/** * This function will set the users cookie login ID in a secure cookie and hashes * @author Sam Mottley (smottley@zpanelcp.com) * @return boolean. */ public static function setCookie() { $random = runtime_randomstring::randomHash(100); if (isset($_SESSION['zUserSalt']) && isset($_COOKIE['zUserSaltCookie']) && $_COOKIE['zUserSaltCookie'] == $_SESSION['zUserSalt']) { //already set } else { $_SESSION['zUserSalt'] = $random; setcookie("zUserSaltCookie", $random, time() + 60 * 60 * 24 * 30, "/"); } return true; }
ctrl_auth::KillSession(); ctrl_auth::KillCookies(); header("location: ./?loggedout"); exit; } if (isset($_GET['returnsession'])) { if (isset($_SESSION['ruid'])) { ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled()); $_SESSION['ruid'] = null; } header("location: ./"); exit; } if (isset($_POST['inForgotPassword'])) { runtime_csfr::Protect(); $randomkey = runtime_randomstring::randomHash(); $forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']); $sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass"); $sth->bindParam(':forgotPass', $forgotPass); $sth->execute(); $rows = $sth->fetchAll(); if ($rows) { $result = $rows['0']; $zdbh->exec("UPDATE x_accounts SET ac_resethash_tx = '" . $randomkey . "' WHERE ac_id_pk=" . $result['ac_id_pk'] . ""); if (isset($_SERVER['HTTPS'])) { $protocol = 'https://'; } else { $protocol = 'http://'; } $phpmailer = new sys_email(); $phpmailer->Subject = "Hosting Panel Password Reset";
/** * Generates a new CSFR token. * @author Bobby Allen (ballen@bobbyallen.me) * @return bool */ static function Tokeniser() { $_SESSION['zpcsfr'] = runtime_randomstring::randomHash(); return true; }