+ # find password data by user name
+ $userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
+ $pwfile = "$userdir/.passwd";
+ if (!file_exists($pwfile)) return;
+ $usertest = trim(file_get_contents($pwfile));
+ if (!$usertest) return;
+
+ # verify password
+ $authhash = md5($usertest);
+ if (isset($inpass)) {
+ if (!login_password_verify($inpass, $usertest)) return;
+ }
+ else {
+ if ($inauth !== $authhash) return;
+ }
+
+ if (function_exists('apache_note')) apache_note('user', $inuser);
+
+ if ($log = @fopen("$userdir/last.log", 'w')) {
+ fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
+ }
+
+ return [
+ 'name' => $inuser,
+ 'dir' => $userdir,
+ 'admin' => file_exists("$userdir/.admin"),
+ 'pass' => $usertest,
+ 'auth' => "$inuser:$authhash",
+ ];
+}
+
+if (isset($_COOKIE['login'])) {
+ global $User;
+ $User = login($_COOKIE['login']);
+}