[ic] CookieLogin with indirect_login
Bill Carr
bill at worldwideimpact.com
Wed Mar 7 11:54:33 EST 2007
On Mar 6, 2007, at 4:47 PM, Kevin Walsh wrote:
> Bill Carr <bill at bottlenose-wine.com> wrote:
>> I'm having trouble getting automatic logins to work with CookieLogin.
>> I am using Interchange 5.4.1 (UserDB.pm,v 2.41 2005/11/08) with
>> indirect_login. I am able to login with the correct value in my
>> indirect_login field (email). However, the MV_USERNAME cookie is set
>> to the value of the username field. When I come back to the site the
>> cookie login is attempted but since indirect_login is set for my
>> userdb the following indirect_login query is attempted:
>>
>> select username from userdb where email = '61'
>>
>> I login like so:
>> [userdb function=login indirect_login=email cgi=1]
>> I'm logged in but MV_USERNAME cookie is the username field from
>> userdb.
>>
>> When I come back indirect login is attempted with the value of my
>> username from the MV_USERNAME cookie not my e-mail address.
>>
>>
>> Is anyone using inderct_login with CookieLogin and is it working?
>>
> Not me, but I just spent a couple of minutes looking at the code.
>
> The following patch is completely untested, but it may be worth a go:
>
> --- UserDB.pm 15 Jan 2007 18:45:45 -0000 2.51
> +++ UserDB.pm 6 Mar 2007 21:43:34 -0000
> @@ -1323,7 +1323,7 @@
> );
> }
>
> - username_cookies($self->{USERNAME}, $pw)
> + username_cookies($self->{PASSED_USERNAME} || $self->
> {USERNAME}, $pw)
> if $Vend::Cfg->{CookieLogin};
>
> if ($self->{LOCATION}{LAST} ne 'none') {
>
> You will need to clean out your MV_USERNAME cookie after patching.
Thanks for the patch Kevin.
It looks like the real username is being set in MV_USERNAME cookie
even with an indirect_login setup. I propose keeping that behavior
the way it is and skipping the indirect login query if we got the
USERNAME from the MV_USERNAME cookie. The following patch
accomplishes that. What do you think?
--- interchange-cvs/lib/Vend/UserDB.pm 2007-01-15 13:45:45.000000000
-0500
+++ interchange/lib/Vend/UserDB.pm 2007-03-07 11:29:49.000000000
-0500
@@ -1159,8 +1159,10 @@
}
if($Vend::Cfg->{CookieLogin}) {
- $self->{USERNAME} = Vend::Util::read_cookie
('MV_USERNAME')
- if ! $self->{USERNAME};
+ if (! $self->{USERNAME}) {
+ $self->{USERNAME} =
Vend::Util::read_cookie('MV_USERNAME');
+ $self->{OPTIONS}
{username_from_cookie} = 1 if $self->{USERNAME};
+ }
$self->{PASSWORD} = Vend::Util::read_cookie
('MV_PASSWORD')
if ! $self->{PASSWORD};
}
@@ -1240,7 +1242,7 @@
my $udb = $self->{DB};
my $foreign = $self->{OPTIONS}{indirect_login};
- if($foreign) {
+ if($foreign && !$self->{OPTIONS}
{username_from_cookie}) {
my $uname = ($self->{PASSED_USERNAME} ||=
$self->{USERNAME});
my $ufield = $self->{LOCATION}{USERNAME};
$uname = $udb->quote($uname);
--- interchange-cvs/lib/Vend/Config.pm 2007-03-07 10:12:04.000000000
-0500
+++ interchange/lib/Vend/Config.pm 2007-03-07 11:32:15.000000000
-0500
@@ -3168,7 +3168,7 @@
local(%SIG);
undef $SIG{__DIE__};
eval {
- Vend::UserDB::userdb('login',
profile => $profile );
+ Vend::UserDB::userdb('login',
{ profile => $profile, username_from_cookie => 1 } );
};
if($@) {
$Vend::Session->{failure} .=
$@;
Bill Carr
Bottlenose - Wine & Spirits eBusiness Specialists
(877) 857-6700
More information about the interchange-users
mailing list