protected function authenticate($username, $password, $remember_me = false)
{
$db = DB::getInstance();
$username = $db->db_escape_string($username);
$password = $db->db_escape_string($password);
$user = User::getUserByUsername($username);
if (!is_null($user) && $user->authenticate($password)) {
$context = Context::getInstance();
$context->session->regenerate();
$context->session->userID = (int) $user->id;
$context->user = $user;
if ($remember_me) {
UserToken::setCookieToken($user, Utils::genRandom(10));
}
return true;
}
return false;
}
public function checkCookieToken()
{
$context = Context::getInstance();
if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) {
$val = explode('_', $_COOKIE['frmauth']);
$token = UserToken::getUserToken($val[0], $val[1], $val[2]);
if ($token) {
$context->session->userID = (int) $val[0];
$context->user = User::getUserById($val[0]);
$token->delete();
UserToken::setCookieToken($context->user, $val[1]);
} else {
$token = UserToken::getByUidAndSid($val[0], $val[1]);
if ($token) {
//possible cookie theft
UserToken::deleteByUidAndSid($val[0], $val[1]);
$context->session->destroy();
echo 'cookie hijacked';
exit;
}
}
}
}
