function login_user($name) { global $phpcdb; // Regenerate the session in case our non-logged in version was // snooped // TODO: Verify that this is needed, and make sure it's called in setup // so it doesn't create issues for embedded users // session_regenerate_id(); $user = $phpcdb->get_user_by_name($name); phpc_do_login($user); return true; }
} exit; } if (empty($_SESSION["{$phpc_prefix}uid"])) { if (!empty($_COOKIE["{$phpc_prefix}login"]) && !empty($_COOKIE["{$phpc_prefix}uid"]) && !empty($_COOKIE["{$phpc_prefix}login_series"])) { // Cleanup before we check their token so they can't login with // an ancient token $phpcdb->cleanup_login_tokens(); // FIXME should this be _SESSION below? $phpc_uid = $_COOKIE["{$phpc_prefix}uid"]; $phpc_login_series = $_COOKIE["{$phpc_prefix}login_series"]; $phpc_token = $phpcdb->get_login_token($phpc_uid, $phpc_login_series); if ($phpc_token) { if ($phpc_token == $_COOKIE["{$phpc_prefix}login"]) { $user = $phpcdb->get_user($phpc_uid); phpc_do_login($user, $phpc_login_series); } else { $phpcdb->remove_login_tokens($phpc_uid); soft_error(__("Possible hacking attempt on your account.")); } } else { $phpc_uid = 0; } } } else { $phpc_token = $_SESSION["{$phpc_prefix}login"]; } if (empty($phpc_token)) { $phpc_token = ''; } // Create vars