*/
} elseif ($action == 'logout' && !headers_sent() && cookieVar($CONF['CookiePrefix'] . 'user')) {
// remove cookies on logout
setcookie($CONF['CookiePrefix'] . 'user', '', time() - 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
setcookie($CONF['CookiePrefix'] . 'loginkey', '', time() - 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
$manager->notify('Logout', array('username' => cookieVar($CONF['CookiePrefix'] . 'user')));
} elseif (cookieVar($CONF['CookiePrefix'] . 'user')) {
// Cookie Authentication
$ck = cookieVar($CONF['CookiePrefix'] . 'loginkey');
// secure cookie key
$ck = substr($ck, 0, 32);
// avoid md5 collision by using a long key
if ($CONF['secureCookieKey'] !== 'none') {
$ck = md5($ck . $CONF['secureCookieKeyIP']);
}
$res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), $ck);
unset($ck);
// renew cookies when not on a shared computer
if ($res && cookieVar($CONF['CookiePrefix'] . 'sharedpc') != 1 && !headers_sent()) {
$member->setCookieKey(cookieVar($CONF['CookiePrefix'] . 'loginkey'));
$member->setCookies();
}
}
// login completed
$manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn()));
ticketForPlugin();
// first, let's see if the site is disabled or not. always allow admin area access.
if ($CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea']) {
redirect($CONF['DisableSiteURL']);
exit;
}
