public function destroy()
{
if (count($_COOKIE) > 0) {
foreach ($_COOKIE as $key => $value) {
if ($key == 'frmauth') {
$val = explode('_', $_COOKIE['frmauth']);
$token = UserToken::getUserToken($val[0], $val[1], $val[2]);
if ($token) {
$token->delete();
}
}
setcookie($key, false, time() - 10000, '/', '.' . $_SERVER['SERVER_NAME']);
setcookie($key, false, time() - 10000, '/', $_SERVER['SERVER_NAME']);
}
}
return session_destroy();
}
public function checkCookieToken()
{
$context = Context::getInstance();
if (isset($_COOKIE['frmauth']) && $context->session->userID == User::GUEST) {
$val = explode('_', $_COOKIE['frmauth']);
$token = UserToken::getUserToken($val[0], $val[1], $val[2]);
if ($token) {
$context->session->userID = (int) $val[0];
$context->user = User::getUserById($val[0]);
$token->delete();
UserToken::setCookieToken($context->user, $val[1]);
} else {
$token = UserToken::getByUidAndSid($val[0], $val[1]);
if ($token) {
//possible cookie theft
UserToken::deleteByUidAndSid($val[0], $val[1]);
$context->session->destroy();
echo 'cookie hijacked';
exit;
}
}
}
}
