public static function logged_in() { $cookie = getArrayVar($_COOKIE, 'bt_auth'); if (!$cookie) { return false; } $split = explode('|', $cookie); if (!is_array($split) || count($split) < 2) { self::set_auth_cookie('', time() - 3600); return false; } $key = DB::quote($split[0]); $user_id = DB::quote($split[1]); $cur_time = DB::quote(date('Y-m-d H:i:s', time())); //$session = DB::getRow("select session_id,expire, fingerprint from bt_s_authsessions where `success`='1' and `user_id`='$user_id' and `key`='$key' and `expire` > '$cur_time' order by session_id desc"); $session = DB::getRow("select session_id,expire, fingerprint from bt_s_authsessions where `success`='1' and `user_id`='{$user_id}' and `key`='{$key}' order by session_id desc"); if (!$session) { self::set_auth_cookie('', time() - 3600); return false; } $fingerprint = sha1($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $key); if ($session['fingerprint'] != $fingerprint) { self::set_auth_cookie('', time() - 3600); return false; } self::$expire = $session['expire']; self::$_authUserId = $split[1]; //extend cookie length if non-ajax request if (!IS_AJAX) { $expire = time() + AUTH_SESSION_LENGTH * 60; $expire_format = DB::quote(date('Y-m-d H:i:s', $expire)); self::set_auth_cookie($_COOKIE['bt_auth'], $expire); DB::query("update bt_s_authsessions set expire='" . $expire_format . "' where session_id='" . DB::quote($session['session_id']) . "'"); } return true; }