function phorum_moderator_data_save($moderator_data) { $PHORUM = $GLOBALS["PHORUM"]; // Clear value in case no data is left in $moderator_data. $value = count($moderator_data) ? serialize($moderator_data) : ''; phorum_user_save_simple(array( "user_id" => $PHORUM['user']['user_id'], "moderator_data" => $value, )); }
// Check if the login credentials are right. if (phorum_user_check_login($username, $password)) { // Destroy the temporary cookie. if(isset($_COOKIE["phorum_tmp_cookie"])){ setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); } // Create an URI session id if cookies are not used.. if(!$PHORUM["use_cookies"]) { $uri_session_id = md5($_POST['username'].microtime().$_POST['password']); $user = array( 'user_id' => $PHORUM['user']['user_id'], 'sessid_st'=> $uri_session_id ); phorum_user_save_simple($user); phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id); // Create cookie session(s). } else { if (!$PHORUM["DATA"]["LOGGEDIN"]) { phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false); } if($PHORUM["tight_security"]){ phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true); } } // Determine the URL to redirect the user to. // If redir is a number, it is a URL constant. if(is_numeric($_POST["redir"])){ $redir = phorum_get_url($_POST["redir"]);
function phorum_user_create_session( $cookie = PHORUM_SESSION_LONG_TERM, $refresh = false, $uri_session_id = '' ) { $PHORUM = $GLOBALS["PHORUM"]; // require that the global user exists if ( !empty( $PHORUM["user"] ) ) { $user = $PHORUM["user"]; if ( (isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"]) || $cookie == PHORUM_SESSION_ADMIN ) { switch($cookie){ case PHORUM_SESSION_SHORT_TERM: // creating a new shortterm-session-id if none exists yet or it has timed out if($refresh || empty($user['sessid_st']) || $user["sessid_st_timeout"]<time()) { $sessid=md5($user['username'].microtime().$user['password']); $timeout = time() + $PHORUM["short_session_timeout"]*60; $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout); phorum_user_save_simple($simple_user); // if the cookie is half expired, reset it. } elseif(time() - $user["sessid_st_timeout"] < $PHORUM["short_session_timeout"]*60/2){ $sessid=$user['sessid_st']; $timeout = time() + $PHORUM["short_session_timeout"]*60; $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout); phorum_user_save_simple($simple_user); } // if a timeout was set, we need to set a new cookie if($timeout){ setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] ); } break; case PHORUM_SESSION_LONG_TERM: // creating a new longterm-session-id if none exists yet if($refresh || empty($user['cookie_sessid_lt'])) { $sessid=md5($user['username'].microtime().$user['password']); $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid); phorum_user_save_simple($simple_user); } else { $sessid=$user['cookie_sessid_lt']; } if($PHORUM["session_timeout"]==0){ $timeout = 0; } else { $timeout = time() + 86400 * $PHORUM["session_timeout"]; } setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] ); break; case PHORUM_SESSION_ADMIN: // creating a new longterm-session-id if none exists yet if(empty($user['cookie_sessid_lt'])) { $sessid=md5($user['username'].microtime().$user['password']); $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid); phorum_user_save_simple($simple_user); } else { $sessid=$user['cookie_sessid_lt']; } setcookie( $cookie, $user['user_id'].':'.md5($sessid.$PHORUM["admin_session_salt"]), 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); break; } } else { $sessid = $uri_session_id; $GLOBALS["PHORUM"]["DATA"]["GET_VARS"][$cookie] = "$cookie=" . urlencode( $sessid ); $GLOBALS["PHORUM"]["DATA"]["POST_VARS"] .= "<input type=\"hidden\" name=\"$cookie\" value=\"$sessid\" />"; } } }