function init()
{
global $settings, $db, $params;
$this->date = strftime('%d/%m');
$this->ip = $_SERVER['REMOTE_ADDR'];
$this->origin = urlencode($_SERVER['REQUEST_URI']);
/* today's lesson: the more bullshit you get into a cookie, the more secure it is. */
$this->expected_cookie = sha512(sprintf('ni%sna%sne', $settings->site_key, date('YdmYdYmdYmdY')));
$this->xsrf = substr(sha512(sprintf('el%sek%str%so', $this->expected_cookie, $this->ip, $settings->site_key)), 0, 8);
if (!isset($_COOKIE[$settings->cookie])) {
return false;
}
$tmp = base64_decode($_COOKIE[$settings->cookie]);
$tmp = explode('!', $tmp);
if (count($tmp) < 2) {
// garbage; destroy
$this->log(sprintf('Garbage cookie: %s', $_COOKIE[$settings->cookie]));
$this->destroy();
return false;
}
if ((int) $tmp[0] == 0) {
if ($this->expected_cookie == $tmp[1]) {
$this->level = 'reader';
/* return already */
return true;
}
$this->log(sprintf('Invalid cookie: %s', $_COOKIE[$settings->cookie]), 256, true);
$this->destroy();
return false;
} else {
$user = new User();
if ($user->cookie_check((int) $tmp[0], $tmp[1])) {
$this->user = (int) $tmp[0];
$this->level = 'admin';
$this->nick = $user->nick;
} else {
$this->destroy();
}
return false;
}
return false;
}
