public function login($email, $password) { $email = htmlspecialchars($email); $password = htmlspecialchars($password); $user = R::findOne('foxfwusers', 'email=? AND etat>0', [$email]); if ($user == NULL) { return false; } if ($password != FoxFWCrypte::decrypte($user->password, $user->clef)) { return false; } $_SESSION['FoxFWUsersCo'] = $user->clef; $this->orm = $user; $this->update = true; $this->updateConnect(); return true; }
private static function securityFormSend() { //token des formulaires if (!isset($_SESSION['form_token'])) { $_SESSION['form_token'] = FoxFWCrypte::randomString(20); } if (count($_POST) > 0) { //verifier que le token existe dans le formulaire if (isset($_POST['tf_t']) && isset($_POST['tf_u'])) { if ($GLOBALS['User']->isLogin()) { $clef = FoxFWCrypte::decrypte($_POST['tf_u'], $_SESSION['form_token']); if ($clef != $GLOBALS['User']->getClef()) { sleep(10); FoxFWKernel::loadRouter('index'); } } if ($_POST['tf_t'] != $_SESSION['form_token']) { sleep(3); FoxFWKernel::loadRouter('index'); } } else { die('Security: Error Form !'); } //recharge du token $_SESSION['form_token'] = FoxFWCrypte::randomString(20); } }