[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ic] CookieLogin with indirect_login


On Mar 6, 2007, at 4:47 PM, Kevin Walsh wrote:


Bill Carr <suppressed> wrote:

I'm having trouble getting automatic logins to work with CookieLogin.
I am using Interchange 5.4.1 (UserDB.pm,v 2.41 2005/11/08) with
indirect_login. I am able to login with the correct value in my
indirect_login field  (email). However, the MV_USERNAME cookie is set
to the value of the username field. When I come back to the site the
cookie login is attempted but since indirect_login is set for my
userdb the following indirect_login query is attempted:

  select username from userdb where email = '61'

I login like so:
[userdb function=login indirect_login=email cgi=1]
I'm logged in but MV_USERNAME cookie is the username field from userdb. 

When I come back indirect login is attempted with the value of my
username from the MV_USERNAME cookie not my e-mail address.


Is anyone using inderct_login with CookieLogin and is it working?


Not me, but I just spent a couple of minutes looking at the code.

The following patch is completely untested, but it may be worth a go:

--- UserDB.pm   15 Jan 2007 18:45:45 -0000      2.51
+++ UserDB.pm   6 Mar 2007 21:43:34 -0000
@@ -1323,7 +1323,7 @@
                                                );
                }

-               username_cookies($self->{USERNAME}, $pw)
+ username_cookies($self->{PASSED_USERNAME} || $self-> {USERNAME}, $pw) 
                        if $Vend::Cfg->{CookieLogin};

                if ($self->{LOCATION}{LAST} ne 'none') {

You will need to clean out your MV_USERNAME cookie after patching.

Thanks for the patch Kevin.
It looks like the real username is being set in MV_USERNAME cookie even with an indirect_login setup. I propose keeping that behavior the way it is and skipping the indirect login query if we got the USERNAME from the MV_USERNAME cookie. The following patch accomplishes that. What do you think?
--- interchange-cvs/lib/Vend/UserDB.pm 2007-01-15 13:45:45.000000000 -0500 +++ interchange/lib/Vend/UserDB.pm 2007-03-07 11:29:49.000000000 -0500 
@@ -1159,8 +1159,10 @@
                }
                if($Vend::Cfg->{CookieLogin}) {
- $self->{USERNAME} = Vend::Util::read_cookie ('MV_USERNAME') 
-                               if ! $self->{USERNAME};
+                       if (! $self->{USERNAME}) {
+ $self->{USERNAME} = Vend::Util::read_cookie('MV_USERNAME'); + $self->{OPTIONS} {username_from_cookie} = 1 if $self->{USERNAME}; 
+                       }
$self->{PASSWORD} = Vend::Util::read_cookie ('MV_PASSWORD') 
                                if ! $self->{PASSWORD};
                }
@@ -1240,7 +1242,7 @@
                my $udb = $self->{DB};
                my $foreign = $self->{OPTIONS}{indirect_login};
-               if($foreign) {
+ if($foreign && !$self->{OPTIONS} {username_from_cookie}) { my $uname = ($self->{PASSED_USERNAME} ||= $self->{USERNAME}); 
                        my $ufield = $self->{LOCATION}{USERNAME};
                        $uname = $udb->quote($uname);
--- interchange-cvs/lib/Vend/Config.pm 2007-03-07 10:12:04.000000000 -0500 +++ interchange/lib/Vend/Config.pm 2007-03-07 11:32:15.000000000 -0500 
@@ -3168,7 +3168,7 @@
                                local(%SIG);
                                undef $SIG{__DIE__};
                                eval {
- Vend::UserDB::userdb('login', profile => $profile ); + Vend::UserDB::userdb('login', { profile => $profile, username_from_cookie => 1 } ); 
                                };
                                if($@) {
$Vend::Session->{failure} .= $@; 


Bill Carr
Bottlenose - Wine & Spirits eBusiness Specialists
(877) 857-6700

_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.