} else { $banned_ips = array(); } $mn_users = load_basic_data('users'); $post = get_post_data($_POST['post_id']); $mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']); $conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30'; if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) { session_destroy(); $url_data = explode('/', $conf['admin_url']); setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); header('location: ' . $mn_redir . '#mn-comment-form'); exit; } elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) { do_login($_POST['comment_author'], $_POST['comment_pass'], false); } if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { // Check for correct captcha code if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) { require_once './stuff/inc/recaptchalib.php'; $captcha = recaptcha_check_answer('6LfnaQoAAAAAAPi1X1HiWwEWBnCmJ7jLUc5biRpE', $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } if (isset($_POST['preview']) && isset($_POST['comment_text']) && !empty($_POST['comment_text'])) { $preview = true; } elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && in_array($_POST['comment_author'], $mn_users)) { $error_msg = $lang['comm_msg_password']; } elseif (isset($_SESSION['mn_comm_time']) && $_SESSION['mn_comm_time'] + $conf['comments_antiflood'] > time()) { $error_msg = $lang['comm_msg_flood'];
function user_session() { global $file, $conf; if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] == true && isset($_SESSION['mn_check_hash']) && $_SESSION['mn_check_hash'] == md5(__FILE__)) { if (isset($_SESSION['mn_user_time']) && $_SESSION['mn_user_time'] + MAX_LOGGED_TIME * 60 >= time()) { $_SESSION['mn_user_time'] = time(); setcookie('mn_logged', true, time() + 60 * 60 * (MAX_LOGGED_TIME - 5), '/', $_SERVER['SERVER_NAME']); return true; } elseif (isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } else { @session_destroy(); header('Location: ./mn-login.php?back=auto-loggedout'); exit; } } elseif (isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } else { @session_destroy(); header('Location: ./mn-login.php'); exit; } }