$ruserid = $u['user_id'];
$rmdpass = $u['user_password'];
$token = cot_unique(16);
$sid = hash_hmac('sha256', $rmdpass . $u['user_sidtime'], $cfg['secret_key']);
if (empty($u['user_sid']) || $u['user_sid'] != $sid
|| $u['user_sidtime'] + $cfg['cookielifetime'] < $sys['now_offset']){
$sid = hash_hmac('sha256', $rmdpass . $sys['now_offset'], $cfg['secret_key']);
$update_sid = ", user_sid = " . $db->quote($sid) . ", user_sidtime = " . $sys['now_offset'];
}
else
{
$update_sid = '';
}
$db->query("UPDATE $db_users SET user_lastip='{$usr['ip']}', user_lastlog = {$sys['now_offset']}, user_logcount = user_logcount + 1, user_token = '$token' $update_sid WHERE user_id={$row['user_id']}");
$sid = hash_hmac('sha1', $sid, $cfg['secret_key']);
$u1 = base64_encode($ruserid.':'.$sid);
if ($rremember){
cot_setcookie($sys['site_id'], $u1, time()+$cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true);
unset($_SESSION[$sys['site_id']]);
}
else
{
$_SESSION[$sys['site_id']] = $u1;
}
