passwort für Benutzer zurücksetzten
* @param bool $resetOnly (@since FPCM3.4)
* @return boolean
*/
public function resetPassword($resetOnly = false)
{
$this->disablePasswordSecCheck();
$password = substr(str_shuffle(ucfirst(sha1($this->username) . uniqid())), 0, rand(10, 16));
$this->salt = \fpcm\classes\security::createSalt($this->displayname . '-' . $this->username . '-' . $this->id);
$this->passwd = \fpcm\classes\security::createPasswordHash($password, $this->salt);
if ($resetOnly) {
return array('updateOk' => $this->update(), 'password' => $password);
}
$text = $this->language->translate('PASSWORD_RESET_TEXT', array('{{newpass}}' => $password));
$email = new \fpcm\classes\email($this->email, $this->language->translate('PASSWORD_RESET_SUBJECT'), $text);
$email->setHtml(true);
if ($email->submit()) {
return $this->update();
}
return false;
}
/**
* Erzeugt verstecktes Feld mit Page-Token zur Absicherung gegen Cross-Site-Request-Forgery
*/
public static function pageTokenField()
{
$tokenValue = \fpcm\classes\security::createPageToken();
self::hiddenInput(\fpcm\classes\security::getPageTokenFieldName(), $tokenValue);
}
/**
* Page-Token prüfen
* @return boolean
*/
protected function checkPageToken()
{
if (isset($_SERVER['HTTP_REFERER']) && !is_null($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], \fpcm\classes\baseconfig::$rootPath) === false) {
return false;
}
$fieldname = \fpcm\classes\security::getPageTokenFieldName();
$cache = new \fpcm\classes\cache($fieldname, \fpcm\classes\security::pageTokenCacheModule);
$tokenData = $cache->read();
$cache->cleanup($fieldname, \fpcm\classes\security::pageTokenCacheModule);
if (\fpcm\classes\http::getPageToken() == $tokenData) {
return true;
}
return false;
}
