Merge pull request #3039 from nickvergessen/ticket/13138

[ticket/13138] Only use cookie data when we do not force a user_id

phpBB/includes/session.php

@@ -553,6 +553,22 @@ class session
 		$method = basename(trim($config['auth_method']));
 		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 
+		if ($user_id !== false && !sizeof($this->data))
+		{
+			$this->cookie_data['k'] = '';
+			$this->cookie_data['u'] = $user_id;
+
+			$sql = 'SELECT *
+				FROM ' . USERS_TABLE . '
+				WHERE user_id = ' . (int) $this->cookie_data['u'] . '
+					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
+			$result = $db->sql_query($sql);
+			$this->data = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			$bot = false;
+		}
+		else if (!$bot)
+		{
 			$method = 'autologin_' . $method;
 			if (function_exists($method))
 			{
@@ -580,19 +596,6 @@ class session
 				$db->sql_freeresult($result);
 				$bot = false;
 			}
-		else if ($user_id !== false && !sizeof($this->data))
-		{
-			$this->cookie_data['k'] = '';
-			$this->cookie_data['u'] = $user_id;
-
-			$sql = 'SELECT *
-				FROM ' . USERS_TABLE . '
-				WHERE user_id = ' . (int) $this->cookie_data['u'] . '
-					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
-			$result = $db->sql_query($sql);
-			$this->data = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
-			$bot = false;
 		}
 
 		// Bot user, if they have a SID in the Request URI we need to get rid of it