--- cookies.inc.t-rev5581.svn000.tmp.t	수 4 18 22:31:18 2012
+++ cookies.inc.t	수 1 16 02:06:23 2013
@@ -2,7 +2,7 @@
 /**
 * copyright            : (C) 2001-2012 Advanced Internet Designs Inc.
 * email                : forum(at)prohost(dot)org
-* $Id: cookies.inc.t 5450 2012-04-18 13:31:18Z naudefj $
+* $Id: cookies.inc.t 5582 2013-01-15 17:06:15Z theonlynexus $
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
@@ -34,13 +34,16 @@
 	if (!$id) {
 		/* Cookie or URL session? If not, check for known bots. */
 		if (!empty($_COOKIE[$GLOBALS['COOKIE_NAME']])) {
+			/* Have cookie */
 			$q_opt = 's.ses_id='. _esc($_COOKIE[$GLOBALS['COOKIE_NAME']]);
 		} else if ((isset($_GET['S']) || isset($_POST['S'])) && $GLOBALS['FUD_OPT_1'] & 128) {
+			/* Have session string */
 			$url_session = 1;
 			$q_opt = 's.ses_id='. _esc((isset($_GET['S']) ? (string) $_GET['S'] : (string) $_POST['S']));
 			/* Do not validate against expired URL sessions. */
 			$q_opt .= ' AND s.time_sec > '. (__request_timestamp__ - $GLOBALS['SESSION_TIMEOUT']);
 		} else {
+			/* Unknown user, maybe bot? */
 			// Auto login authorized bots.
 			// To test: wget --user-agent="Googlebot 1.2" http://127.0.0.1:8080/forum
 			$spider_session = 0;
@@ -76,7 +79,14 @@
 				}
 				$GLOBALS['FUD_OPT_1'] ^= 128;	// Disable URL sessions for user.
 			} else {
-				return;
+				/* NeXuS: What is this? Return if user unknown? Function should
+				   return only after the query is run. */
+				//return;
+				
+				// Check sys_id, ip_addr and useragent for a possible match
+				$q_opt = 's.sys_id= '._esc(ses_make_sysid()).
+				         ' AND s.ip_addr='._esc(get_ip()).
+						 ' AND s.useragent='._esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 32));
 			}
 		}