public static function deleteByUidAndSid($uid, $sid) { $all = UserToken::getByUidAndSid($uid, $sid); if ($all instanceof UserToken) { $all->delete(); } if ($all instanceof ObjectSet) { foreach ($all as $a) { $a->delete(); } } }
public function checkCookieToken() { $context = Context::getInstance(); if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) { $val = explode('_', $_COOKIE['frmauth']); $token = UserToken::getUserToken($val[0], $val[1], $val[2]); if ($token) { $context->session->userID = (int) $val[0]; $context->user = User::getUserById($val[0]); $token->delete(); UserToken::setCookieToken($context->user, $val[1]); } else { $token = UserToken::getByUidAndSid($val[0], $val[1]); if ($token) { //possible cookie theft UserToken::deleteByUidAndSid($val[0], $val[1]); $context->session->destroy(); echo 'cookie hijacked'; exit; } } } }