external login code changed with v4.1.16

[dancingbear]

I've been using the IPS login as verification for access to my website's content manager. IPB have changed the login stuff in v4.1.16.

So now my content manager doesn't work, and my websites are stuffed.

Until now, I've been passing the following function the username & pw, but what do I do now? Any help hugely appreciated.

 

	  $IPSLogin = new \IPS\Login\Internal;
  $IPSLogin->init();
	  // Catch exceptions here (bad pass/unregistered)
  // Doesn't check if account is locked/banned etc
  $member = $IPSLogin->authenticate(array('auth' => $username, 'password' => $password));
	  if ($member) {
    $expire = new \IPS\DateTime;
    $expire->add( new \DateInterval( 'P7D' ) );
    \IPS\Request::i()->setCookie( 'member_id', $member->member_id, $expire );
    \IPS\Request::i()->setCookie( 'pass_hash', $member->member_login_key, $expire );
    return "true";
  }else{
    return "false";
  }
	

[dancingbear]

I've discovered what the change is within v4.1.16, and that's that a call to the necessary IPB login code will kill a session you've created in your own code (it didn't do this in previous versions).

It was easily rectified in my code by starting the session after verifying the user against IPB.

Hope that helps someone.