This script always worked but not currently, Why not?

[Augustino7]

It still returns me if it is logged or not, but it no longer saves the session, why?  

    function login($info,$resultadoint=0){
        global $plugins,$mybb,$db,$templates,$config;
        $datos=explode("|",$info);
        $inline_errors = "";
        $plugins->run_hooks("member_do_login_start");
        // Is a fatal call if user has had too many tries
        $errors = array();
        $logins = login_attempt_check();
        require_once "./../../../interactu.wio.com.mx/public_html/inc/functions_user.php";
        require_once "./../../../interactu.wio.com.mx/public_html/inc/datahandlers/login.php";
        $loginhandler = new LoginDataHandler("get");
        $user = array(
            'username' => $datos[0],
            'password' => $datos[1],
            'remember' => "yes",
            'imagestring' => ""
        );
        $user_loginattempts = get_user_by_username($user['username'], array('fields' => 'loginattempts'));
        $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
        $loginhandler->set_data($user);
        $validated = $loginhandler->validate_login();
        if($validated==1){
            $mybb->user = get_user($loginhandler->login_data['uid']);
            my_setcookie("mybbuser", $mybb->user['uid']."_".$mybb->user['loginkey'], null, true);
            //my_setcookie("mybbuser", $mybb->user['uid']."_".$userhandler->data['loginkey'], null, true);

            $usuario=$mybb->user['username'];
            $logout=md5($mybb->user['loginkey']);
            if($mybb->user['usergroup']==4){
                //eval('$adminpanelvinc= "'.$templates->get('TD_ajax_adminvinc').'";');                
            }
            eval('$resultado= "'.$templates->get('HT_logeado').'";');
            //if($resultadoint==1){
            //$resultado=$mybb->user['username'];    
            //}
        }else{
            $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($user['username']))."'", 1, true);
            $user_loginattempts = get_user_by_username($user['username'], array('fields' => 'loginattempts'));
            $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
            if($user['loginattempts']<5){
                $resultado=0;
            }
            if($user['loginattempts']>5){
                $resultado=1;    
            }
        }
        return $resultado;
    }

Kindly regards

[Mipher]

Where are you using this function? In a plugin? Under what circumstances are you using it?

[Augustino7]

Hi

I am using this function in a file that serves in an ajax response for multiple subdomains, using
header("access-control-allow-origin: *");

This function always saved the session correctly, but now is not saving the session, currently only says if the password is correct or not, but if the page is reloaded again it appears as if it was not logged in

[Mipher]

It's not really the best mode to do it but if you say that it always worked..

you can try to use:

$loginhandler->complete_login();

In the validation part, instead of setting the user manually:

if ($validated == 1) {
 $loginhandler->complete_login();

 $mybb->user = get_user($loginhandler->login_data['uid']);
 $usuario = $mybb->user['username'];
 ...

And for the logout key, you don't need to hash it in md5. The log out works in this manner:

{$mybb->settings['bburl']}/member.php?action=logout&logoutkey={$mybb->user['logoutkey']}

[Augustino7]

I did so and the problem continued, so I discovered the problem was due to the access-control-allow-origin, because they do not allow the correct execution of my_setcookie, I hope you or someone else give me the reason or some solution

For now, I am saving the cookie with javascript, and this solved the problem, but I would prefer that I can use my_setcookie in PHP

Regards