public function checkCookieToken()
{
$context = Context::getInstance();
if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) {
$val = explode('_', $_COOKIE['frmauth']);
$token = UserToken::getUserToken($val[0], $val[1], $val[2]);
if ($token) {
$context->session->userID = (int) $val[0];
$context->user = User::getUserById($val[0]);
$token->delete();
UserToken::setCookieToken($context->user, $val[1]);
} else {
$token = UserToken::getByUidAndSid($val[0], $val[1]);
if ($token) {
//possible cookie theft
UserToken::deleteByUidAndSid($val[0], $val[1]);
$context->session->destroy();
echo 'cookie hijacked';
exit;
}
}
}
}
