function init() { global $settings, $db, $params; $this->date = strftime('%d/%m'); $this->ip = $_SERVER['REMOTE_ADDR']; $this->origin = urlencode($_SERVER['REQUEST_URI']); /* today's lesson: the more bullshit you get into a cookie, the more secure it is. */ $this->expected_cookie = sha512(sprintf('ni%sna%sne', $settings->site_key, date('YdmYdYmdYmdY'))); $this->xsrf = substr(sha512(sprintf('el%sek%str%so', $this->expected_cookie, $this->ip, $settings->site_key)), 0, 8); if (!isset($_COOKIE[$settings->cookie])) { return false; } $tmp = base64_decode($_COOKIE[$settings->cookie]); $tmp = explode('!', $tmp); if (count($tmp) < 2) { // garbage; destroy $this->log(sprintf('Garbage cookie: %s', $_COOKIE[$settings->cookie])); $this->destroy(); return false; } if ((int) $tmp[0] == 0) { if ($this->expected_cookie == $tmp[1]) { $this->level = 'reader'; /* return already */ return true; } $this->log(sprintf('Invalid cookie: %s', $_COOKIE[$settings->cookie]), 256, true); $this->destroy(); return false; } else { $user = new User(); if ($user->cookie_check((int) $tmp[0], $tmp[1])) { $this->user = (int) $tmp[0]; $this->level = 'admin'; $this->nick = $user->nick; } else { $this->destroy(); } return false; } return false; }