1 function check_cookie(&$pun_user) 2 { 3     global $db, $db_type, $pun_config, $cookie_name, $cookie_seed; 4  5     $now = time(); 6  7     // If the cookie is set and it matches the correct pattern, then read the values from it 8     if (isset($_COOKIE[$cookie_name]) && preg_match('%^(d+)|([0-9a-fA-F]+)|(d+)|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) 9     {10         $cookie = array(11             'user_id'            => intval($matches[1]),12             'password_hash'     => $matches[2],13             'expiration_time'    => intval($matches[3]),14             'cookie_hash'        => $matches[4],15         );16     }17 18     // If it has a non-guest user, and hasn't expired19     if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now)20     {21         // If the cookie has been tampered with22         if (forum_hmac($cookie['user_id'].'|'.$cookie['expiration_time'], $cookie_seed.'_cookie_hash') != $cookie['cookie_hash'])23         {24             $expire = $now + 31536000; // The cookie expires after a year25             pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);26             set_default_user();27 28             return;29         }30 ...............