if(my $oldcookie = $query->cookie("userpass")) {
	$USER_HASH = confirmUser (split (/\|/,
		Everything::Util::unescape($oldcookie)));
}

##</code><code>##

# IIS will set $ENV{AUTH_USER} to "domain\Username", if NT 
# authentication was successful. As I am not 100% certain
# if it always translates a UPN (user@domain.dnsname.com)
# to the backslashed version, I check for that case too.
#
# Please note that this chops off the domain, so there will be no 
# distinction between same usernames on different domains!
# You can secure that using file permissions.

if (my $ntuser = lc($ENV{AUTH_USER})) {
	if ($ntuser =~ /^([a-zA-Z0-9.]+)(\\|\@)([a-zA-Z0-9.]+)/) {
		if ($2 eq '@') {
			$ntuser = $1;
        }elsif ($2 eq '\\'){
            $ntuser = $3;
        }
	}
	# since authentication already happened, we don't need a password 
	$USER_HASH = confirmUser ($ntuser, undef);
} elsif (my $oldcookie = $query->cookie("userpass")) {
    $USER_HASH = confirmUser (split (/\|/,
		Everything::Util::unescape($oldcookie)));
} 

##</code><code>##

if ($genCrypt eq $crpasswd)

##</code><code>##

if (($genCrypt eq $crpasswd) or $ENV{AUTH_USER})