bindValue(':username', $username); $query->bindValue(':password', $password); $query->execute() or error(db_error($query)); if($user = $query->fetch()) { return $mod = Array( 'id' => $user['id'], 'type' => $user['type'], 'username' => $username, 'password' => $password, 'hash' => isset($_SESSION['mod']['hash']) ? $_SESSION['mod']['hash'] : mkhash() ); } else return false; } function setCookies() { global $mod; if(!$mod) error('setCookies() was called for a non-moderator!'); // MOD_COOKIE contains username:hash setcookie(MOD_COOKIE, $mod['username'] . ':' . $mod['hash'], time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); // Put $mod in the session $_SESSION['mod'] = $mod; // Lock sessions to IP addresses if(MOD_LOCK_IP) $_SESSION['mod']['ip'] = $_SERVER['REMOTE_ADDR']; } function destroyCookies() { // Delete the cookies setcookie(MOD_COOKIE, 'deleted', time()-COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true); // Unset the session unset($_SESSION['mod']); } function modLog($action) { global $mod; $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :time, :text)"); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':text', $action); $query->execute() or error(db_error($query)); } if(isset($_COOKIE['mod']) && isset($_SESSION['mod']) && is_array($_SESSION['mod'])) { // Should be username:session hash $cookie = explode(':', $_COOKIE['mod']); if(count($cookie) != 2) { destroyCookies(); error(ERROR_MALFORMED); } // Validate session if( $cookie[0] != $_SESSION['mod']['username'] || $cookie[1] != $_SESSION['mod']['hash']) { // Malformed cookies destroyCookies(); error(ERROR_MALFORMED); } // Open connection sql_open(); // Check username/password if(!login($_SESSION['mod']['username'], $_SESSION['mod']['password'], false)) { destroyCookies(); error(ERROR_INVALIDAFTER); } } // Generates a