Merge branch 'develop-olympus' into develop-ascraeus

* develop-olympus: [ticket/13138] Do not use cookie data and autologin while forcing a user_id Conflicts: phpBB/phpbb/session.php
2025-06-21 10:40:58 +02:00 · 2014-10-20 14:53:38 -04:00
parent 57a575b5f0 d4faeb064b
commit 99f63f39eb
1 changed files with 29 additions and 26 deletions
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@ -577,32 +577,7 @@ class session
 			}
 		}

-		$provider_collection = $phpbb_container->get('auth.provider_collection');
-		$provider = $provider_collection->get_provider();
-		$this->data = $provider->autologin();
-
-		if (sizeof($this->data))
-		{
-			$this->cookie_data['k'] = '';
-			$this->cookie_data['u'] = $this->data['user_id'];
-		}
-
-		// If we're presented with an autologin key we'll join against it.
-		// Else if we've been passed a user_id we'll grab data based on that
-		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
-		{
-			$sql = 'SELECT u.*
-				FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
-				WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
-					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
-					AND k.user_id = u.user_id
-					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
-			$result = $db->sql_query($sql);
-			$this->data = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
-			$bot = false;
-		}
-		else if ($user_id !== false && !sizeof($this->data))
+		if ($user_id !== false && !sizeof($this->data))
 		{
 			$this->cookie_data['k'] = '';
 			$this->cookie_data['u'] = $user_id;
@ -616,6 +591,34 @@ class session
 			$db->sql_freeresult($result);
 			$bot = false;
 		}
+		else if (!$bot)
+		{
+            $provider_collection = $phpbb_container->get('auth.provider_collection');
+            $provider = $provider_collection->get_provider();
+            $this->data = $provider->autologin();
+
+            if (sizeof($this->data))
+            {
+                $this->cookie_data['k'] = '';
+                $this->cookie_data['u'] = $this->data['user_id'];
+            }
+
+			// If we're presented with an autologin key we'll join against it.
+			// Else if we've been passed a user_id we'll grab data based on that
+			if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
+			{
+				$sql = 'SELECT u.*
+					FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
+					WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
+						AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
+						AND k.user_id = u.user_id
+						AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
+				$result = $db->sql_query($sql);
+				$this->data = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+				$bot = false;
+			}
+		}

 		// Bot user, if they have a SID in the Request URI we need to get rid of it
 		// otherwise they'll index this page with the SID, duplicate content oh my!