+ if ($hash == $password) {
+ // New hashed password found so let's generate a new one
+ $hash = generateHash($_POST['password']);
+
+ // ... and update database
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET password='%s' WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ array($hash, $uid), __FILE__, __LINE__);
+
+ // No login bonus by default
+ $BONUS = false;
+
+ // Probe for last online timemark
+ $probe = time() - $online;
+ if (!empty($login)) $probe = time() - $login;
+ if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= getConfig('login_timeout'))) {
+ // Add login bonus to user's account
+ $ADD = sprintf(", login_bonus=login_bonus+%s",
+ (float)getConfig('login_bonus')
+ );
+ $BONUS = true;
+
+ // Subtract login bonus from userid's account or jackpot
+ if ((GET_EXT_VERSION("bonus") >= "0.3.5") && (getConfig('bonus_mode') != "ADD")) BONUS_POINTS_HANDLER('login_bonus');
+ } // END - if
+
+ // Init variables
+ $life = "-1"; $login = false;
+
+ // Secure lifetime from input form
+ $l = bigintval($_POST['lifetime']);
+
+ // Is the lifetime set?
+ if ($l > 0) {
+ // Calculate lifetime of cookies
+ $life = time() + $l;
+
+ // Calculate new hash with the secret key and master salt together
+ $hash = generatePassString($hash);
+
+ // Update cookies
+ $login = (set_session("userid" , $uid , $life, COOKIE_PATH)
+ && set_session("u_hash" , $hash, $life, COOKIE_PATH)
+ && set_session("lifetime", $l , $life, COOKIE_PATH)
+ );
+
+ // Update global array
+ $GLOBALS['userid'] = $uid;
+ } else {
+ // Check for login data
+ $login = IS_MEMBER();
+ }