Fix autologin issues

git-svn-id: file:///svn/phpbb/trunk@3006 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2002-11-02 21:44:36 +00:00 · 2002-11-02 21:44:36 +00:00 · 5b73ad4cbd
commit 5b73ad4cbd
parent 97978b69f1
2 changed files with 12 additions and 12 deletions
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@ -121,7 +121,7 @@ class session
 	}
 	// Create a new session
-	function create(&$user_id, &$autologin)
+	function create(&$user_id, &$autologin, $set_autologin = false)
 	{
 		global $SID, $db, $config;
@ -164,7 +164,7 @@ class session
 		$db->sql_freeresult($result);
 		// Check autologin request, is it valid?
-		if ($this->data['user_password'] != $autologin || !$this->data['user_active'] || !$user_id)
+		if (empty($this->data) || ($this->data['user_password'] != $autologin && !$set_autologin) || !$this->data['user_active'])
 		{
 			$autologin = '';
 			$this->data['user_id'] = $user_id = ANONYMOUS;
@ -211,7 +211,7 @@ class session
 		$this->data['session_id'] = $this->session_id;
-		$sessiondata['autologinid'] = ($autologin && $user_id) ? $autologin : '';
+		$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
 		$sessiondata['userid'] = $user_id;
 		$this->set_cookie('data', serialize($sessiondata), $current_time + 31536000);
@ -689,8 +689,8 @@ class auth
 					return false;
 				}
-				$autologin = (isset($autologin)) ? md5($password) : '';
+				$autologin = (!empty($autologin)) ? md5($password) : '';
-				return ($login['user_active']) ? $user->create($login['user_id'], $autologin) : false;
+				return ($login['user_active']) ? $user->create($login['user_id'], $autologin, true) : false;
 			}
 		}
--- a/phpBB/login.php
+++ b/phpBB/login.php
@ -38,21 +38,21 @@ extract($_POST);
 $redirect = (!empty($redirect)) ? $_SERVER['QUERY_STRING'] : '';
 // Do the login/logout/form/whatever
-if ( isset($login) || isset($logout)  )
+if (isset($login) || isset($logout))
 {
-	if ( isset($login) && !$user->data['user_id'] )
+	if (isset($login) && !$user->data['user_id'])
 	{
-		$autologin = ( !empty($autologin) ) ? true : false;
+		$autologin = (!empty($autologin)) ? true : false;
 		//
 		// Is the board disabled? Are we an admin? No, then back to the index we go
 		//
-		if ( $config['board_disable'] && !$auth->acl_get('a_') )
+		if ($config['board_disable'] && !$auth->acl_get('a_'))
 		{
 			redirect("index.$phpEx$SID");
 		}
-		if ( !$auth->login($username, $password, $autologin) )
+		if (!$auth->login($username, $password, $autologin))
 		{
 			$template->assign_vars(array(
 				'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx$SID&amp;redirect=$redirect" . '">')
@ -62,7 +62,7 @@ if ( isset($login) || isset($logout)  )
 			message_die(MESSAGE, $message);
 		}
 	}
-	else if ( $user->data['user_id'] )
+	else if ($user->data['user_id'] != ANONYMOUS)
 	{
 		$user->destroy();
 	}
@ -70,7 +70,7 @@ if ( isset($login) || isset($logout)  )
 	//
 	// Redirect to wherever we're supposed to go ...
 	//
-	$redirect_url = ( $redirect ) ? preg_replace('/^.*?redirect=(.*?)&(.*?)$/', '\\1' . $SID . '&\\2', $redirect) : 'index.'.$phpEx;
+	$redirect_url = ($redirect) ? preg_replace('/^.*?redirect=(.*?)&(.*?)$/', '\\1' . $SID . '&\\2', $redirect) : 'index.'.$phpEx;
 	redirect($redirect_url);
 }