From 0c5d1733841dc6e4bcf546aae3c3ed7a76b86807 Mon Sep 17 00:00:00 2001
From: RedDragonWebDesign <RedDragonWebDesign@gmail.com>
Date: Wed, 24 Jan 2024 17:30:59 -0800
Subject: [PATCH] fix unable to login if bad btUsername cookie

Ran across this bug when I disabled one account from another account. Was completely unable to login with any account because $_COOKIE['btUsername'] was not getting changed during the login process.

Testing revealed this to happen anytime $_COOKIE['btUsername'] was an invalid username or a disabled user.

Nasty bug. Took me like an hour to debug.

May only be partially fixed. I was stuck and ready to give up on this until I cleared all my cookies. Then I reproduced it by putting the invalid btUsername cookie back. Then my patch started working. Suggests that maybe the sessionID cookie was causing the username cookie to get reset or something.
---
 src/login.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/login.php b/src/login.php
index 1ab0877d..6b2b8302 100644
--- a/src/login.php
+++ b/src/login.php
@@ -67,6 +67,31 @@
 			$fail = false;
 			echo "
 				<script type='text/javascript'>
+					// Fakhruddin Ujjainwala, CC BY-SA 4.0, https://stackoverflow.com/a/24103596/3480193
+					function setCookie(name,value,days) {
+						var expires = \"\";
+						if (days) {
+							var date = new Date();
+							date.setTime(date.getTime() + (days*24*60*60*1000));
+							expires = \"; expires=\" + date.toUTCString();
+						}
+						document.cookie = name + \"=\" + (value || \"\")  + expires + \"; path=/\";
+					}
+
+					// When logging in, we need to overwrite any existing cookies, to prevent a bug where you can't log in if you got disabled while logged in.
+					// You can't set cookies in PHP after you've written any output.
+					// Therefore, we'll do it in JavaScript.
+					setCookie(
+						'btUsername',
+						'" . $_SESSION['btUsername'] . "',
+						'" . $COOKIE_EXP_TIME . "'
+					);
+					setCookie(
+						'btPassword',
+						'" . $_SESSION['btPassword'] . "',
+						'" . $COOKIE_EXP_TIME . "'
+					);
+
 					window.location = 'members/';
 				</script>
 			";