/** * Löscht Cookie * @return bool */ public function deleteCookie() { $expire = $this->getLogin() - $this->config->system_session_length * 5; return setcookie(\fpcm\classes\security::getSessionCookieName(), 0, $expire, '/', '', false, true); }
/** * Passwort für Benutzer zurücksetzten * @param bool $resetOnly (@since FPCM3.4) * @return boolean */ public function resetPassword($resetOnly = false) { $this->disablePasswordSecCheck(); $password = substr(str_shuffle(ucfirst(sha1($this->username) . uniqid())), 0, rand(10, 16)); $this->salt = \fpcm\classes\security::createSalt($this->displayname . '-' . $this->username . '-' . $this->id); $this->passwd = \fpcm\classes\security::createPasswordHash($password, $this->salt); if ($resetOnly) { return array('updateOk' => $this->update(), 'password' => $password); } $text = $this->language->translate('PASSWORD_RESET_TEXT', array('{{newpass}}' => $password)); $email = new \fpcm\classes\email($this->email, $this->language->translate('PASSWORD_RESET_SUBJECT'), $text); $email->setHtml(true); if ($email->submit()) { return $this->update(); } return false; }
/** * Erzeugt verstecktes Feld mit Page-Token zur Absicherung gegen Cross-Site-Request-Forgery */ public static function pageTokenField() { $tokenValue = \fpcm\classes\security::createPageToken(); self::hiddenInput(\fpcm\classes\security::getPageTokenFieldName(), $tokenValue); }
/** * Page-Token prüfen * @return boolean */ protected function checkPageToken() { if (isset($_SERVER['HTTP_REFERER']) && !is_null($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], \fpcm\classes\baseconfig::$rootPath) === false) { return false; } $fieldname = \fpcm\classes\security::getPageTokenFieldName(); $cache = new \fpcm\classes\cache($fieldname, \fpcm\classes\security::pageTokenCacheModule); $tokenData = $cache->read(); $cache->cleanup($fieldname, \fpcm\classes\security::pageTokenCacheModule); if (\fpcm\classes\http::getPageToken() == $tokenData) { return true; } return false; }