diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 47d648f4..0ee7acb9 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -97,39 +97,6 @@ function modLog($action, $_board=null) {
 		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
 }
 
-// Validate session
-
-if (isset($_COOKIE[$config['cookies']['mod']])) {
-	// Should be username:hash:salt
-	$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
-	if (count($cookie) != 3) {
-		// Malformed cookies
-		destroyCookies();
-		mod_login();
-		exit;
-	}
-	
-	$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
-	$query->bindValue(':username', $cookie[0]);
-	$query->execute() or error(db_error($query));
-	$user = $query->fetch(PDO::FETCH_ASSOC);
-	
-	// validate password hash
-	if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
-		// Malformed cookies
-		destroyCookies();
-		mod_login();
-		exit;
-	}
-	
-	$mod = array(
-		'id' => $user['id'],
-		'type' => $user['type'],
-		'username' => $cookie[0],
-		'boards' => explode(',', $user['boards'])
-	);
-}
-
 function create_pm_header() {
 	global $mod, $config;
 	
@@ -163,4 +130,50 @@ function make_secure_link_token($uri) {
 	return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8);
 }
 
+function check_login($prompt = false) {
+	global $config, $mod;
+	// Validate session
+	if (isset($_COOKIE[$config['cookies']['mod']])) {
+		// Should be username:hash:salt
+		$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+		if (count($cookie) != 3) {
+			// Malformed cookies
+			destroyCookies();
+			if ($prompt) mod_login();
+			exit;
+		}
+		
+		$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
+		$query->bindValue(':username', $cookie[0]);
+		$query->execute() or error(db_error($query));
+		$user = $query->fetch(PDO::FETCH_ASSOC);
+		
+		// validate password hash
+		if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
+			// Malformed cookies
+			destroyCookies();
+			if ($prompt) mod_login();
+			exit;
+		}
+		
+		$mod = array(
+			'id' => $user['id'],
+			'type' => $user['type'],
+			'username' => $cookie[0],
+			'boards' => explode(',', $user['boards'])
+		);
+	}
 
+	if ($config['debug'])
+		$parse_start_time = microtime(true);
+
+	// Fix for magic quotes
+	if (get_magic_quotes_gpc()) {
+		function strip_array($var) {
+			return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
+		}
+		
+		$_GET = strip_array($_GET);
+		$_POST = strip_array($_POST);
+	}
+}
diff --git a/mod.php b/mod.php
index 18dffec3..13edff5b 100644
--- a/mod.php
+++ b/mod.php
@@ -8,18 +8,7 @@ require 'inc/functions.php';
 require 'inc/mod/pages.php';
 require 'inc/mod/auth.php';
 
-if ($config['debug'])
-	$parse_start_time = microtime(true);
-
-// Fix for magic quotes
-if (get_magic_quotes_gpc()) {
-	function strip_array($var) {
-		return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
-	}
-	
-	$_GET = strip_array($_GET);
-	$_POST = strip_array($_POST);
-}
+check_login(true);
 
 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
 
diff --git a/post.php b/post.php
index d28f50d6..6835f4c7 100644
--- a/post.php
+++ b/post.php
@@ -264,6 +264,7 @@ elseif (isset($_POST['post'])) {
 
 	if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
 		require 'inc/mod/auth.php';
+		check_login(false);
 		if (!$mod) {
 			// Liar. You're not a mod.
 			error($config['error']['notamod']);