function loginCookie_get()
{
// get login data
$loginData = array();
$cookieLoginDataEncoded = getPrefixedCookie(loginCookie_name());
// Flash Cookie Bug Fix - Flash sometimes sends no cookies (or cookies from IE when you're using Firefox).
// ... So we fake it by passing the loginCookie via a POST request. Security: Use POST instead of GET so
// ... sessions can't be force-created or hijacked with GET urls (and so login data won't get stored in server logs)
$loginDataEncoded = isFlashUploader() ? @$_POST['_FLASH_COOKIE_BUG_FIX_'] : $cookieLoginDataEncoded;
if ($loginDataEncoded) {
$loginData = json_decode(base64_decode(strrev($loginDataEncoded)), true);
}
// check if session has expired
$sessionExpired = false;
if ($loginData) {
// get session expiry in seconds
$maxSeconds = loginExpirySeconds();
// clear login username and passwordHash if login_expiry_limit exceeded, and set $hasExpired
$secondsAgo = time() - $loginData['lastAccess'];
if ($loginData['lastAccess'] && $secondsAgo > $maxSeconds) {
$loginData['username'] = '';
$loginData['passwordHash'] = '';
$sessionExpired = true;
loginCookie_remove();
}
}
//
$username = $sessionExpired ? '' : (isset($loginData['username']) ? $loginData['username'] : '');
$passwordHash = $sessionExpired ? '' : (isset($loginData['passwordHash']) ? $loginData['passwordHash'] : '');
return array($sessionExpired, $username, $passwordHash);
}
if (!$SETTINGS['advanced']['requireHTTPS']) {
$tips[] = t("Enable 'Require HTTPS' above to disallow insecure connections.");
}
if (ini_get('display_errors')) {
$tips[] = t("Hide PHP Errors (for production and live web servers).");
}
if (!$SETTINGS['advanced']['phpEmailErrors']) {
$tips[] = t("Enable 'Email PHP Errors' to be notified of PHP errors on website.");
}
if (ini_get('expose_php')) {
$tips[] = t(sprintf("%s is currently enabled, disable it in php.ini.", '<a href="http://www.php.net/manual/en/ini.core.php#ini.expose-php">expose_php</a>'));
}
if ($errorLogCount) {
$tips[] = t("There are PHP errors in the <a href='?menu=_error_log'>error log</a>. Review them and then clear the error log.");
}
if (loginExpirySeconds() > 60 * 30) {
$tips[] = t("Set login timeout to 30 minutes or less.");
}
if (!array_key_exists('CMSB_MOD_SECURITY2', $_SERVER)) {
// mod_security2 reports false positives that are excluded for scripts named admin.php, so don't recommend this setting for hosts mod_security2 hosts
if (basename($_SERVER['SCRIPT_NAME']) == 'admin.php') {
$tips[] = t(sprintf("Rename admin.php to something unique such as admin_%s.php", substr(sha1(uniqid(null, true)), 0, 20)));
}
}
$oldFilesAndDirs = array();
// ask user to remove outdated files
$oldFilesAndDirs[] = '/3rdParty/thickbox';
$oldFilesAndDirs[] = '/3rdParty/tiny_mce/tiny_mce_gzip.js';
$oldFilesAndDirs[] = '/css';
$oldFilesAndDirs[] = '/images';
$oldFilesAndDirs[] = '/js';
