protected function authenticate($username, $password, $remember_me = false) { $db = DB::getInstance(); $username = $db->db_escape_string($username); $password = $db->db_escape_string($password); $user = User::getUserByUsername($username); if (!is_null($user) && $user->authenticate($password)) { $context = Context::getInstance(); $context->session->regenerate(); $context->session->userID = (int) $user->id; $context->user = $user; if ($remember_me) { UserToken::setCookieToken($user, Utils::genRandom(10)); } return true; } return false; }
public function checkCookieToken() { $context = Context::getInstance(); if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) { $val = explode('_', $_COOKIE['frmauth']); $token = UserToken::getUserToken($val[0], $val[1], $val[2]); if ($token) { $context->session->userID = (int) $val[0]; $context->user = User::getUserById($val[0]); $token->delete(); UserToken::setCookieToken($context->user, $val[1]); } else { $token = UserToken::getByUidAndSid($val[0], $val[1]); if ($token) { //possible cookie theft UserToken::deleteByUidAndSid($val[0], $val[1]); $context->session->destroy(); echo 'cookie hijacked'; exit; } } } }