From 0567d832c98541021a7787ecd4728db694eedee5 Mon Sep 17 00:00:00 2001
From: e107steved <steved@e107.org>
Date: Sun, 4 Jan 2009 16:00:19 +0000
Subject: [PATCH] Option to autologon after clicking on signup link

---
 class2.php                                 |  23 +-
 e107_admin/prefs.php                       |  11 +-
 e107_files/def_e107_prefs.php              |   5 +-
 e107_handlers/login.php                    | 312 +++++++++++----------
 e107_languages/English/admin/lan_prefs.php |  34 +--
 signup.php                                 |  13 +-
 6 files changed, 215 insertions(+), 183 deletions(-)

diff --git a/class2.php b/class2.php
index 5c849bf56..31a99b2bb 100644
--- a/class2.php
+++ b/class2.php
@@ -9,8 +9,8 @@
 * General purpose file
 *
 * $Source: /cvs_backup/e107_0.8/class2.php,v $
-* $Revision: 1.91 $
-* $Date: 2008-12-28 22:37:42 $
+* $Revision: 1.92 $
+* $Date: 2009-01-04 16:00:19 $
 * $Author: e107steved $
 *
 */
@@ -856,30 +856,33 @@ if ($pref['maintainance_flag'] && ADMIN == FALSE && strpos(e_SELF, 'admin.php')
 	exit();
 }
 
+
 $sql->db_Mark_Time('(Start: Login/logout/ban/tz)');
 
+
 if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
 {
 	e107_require_once(e_HANDLER.'login.php');
 	$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
 }
 
+
 if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser)))
-//if (e_QUERY == 'logout')
 {
-  if (USER)
-  {
-	if (check_class(varset($pref['user_audit_class'],'')))
-	{  // Need to note in user audit trail
-	  $admin_log->user_audit(USER_AUDIT_LOGOUT, '');
+	if (USER)
+	{
+		if (check_class(varset($pref['user_audit_class'],'')))
+		{  // Need to note in user audit trail
+			$admin_log->user_audit(USER_AUDIT_LOGOUT, '');
+		}
 	}
-  }
 
 	$ip = $e107->getip();
 	$udata = (USER === true ? USERID.'.'.USERNAME : '0');
 	$sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");
 
-	if ($pref['user_tracking'] == 'session') {
+	if ($pref['user_tracking'] == 'session') 
+	{
 		session_destroy();
 		$_SESSION[e_COOKIE]='';
 	}
diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php
index e8170321e..959f6d417 100644
--- a/e107_admin/prefs.php
+++ b/e107_admin/prefs.php
@@ -9,8 +9,8 @@
  * Administration - Site Preferences
  *
  * $Source: /cvs_backup/e107_0.8/e107_admin/prefs.php,v $
- * $Revision: 1.23 $
- * $Date: 2008-12-31 17:08:14 $
+ * $Revision: 1.24 $
+ * $Date: 2009-01-04 16:00:19 $
  * $Author: e107steved $
  *
 */
@@ -844,6 +844,13 @@ $text .= "
 							".$frm->radio_switch('user_reg_secureveri', $pref['user_reg_secureveri'])."
 						</td>
 					</tr>
+					<tr>
+						<td class='label'>".PRFLAN_197.": </td>
+						<td class='control'>
+							".$frm->radio_switch('autologinpostsignup', $pref['autologinpostsignup'])."
+							<div class='smalltext field-help'>".PRFLAN_198."</div>
+						</td>
+					</tr>
 					<tr>
 						<td class='label'>".PRFLAN_129.":</td>
 						<td class='control'>
diff --git a/e107_files/def_e107_prefs.php b/e107_files/def_e107_prefs.php
index ac25dfad9..ea58bc2aa 100644
--- a/e107_files/def_e107_prefs.php
+++ b/e107_files/def_e107_prefs.php
@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_files/def_e107_prefs.php,v $
-|     $Revision: 1.19 $
-|     $Date: 2008-12-07 21:41:04 $
+|     $Revision: 1.20 $
+|     $Date: 2009-01-04 16:00:19 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -55,6 +55,7 @@ City, State, Country
   'signcode' => '0',
   'user_reg_veri' => '1',
   'user_reg_secureveri' => '1',
+  'autologinpostsignup' => '0',
   'signup_pass_len' => '',
   'signup_maxip' => '3',
   'signup_disallow_text' => '',
diff --git a/e107_handlers/login.php b/e107_handlers/login.php
index 4914a7037..041e69b6d 100644
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -12,8 +12,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
-|     $Revision: 1.19 $
-|     $Date: 2008-12-21 11:07:58 $
+|     $Revision: 1.20 $
+|     $Date: 2009-01-04 16:00:19 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -48,10 +48,13 @@ class userlogin
 		/* Constructor
 		# Class called when user attempts to log in
 		#
-		# - parameters #1:                string $username, $_POSTED user name
-		# - parameters #2:                string $userpass, $_POSTED user password
-		# - return                                boolean
-		# - scope                                        public
+		# - parameters #1:      string $username, $_POSTED user name
+		# - parameters #2:      string $userpass, $_POSTED user password
+		# @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
+		#					- zero for 'normal' login
+		#					- non-zero sets the 'remember me' flag in the cookie
+		# - return              boolean
+		# - scope				public
 		*/
 		global $pref, $e_event, $sql, $e107, $tp;
 		global $admin_log,$_E107;
@@ -61,13 +64,13 @@ class userlogin
 
 		if($_E107['cli'] && ($username == ""))
 		{
-          return FALSE;
+			return FALSE;
 		}
 
 		$fip = $e107->getip();
 		if($username == "" || (($userpass == "") && ($response == '')))
 		{	// Required fields blank
-		  return $this->invalidLogin($username,LOGIN_BLANK_FIELD,$fip);
+			return $this->invalidLogin($username,LOGIN_BLANK_FIELD,$fip);
 		}
 
 	 	if(!is_object($sql)) { $sql = new db; }
@@ -75,80 +78,91 @@ class userlogin
 //	    $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
 		$e107->check_ban("banlist_ip='{$fip}' ",FALSE);			// This will exit if a ban is in force
 
-		$autologin = intval($autologin);
+		$forceLogin = ($autologin == 'signup');
+		$autologin = intval($autologin);		// Will decode to zero if forced login
 
-		if ($pref['auth_method'] && $pref['auth_method'] != "e107") 
+		if ($pref['auth_method'] && $pref['auth_method'] != 'e107' && !$forceLogin) 
 		{
-		  $auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
-		  if (file_exists($auth_file)) 
-		  {
-			require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
-			$result = new alt_login($pref['auth_method'], $username, $userpass);
-			if ($result == LOGIN_ABORT)
-			{	// Invalid user
-			  return $this->invalidLogin($username,LOGIN_ABORT,$fip);
+			$auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
+			if (file_exists($auth_file)) 
+			{
+				require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
+				$result = new alt_login($pref['auth_method'], $username, $userpass);
+				if ($result == LOGIN_ABORT)
+				{	// Invalid user
+					return $this->invalidLogin($username,LOGIN_ABORT,$fip);
+				}
 			}
-		  }
 		}
 
 		$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
 
 		// Check secure image
-		if ($pref['logcode'] && extension_loaded("gd")) 
+		if (!$forceLogin && $pref['logcode'] && extension_loaded("gd")) 
 		{
-		  require_once(e_HANDLER."secure_img_handler.php");
-		  $sec_img = new secure_image;
-		  if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 
-		  {	// Invalid code
-			return $this->invalidLogin($username,LOGIN_BAD_CODE,$fip);
-		  }
+			require_once(e_HANDLER."secure_img_handler.php");
+			$sec_img = new secure_image;
+			if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 
+			{	// Invalid code
+				return $this->invalidLogin($username,LOGIN_BAD_CODE,$fip);
+			}
 		}
 
 		// Check username general format
-		if (strlen($username) > varset($pref['loginname_maxlength'],30))
+		if (!$forceLogin && (strlen($username) > varset($pref['loginname_maxlength'],30)))
 		{  // Error - invalid username
-		  return $this->invalidLogin($username,LOGIN_BAD_USERNAME,$fip);
+			return $this->invalidLogin($username,LOGIN_BAD_USERNAME,$fip);
 		}
 
-		$lookemail = varset($pref['allowEmailLogin'],0) && (strpos($username,'@') !== FALSE);		// See if we look up against email or user name
+		$lookemail = !$forceLogin && varset($pref['allowEmailLogin'],0) && (strpos($username,'@') !== FALSE);		// See if we look up against email or user name
 		// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
-		if ($sql->db_Select("user", "*", "`user_loginname`= '".$tp -> toDB($username)."'".($lookemail ? " OR `user_email` = '".$tp -> toDB($username)."'" : '') ) !== 1) 	// Handle duplicate emails as well
+		if ($sql->db_Select('user', '*', "`user_loginname`= '".$tp -> toDB($username)."'".($lookemail ? " OR `user_email` = '".$tp -> toDB($username)."'" : '') ) !== 1) 	// Handle duplicate emails as well
 		{	// Invalid user
-		  return $this->invalidLogin($username,LOGIN_BAD_USER,$fip);
+			return $this->invalidLogin($username,LOGIN_BAD_USER,$fip);
 		}
 
 		// User is in DB here
-		$lode = $sql -> db_Fetch();		// Get user info
+		$lode = $sql -> db_Fetch(MYSQL_ASSOC);		// Get user info
 		$lode['user_perms'] = trim($lode['user_perms']);
 		$lookemail = $lookemail && ($tp -> toDB($username) == $lode['user_email']);		// Know whether login name or email address used now
 		if ($lookemail && varsettrue($pref['passwordEncoding']))
 		{
-		  $tmp = unserialize($lode['user_prefs']);
-		  $requiredPassword = varset($tmp['email_password'],$lode['user_password']);	// Use email-specific password if set. Otherwise, 'normal' one might work
-		  unset($tmp);
+			$tmp = unserialize($lode['user_prefs']);
+			$requiredPassword = varset($tmp['email_password'],$lode['user_password']);	// Use email-specific password if set. Otherwise, 'normal' one might work
+			unset($tmp);
 		}
 		else
 		{
-		  $requiredPassword = $lode['user_password'];
+			$requiredPassword = $lode['user_password'];
 		}
 
 		// Now check password
 		$user_info = new UserHandler();
-		if ((($pref['password_CHAP'] > 0) && ($response && isset($_SESSION['challenge'])) && ($response != $_SESSION['challenge'])) || ($pref['password_CHAP'] == 2))
-		{  // Verify using CHAP
-//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
-		  if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $response, $username, $requiredPassword)) === PASSWORD_INVALID)
-		  {
-			return $this->invalidLogin($username,LOGIN_CHAP_FAIL,$fip);
-		  }
+		if ($forceLogin)
+		{
+			if (md5($lode['user_name'].$lode['user_password'].$lode['user_join']) != $userpass)
+			{
+				return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
+			}
 		}
 		else
-		{	// Plaintext password
-//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
-		  if (($pass_result = $user_info->CheckPassword($userpass,($lookemail ? $lode['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID)
-		  {
-			return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
-		  }
+		{
+			if ((($pref['password_CHAP'] > 0) && ($response && isset($_SESSION['challenge'])) && ($response != $_SESSION['challenge'])) || ($pref['password_CHAP'] == 2))
+			{  // Verify using CHAP
+	//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
+				if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $response, $username, $requiredPassword)) === PASSWORD_INVALID)
+				{
+					return $this->invalidLogin($username,LOGIN_CHAP_FAIL,$fip);
+				}
+			}
+			else
+			{	// Plaintext password
+	//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
+				if (($pass_result = $user_info->CheckPassword($userpass,($lookemail ? $lode['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID)
+				{
+					return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
+				}
+			}
 		}
 
 		// Check user status
@@ -179,7 +193,7 @@ class userlogin
 		$ret = $e_event->trigger("preuserlogin", $username);
 		if ($ret != '') 
 		{
-		  return $this->invalidLogin($username,LOGIN_BAD_TRIGGER,$fip,$ret);
+			return $this->invalidLogin($username,LOGIN_BAD_TRIGGER,$fip,$ret);
 		} 
 
 
@@ -191,10 +205,10 @@ class userlogin
 		/* restrict more than one person logging in using same us/pw */
 		if($pref['disallowMultiLogin']) 
 		{
-		  if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) 
-		  {
-			return $this->invalidLogin($username,LOGIN_MULTIPLE,$fip,$user_id);
-		  }
+			if($sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'")) 
+			{
+				return $this->invalidLogin($username,LOGIN_MULTIPLE,$fip,$user_id);
+			}
 		}
 
 
@@ -203,7 +217,7 @@ class userlogin
 
 		if($user_xup) 
 		{
-		  $this->update_xup($user_id, $user_xup);
+			$this->update_xup($user_id, $user_xup);
 		}
 
 
@@ -225,7 +239,7 @@ class userlogin
 
 		if($_E107['cli'])
 		{
-          return $cookieval;
+			return $cookieval;
 		}
 
 		if (in_array(e_UC_NEWUSER,$class_list))
@@ -247,30 +261,30 @@ class userlogin
 		{	// See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
 //		  $log_info = "New user: ".$lode['user_name']."  Class: ".$lode['user_class']."  Admin: ".$lode['user_admin']."  Perms: ".$lode['user_perms'];
 //		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
-		  foreach ($pref['frontpage_force'] as $fk=>$fp)
-		  {
-			if (in_array($fk,$class_list))
-			{  // We've found the entry of interest
-			  if (strlen($fp))
-			  {
-				$redir = ((strpos($fp, 'http') === FALSE) ? e_BASE : '').$tp -> replaceConstants($fp, TRUE, FALSE);
-//				$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
-			  }
-			  break;
+			foreach ($pref['frontpage_force'] as $fk=>$fp)
+			{
+				if (in_array($fk,$class_list))
+				{  // We've found the entry of interest
+					if (strlen($fp))
+					{
+						$redir = ((strpos($fp, 'http') === FALSE) ? e_BASE : '').$tp -> replaceConstants($fp, TRUE, FALSE);
+		//				$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
+					}
+					break;
+				}
 			}
-		  }
 		}
 
 
 
 		if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) 
 		{
-		  header("Location: ".$redir);
-		  exit;
+			header("Location: ".$redir);
+			exit();
 		} 
 		else 
 		{
-		  echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
+			echo "<script type='text/javascript'>document.location.href='{$redir}'</script>\n";
 		}
 	}
 
@@ -278,99 +292,99 @@ class userlogin
 	// Function called to log the reason for a failed login. Currently always returns false - could return some other value
 	function invalidLogin($username,$reason, $fip = '?', $extra_text = '')
 	{
-	  global $sql, $pref, $tp, $e107;
+		global $sql, $pref, $tp, $e107;
 	  
-	  $doCheck = FALSE;			// Flag set if need to ban check
-	  switch ($reason)
-	  {
-		case LOGIN_ABORT :		// alt_auth reject
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
-		  $this->genNote($fip,$username,'Alt_auth: '.LAN_LOGIN_14);
-		  $this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username);
-		  $doCheck = TRUE;
-		  break;
-		case LOGIN_BAD_PW :
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_03',$username);
-		  break;
-		case LOGIN_CHAP_FAIL :
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_03','CHAP: '.$username);
-		  break;
-		case LOGIN_BAD_USER :
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
-		  $this->genNote($fip,$username,LAN_LOGIN_14);
-		  $this->logNote('LAN_ROLL_LOG_04',$username);
-		  $doCheck = TRUE;
-		  break;
-		case LOGIN_BAD_USERNAME :
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_08',$username);
-		  break;
-		case LOGIN_MULTIPLE :
-		  define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}");
-		  $this->genNote($fip,$username,LAN_LOGIN_16);
-		  $doCheck = TRUE;
-		  break;
-		case LOGIN_BAD_CODE :
-		  define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_02',$username);
-		  break;
-		case LOGIN_NOT_ACTIVATED :
-		  define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_05',$username);
-		  $this->genNote($fip,$username,LAN_LOGIN_27);
-		  $doCheck = TRUE;
-		  break;
-		case LOGIN_BLANK_FIELD :
-		  define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_01',$username);
-		  break;
-		case LOGIN_BAD_TRIGGER :
-		  define("LOGINMESSAGE", $extra_text."<br /><br />");
-		  $this->logNote('LAN_ROLL_LOG_06',$username);
-		  break;
-		case LOGIN_BANNED :
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");		// Just give 'incorrect login' message
-		  $this->genNote($fip,$username,LAN_LOGIN_25);
-		  $this->logNote('LAN_ROLL_LOG_09',$username);
-		  break;
-		default :		// Something's gone wrong!
-		  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");		// Just give 'incorrect login' message
-		  $this->genNote($fip,$username,LAN_LOGIN_26);
-		  $this->logNote('LAN_ROLL_LOG_10',$username);
-	  }
-
-	  if ($doCheck)
-	  {		// See if ban required (formerly the checkibr() function)
-		if($pref['autoban'] == 1 || $pref['autoban'] == 3)
-		{ // Flood + Login or Login Only.
-		  $fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
-		  if($fails > 10) 
-		  {
-			$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
-			$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$extra_text}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
-		  }
+		$doCheck = FALSE;			// Flag set if need to ban check
+		switch ($reason)
+		{
+			case LOGIN_ABORT :		// alt_auth reject
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
+			  $this->genNote($fip,$username,'Alt_auth: '.LAN_LOGIN_14);
+			  $this->logNote('LAN_ROLL_LOG_04','Alt_Auth: '.$username);
+			  $doCheck = TRUE;
+			  break;
+			case LOGIN_BAD_PW :
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_03',$username);
+			  break;
+			case LOGIN_CHAP_FAIL :
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_03','CHAP: '.$username);
+			  break;
+			case LOGIN_BAD_USER :
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
+			  $this->genNote($fip,$username,LAN_LOGIN_14);
+			  $this->logNote('LAN_ROLL_LOG_04',$username);
+			  $doCheck = TRUE;
+			  break;
+			case LOGIN_BAD_USERNAME :
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_08',$username);
+			  break;
+			case LOGIN_MULTIPLE :
+			  define("LOGINMESSAGE", LAN_LOGIN_24."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_07',"U: {$username} IP: {$fip}");
+			  $this->genNote($fip,$username,LAN_LOGIN_16);
+			  $doCheck = TRUE;
+			  break;
+			case LOGIN_BAD_CODE :
+			  define("LOGINMESSAGE", LAN_LOGIN_23."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_02',$username);
+			  break;
+			case LOGIN_NOT_ACTIVATED :
+			  define("LOGINMESSAGE", LAN_LOGIN_22."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_05',$username);
+			  $this->genNote($fip,$username,LAN_LOGIN_27);
+			  $doCheck = TRUE;
+			  break;
+			case LOGIN_BLANK_FIELD :
+			  define("LOGINMESSAGE", LAN_LOGIN_20."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_01',$username);
+			  break;
+			case LOGIN_BAD_TRIGGER :
+			  define("LOGINMESSAGE", $extra_text."<br /><br />");
+			  $this->logNote('LAN_ROLL_LOG_06',$username);
+			  break;
+			case LOGIN_BANNED :
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");		// Just give 'incorrect login' message
+			  $this->genNote($fip,$username,LAN_LOGIN_25);
+			  $this->logNote('LAN_ROLL_LOG_09',$username);
+			  break;
+			default :		// Something's gone wrong!
+			  define("LOGINMESSAGE", LAN_LOGIN_21."<br /><br />");		// Just give 'incorrect login' message
+			  $this->genNote($fip,$username,LAN_LOGIN_26);
+			  $this->logNote('LAN_ROLL_LOG_10',$username);
 		}
-	  }
-	  return FALSE;		// Passed back to signal failed login
+
+		if ($doCheck)
+		{		// See if ban required (formerly the checkibr() function)
+			if($pref['autoban'] == 1 || $pref['autoban'] == 3)
+			{ // Flood + Login or Login Only.
+				$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
+				if($fails > 10) 
+				{
+					$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
+					$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$fip}', '{$extra_text}', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
+				}
+			}
+		}
+		return FALSE;		// Passed back to signal failed login
 	}
 
 
 	// Make a note of an event in the rolling log
 	function logNote($title,$text)
 	{
-	  global $admin_log;
-	  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",$title,$text,FALSE,LOG_TO_ROLLING);
+		global $admin_log;
+		$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"LOGIN",$title,$text,FALSE,LOG_TO_ROLLING);
 	}
 
 
 	// Make a note of an event in the 'generic' table
 	function genNote($fip,$username,$msg1)
 	{
-	  global $sql, $tp;
-	  $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".$msg1." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
+		global $sql, $tp;
+		$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".$msg1." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
 	}
 
 
diff --git a/e107_languages/English/admin/lan_prefs.php b/e107_languages/English/admin/lan_prefs.php
index d88f21343..9a1eacdb2 100644
--- a/e107_languages/English/admin/lan_prefs.php
+++ b/e107_languages/English/admin/lan_prefs.php
@@ -12,9 +12,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_prefs.php,v $
-|     $Revision: 1.15 $
-|     $Date: 2008-12-19 14:01:07 $
-|     $Author: secretr $
+|     $Revision: 1.16 $
+|     $Date: 2009-01-04 16:00:19 $
+|     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
 
@@ -180,18 +180,18 @@ define("PRFLAN_168", "Site Contact Person(s)");
 define("PRFLAN_169", "If the chosen group contains more than one person, the user will be asked to select a person from the group.");
 //define("PRFLAN_170", "Use reverse DNS to allow host banning");
 //define("PRFLAN_171", "Turning this option on will allow you to ban users by hostname, rather then just IP or email address.  <br />NOTE: This may affect pageload times on some hosts");
-define("PRFLAN_172", "Login Name maximum length (10..100)");
-define("PRFLAN_173", "Check at SourceForge for e107 updates once/day");
-define("PRFLAN_174", "Name for responses to emails from site");
-define("PRFLAN_175", "This will appear in the 'From' field of registration and other emails from this site");
-define("PRFLAN_176", "Email address for emails from site");
-define("PRFLAN_177", "Address specified for replies to emails from this site.");
-define("PRFLAN_178", "Password transmission method");
-define("PRFLAN_179", "(Only supported if using sessions for user tracking.)");
-define("PRFLAN_180", "Plaintext");
-define("PRFLAN_181", "CHAP, plaintext fallback");
-define("PRFLAN_182", "CHAP only");
-define("PRFLAN_183", " CHAP requires JS enabled in user's browser");
+define('PRFLAN_172', 'Login Name maximum length (10..100)');
+define('PRFLAN_173', 'Check at SourceForge for e107 updates once/day');
+define('PRFLAN_174', 'Name for responses to emails from site');
+define('PRFLAN_175', 'This will appear in the \'From\' field of registration and other emails from this site');
+define('PRFLAN_176', 'Email address for emails from site');
+define('PRFLAN_177', 'Address specified for replies to emails from this site.');
+define('PRFLAN_178', 'Password transmission method');
+define('PRFLAN_179', '(Only supported if using sessions for user tracking.)');
+define('PRFLAN_180', 'Plaintext');
+define('PRFLAN_181', 'CHAP, plaintext fallback');
+define('PRFLAN_182', 'CHAP only');
+define('PRFLAN_183', ' CHAP requires JS enabled in user\'s browser');
 define('PRFLAN_184', 'Allow login by email address');
 define('PRFLAN_185', '(as well as login name)');
 define('PRFLAN_186', 'Yes');
@@ -205,7 +205,9 @@ define('PRFLAN_193', 'To allow users to set their own login names, leave blank')
 define('PRFLAN_194', '# - alpha<br />. - numeric<br />* - alphanumeric<br />Other chars used as entered.');
 define('PRFLAN_195', 'Changed values:');
 define('PRFLAN_196', 'Log all page accesses');
-//define('PRFLAN_197', '');
+define('PRFLAN_197', 'Auto-login new user after clicking on signup link');
+define('PRFLAN_198', 'If disabled, user has to explicitly log in after signup');
+//define('PRFLAN_199', '');
 
 //0.8
 define("PRFLAN_154a", "If 'Admin Approval' is selected, it is recommended that you enable email notification on user signup <a href='".e_ADMIN."notify.php'>here</a>.");
diff --git a/signup.php b/signup.php
index d7e4faeb6..30f2f0eca 100644
--- a/signup.php
+++ b/signup.php
@@ -9,8 +9,8 @@
  * User signup
  *
  * $Source: /cvs_backup/e107_0.8/signup.php,v $
- * $Revision: 1.30 $
- * $Date: 2008-12-29 09:31:36 $
+ * $Revision: 1.31 $
+ * $Date: 2009-01-04 16:00:19 $
  * $Author: e107steved $
  *
 */
@@ -28,7 +28,7 @@ include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');		// Generic user-related
 define('SIGNUP_DEBUG', FALSE);
 
 include_once(e_HANDLER.'user_extended_class.php');
-$ue = new e107_user_extended;
+$usere = new e107_user_extended;
 require_once(e_HANDLER.'calendar/calendar_class.php');
 $cal = new DHTML_Calendar(true);
 require_once(e_HANDLER.'validator_class.php');
@@ -336,6 +336,11 @@ if (e_QUERY)
 				$admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
 				
 				$e_event->trigger("userveri", $row);
+				if (varset($pref['autologinpostsignup']))
+				{
+					require_once(e_HANDLER.'login.php');
+					$usr = new userlogin($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
+				}
 				require_once(HEADERF);
 				$text = LAN_SIGNUP_74." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
 				$ns->tablerender(LAN_SIGNUP_75, $text);
@@ -488,7 +493,7 @@ if (isset($_POST['register']))
 		$eufVals = array();
 		if (isset($_POST['ue']))
 		{
-			$eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array()));		// Validate the extended user fields
+			$eufVals = $usere->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array()));		// Validate the extended user fields
 		}