r1440: - Fixed a huge bug in Authentication::_syncBugdarUser() that would use the...

- Only call Authenticatoin::clearCookies() in Autthentication::authenticateCookies() if the cookie data fails to verify, and not in other cases

diff --git a/includes/auth/auth.php b/includes/auth/auth.php
index b4d54d7bc2a4674c22ee68d23e6834a516f0cc41..6326cf3aff5db35f20fc7414c97bc62357c474ca 100644 (file)
--- a/includes/auth/auth.php
+++ b/includes/auth/auth.php
@@ -149,16 +149,13 @@ class Authentication
        {
                if (!$this->_fetchCookieUniqueId() OR !$this->_fetchCookiePassword())
                {
-                       $this->clearCookies();
                        return false;
                }
                
                $this->authUser = $this->_fetchUserUsingCookies();
-               
                if (!$this->authUser)
                {
                        $this->authUser = null;
-                       $this->clearCookies();
                        return false;
                }
                
@@ -298,7 +295,7 @@ class Authentication
                $change = false;
                
                $user = new UserAPI($this->registry);
-               $user->set('userid', $this->authUser[ $this->fieldMap['authid'] ]);
+               $user->set('userid', $this->bugdarUser['userid']);
                $user->set_condition();
                foreach ($fields AS $bugdar => $auth)
                {