function phorum_moderator_data_save($moderator_data)
{
$PHORUM = $GLOBALS["PHORUM"];
// Clear value in case no data is left in $moderator_data.
$value = count($moderator_data) ? serialize($moderator_data) : '';
phorum_user_save_simple(array(
"user_id" => $PHORUM['user']['user_id'],
"moderator_data" => $value,
));
}
// Check if the login credentials are right.
if (phorum_user_check_login($username, $password)) {
// Destroy the temporary cookie.
if(isset($_COOKIE["phorum_tmp_cookie"])){
setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
}
// Create an URI session id if cookies are not used..
if(!$PHORUM["use_cookies"]) {
$uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
$user = array(
'user_id' => $PHORUM['user']['user_id'],
'sessid_st'=> $uri_session_id
);
phorum_user_save_simple($user);
phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
// Create cookie session(s).
} else {
if (!$PHORUM["DATA"]["LOGGEDIN"]) {
phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
}
if($PHORUM["tight_security"]){
phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
}
}
// Determine the URL to redirect the user to.
// If redir is a number, it is a URL constant.
if(is_numeric($_POST["redir"])){
$redir = phorum_get_url($_POST["redir"]);
function phorum_user_create_session( $cookie = PHORUM_SESSION_LONG_TERM, $refresh = false, $uri_session_id = '' )
{
$PHORUM = $GLOBALS["PHORUM"];
// require that the global user exists
if ( !empty( $PHORUM["user"] ) ) {
$user = $PHORUM["user"];
if ( (isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"]) || $cookie == PHORUM_SESSION_ADMIN ) {
switch($cookie){
case PHORUM_SESSION_SHORT_TERM:
// creating a new shortterm-session-id if none exists yet or it has timed out
if($refresh || empty($user['sessid_st']) || $user["sessid_st_timeout"]<time()) {
$sessid=md5($user['username'].microtime().$user['password']);
$timeout = time() + $PHORUM["short_session_timeout"]*60;
$simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout);
phorum_user_save_simple($simple_user);
// if the cookie is half expired, reset it.
} elseif(time() - $user["sessid_st_timeout"] < $PHORUM["short_session_timeout"]*60/2){
$sessid=$user['sessid_st'];
$timeout = time() + $PHORUM["short_session_timeout"]*60;
$simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout);
phorum_user_save_simple($simple_user);
}
// if a timeout was set, we need to set a new cookie
if($timeout){
setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] );
}
break;
case PHORUM_SESSION_LONG_TERM:
// creating a new longterm-session-id if none exists yet
if($refresh || empty($user['cookie_sessid_lt'])) {
$sessid=md5($user['username'].microtime().$user['password']);
$simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid);
phorum_user_save_simple($simple_user);
} else {
$sessid=$user['cookie_sessid_lt'];
}
if($PHORUM["session_timeout"]==0){
$timeout = 0;
} else {
$timeout = time() + 86400 * $PHORUM["session_timeout"];
}
setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] );
break;
case PHORUM_SESSION_ADMIN:
// creating a new longterm-session-id if none exists yet
if(empty($user['cookie_sessid_lt'])) {
$sessid=md5($user['username'].microtime().$user['password']);
$simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid);
phorum_user_save_simple($simple_user);
} else {
$sessid=$user['cookie_sessid_lt'];
}
setcookie( $cookie, $user['user_id'].':'.md5($sessid.$PHORUM["admin_session_salt"]), 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
break;
}
} else {
$sessid = $uri_session_id;
$GLOBALS["PHORUM"]["DATA"]["GET_VARS"][$cookie] = "$cookie=" . urlencode( $sessid );
$GLOBALS["PHORUM"]["DATA"]["POST_VARS"] .= "<input type=\"hidden\" name=\"$cookie\" value=\"$sessid\" />";
}
}
}
