*/ } elseif ($action == 'logout' && !headers_sent() && cookieVar($CONF['CookiePrefix'] . 'user')) { // remove cookies on logout setcookie($CONF['CookiePrefix'] . 'user', '', time() - 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']); setcookie($CONF['CookiePrefix'] . 'loginkey', '', time() - 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']); $manager->notify('Logout', array('username' => cookieVar($CONF['CookiePrefix'] . 'user'))); } elseif (cookieVar($CONF['CookiePrefix'] . 'user')) { // Cookie Authentication $ck = cookieVar($CONF['CookiePrefix'] . 'loginkey'); // secure cookie key $ck = substr($ck, 0, 32); // avoid md5 collision by using a long key if ($CONF['secureCookieKey'] !== 'none') { $ck = md5($ck . $CONF['secureCookieKeyIP']); } $res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), $ck); unset($ck); // renew cookies when not on a shared computer if ($res && cookieVar($CONF['CookiePrefix'] . 'sharedpc') != 1 && !headers_sent()) { $member->setCookieKey(cookieVar($CONF['CookiePrefix'] . 'loginkey')); $member->setCookies(); } } // login completed $manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn())); ticketForPlugin(); // first, let's see if the site is disabled or not. always allow admin area access. if ($CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea']) { redirect($CONF['DisableSiteURL']); exit; }