Security of Pun's authentification (Page 3 of 3)

////////////////////////////////////////////////////////////////////////////////////////////////////
// Check personal user data
////////////////////////////////////////////////////////////////////////////////////////////////////
function check_info(&$pun_user)
{
session_start();
global $db, $pun_config, $cookie_name, $cookie_seed;
$now = time();
    if (isset($_SESSION['user_id']) && $_SESSION['user_id'] > 1 && !empty($_SESSION['info']) && AuthHash() === $_SESSION["info"])
    {
        $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($_SESSION['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
        $pun_user = $db->fetch_assoc($result);
        
        // If user authorisation failed
        if (!isset($pun_user['id']) || $pun_user['password'] !== $_SESSION['password_hash'])
        {
            set_default_user();
            return;
        }

        // Set a default language if the user selected language no longer exists
        if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
        $pun_user['language'] = $pun_config['o_default_lang'];

        // Set a default style if the user selected style no longer exists
        if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))
        $pun_user['style'] = $pun_config['o_default_style'];

        if (!$pun_user['disp_topics'])
        $pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
        if (!$pun_user['disp_posts'])
        $pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];

        if ($pun_user['save_pass'] == '0')
        $expire = 0;
    
        // MOD: MARK TOPICS AS READ - 4 LINES NEW CODE FOLLOW
        if ($pun_user['read_topics'])
            $pun_user['read_topics'] = unserialize($pun_user['read_topics']);
        else
            $pun_user['read_topics'] = array();

        
        // Define this if you want this visit to affect the online list and the users last visit data
        //if (!defined('PUN_QUIET_VISIT')) echo 'YES';
        if (!defined('PUN_QUIET_VISIT'))
        
        {
            
            // Update the online list
            if (!$pun_user['logged'])
            $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
            else
            {
                // Special case: We've timed out, but no other user has browsed the forums since we timed out
                if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
                {
                    //$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
                    // MOD: MARK TOPICS AS READ - 1 LINE MODIFIED CODE FOLLOWS
                    $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].', read_topics=NULL WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());

                    $pun_user['last_visit'] = $pun_user['logged'];
                }

                $idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
                $db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
            }
        }

        $pun_user['is_guest'] = false;
    }
    else
    set_default_user();
}
////////////////////////////////////////////////////////////////////////////////////////////////////
// Return Hash of User's environment
////////////////////////////////////////////////////////////////////////////////////////////////////
function AuthHash()
{
   return md5(
        $_SERVER["REMOTE_ADDR"].
        (string)@$_SERVER["HTTP_USER_AGENT"].
        (string)@$_SERVER['HTTP_ACCEPT_ENCODING'].
        (string)@$_SERVER['HTTP_ACCEPT_LANGUAGE'].
        (string)@$_SERVER['HTTP_X_FORWARDED_FOR']
        );
}

////////////////////////////////////////////////////////////////////////////////////////////////////
// Put personal user data into Session
////////////////////////////////////////////////////////////////////////////////////////////////////

function pun_start_session($user_id, $password_hash)
{
session_start();
$_SESSION['user_id']=$user_id;
$_SESSION['password_hash']=$password_hash;
$_SESSION['info']=AuthHash();

}
////////////////////////////////////////////////////////////////////////////////////////////////////
// Destroy  The  Session
////////////////////////////////////////////////////////////////////////////////////////////////////

function pun_end_session()
{
$_SESSION = array();
session_destroy();
}

//check_cookie($pun_user);
check_info($pun_user);

//pun_setcookie($user_id, $form_password_hash, $expire);
pun_start_session($user_id, $form_password_hash);

//pun_setcookie(1, random_pass(8), time() + 31536000);
pun_end_session();