[cowbert]

Quote:

Originally Posted by john.parlane

Have implemented fix for this, as shown below. The code expands on the "if ($newuser->errors)" statement right at the end.

The problem was that after the user is saved with "$newuser->save()" the cookie salt is changed and the password rehashed in the database. The cookie then doesnt match it. Fix is to simply recreate the cookie by getting and rehashing the db password.

Have also implemented jaikumarm's fix for the first time login issue here.

Code:

 if ($newuser->errors) {
  process_logout();
  eval(standard_error("Error creating/updating user<br/>".$newuser->errors));
 } else {
  $newuserid = $newuser->save();
  
  // Saving the user (above) rehashes the password on the DB so now need to update cookie password also, or 'remember me' login optoin will fail.
  $dbuserinfo = $vbulletin->db->query_first_slave("SELECT password FROM vbull.user WHERE username = '$username'");
  if ($dbuserinfo) {
    $db_hashed_pwd = $dbuserinfo['password'];
    $cookie_hashed_pwd = md5($db_hashed_pwd.COOKIE_SALT);
    vbsetcookie('password', $cookie_hashed_pwd);
  }
  
  // Following code is necessary to fix a hook timing issue with this plugin that results in users being told their login credentials are wrong the first time they login with LDAP credentials
  verify_authentication($username, $passwd, $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true);
  exec_unstrike_user($username);
  process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
  do_login_redirect();

 }
}

Note that $username and $passwd need to be set up at top of script with:

$username = $vbulletin->GPC['vb_login_username'];
$passwd = $vbulletin->GPC['vb_login_password'];

And I removed the following line (118) which doesnt seem to do anything useful:

$vbulletin->GPC['cookieuser'] = $vbulletin->GPC['vb_login_username'];

Remember to use the generic TABLE_PREFIX consts. I would recommend against setting new aliased variables; it only saves typing, and then you have to add additional doco like you do. Just stick with $vbulletin->GPC[]. (Btw $passwd is already assigned on line 30, and $vbulletin->GPC['vb_login_password'] is cleared for safety). And don't forget to $vbulletin->db->escape_string either...