Index: drupalvb.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/drupalvb/drupalvb.module,v
retrieving revision 1.34
diff -u -p -r1.34 drupalvb.module
--- drupalvb.module	1 Feb 2009 02:00:25 -0000	1.34
+++ drupalvb.module	29 Mar 2009 07:50:00 -0000
@@ -341,6 +341,9 @@ function drupalvb_user($op, &$edit, &$ac
  * @see drupalvb_user()
  */
 function drupalvb_user_login($account) {
+  global $user;
+  module_load_include('inc', 'drupalvb');
+  module_load_include('inc', 'user', 'pages');
   $vbuser = db_fetch_array(drupalvb_db_query_range("SELECT u.userid, ub.liftdate FROM {user} u LEFT JOIN {userban} ub ON ub.userid = u.userid WHERE u.username = '%s'", drupalvb_htmlspecialchars($account->name), 0, 1));
 
   // Create account in vB if user does not exist.
@@ -471,6 +474,8 @@ function drupalvb_user_delete($account) 
  */
 function drupalvb_login() {
   global $user;
+  module_load_include('inc', 'drupalvb');
+  module_load_include('inc', 'user', 'pages');
 
   if ($_REQUEST['name']) {
     if ($user->uid) {
@@ -478,30 +483,33 @@ function drupalvb_login() {
       // vBulletin.
       if (drupalvb_auth($_REQUEST['name'], trim($_REQUEST['pass']))) {
         drupal_goto(!empty($_REQUEST['destination']) ? $_REQUEST['destination'] : 'user/'. $user->uid);
-      }
-      else {
+	    }
+	    else {
         // Where do we go from here? user/login won't work, as the user is
         // already authenticated in Drupal.
         unset($_REQUEST['destination']);
         drupal_goto(variable_get('site_frontpage', 'node'));
-      }
-    }
-    else {
-      // Otherwise perform the full login procedure.
-      user_login_validate($_REQUEST['form_id'], $_REQUEST);
-      if (!form_get_errors()) {
-        $redirect = user_login_submit($_REQUEST['form_id'], $_REQUEST);
-        drupal_goto(!empty($_REQUEST['destination']) ? $_REQUEST['destination'] : $redirect);
+	      }
+	    }
+	    else {
+	      // Otherwise perform the full login procedure.
+	      $form_state['values'] = $_REQUEST;
+	      $name = $form_state['values']['name'];
+	      $pass = $form_state['values']['pass'];
+	      $user = user_authenticate(array('name' => $name, 'pass' => $pass));
+	      if (!form_get_errors()) {
+    		$redirect = user_login_submit($_REQUEST['form_id'], $form_state);
+    		drupal_goto(!empty($_REQUEST['destination']) ? $_REQUEST['destination'] : $redirect);
       }
       else {
         // Login failed: send back to login form.
         unset($_REQUEST['destination']);
         drupal_goto('user/login');
-      }
-    }
-  }
-}
-
+	      }
+	    }
+	  }
+	}
+  
 /**
  * Log out a user (ensuring a logout in vBulletin); menu callback.
  *
@@ -522,6 +530,7 @@ function drupalvb_logout() {
 
     // If user is logged on in Drupal, we just invoke the regular logout
     // procedure, which will invoke drupalvb_user_logout().
+    include drupal_get_path ('module', 'user') . '/user.pages.inc';
     user_logout();
   }
   else {
@@ -1111,3 +1120,56 @@ function drupalvb_privatemsg($message, $
   }
 }
 
+/**
+ * Implementation of hook_auth().
+ */
+function drupalvb_auth($username, $password, $server = NULL) {
+  if (!variable_get('drupalvb_dual_login', TRUE)) {
+    return;
+  }
+  if (empty($username) || empty($password)) {
+    return;
+  }
+  require_once drupal_get_path('module', 'drupalvb') .'/drupalvb.inc';
+  if (!drupalvb_db_is_valid()) {
+    return;
+  }
+  if ($vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, username, password, salt, email, joindate FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($username)))) {
+    // Rebuild the password.
+    $vbpassword = md5(md5($password) . $vbuser['salt']);
+    if ($vbuser['password'] === $vbpassword) {
+      // We have a valid vBulletin account, so try to lookup this user in the
+      // mapping table. If a mapping exists, then user_authenticate() didn't
+      // find a user with the given password, otherwise we wouldn't be here.
+      // This can happen if the user has been temporarily created by
+      // drupalvb_redirect().
+      if ($uid = drupalvb_user_load($vbuser['userid'])) {
+        // Only update the password of the existing Drupal user record.
+        $account = user_load(array('uid' => $uid));
+        $userinfo['pass'] = $password;
+        $user = user_save($account, $userinfo);
+      }
+      else {
+        // This user is completely unknown to Drupal, register a new account.
+        // Fall back on the user submitted user name if the vBulletin name
+        // contains encoded &amp;'s.
+        $username = (strpos($vbuser['username'], '&amp;') === FALSE ? $vbuser['username'] : $username);
+        $userinfo = array(
+          'name' => $username,
+          'pass' => $password,
+          'mail' => $vbuser['email'],
+          'init' => $username,
+          'created' => $vbuser['joindate'],
+          'status' => 1,
+        );
+        $user = user_save('', $userinfo);
+        watchdog('drupalvb', t('New external user: %user.', array('%user' => $user->name)), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
+
+        // Update the mapping table.
+        drupalvb_set_mapping($user->uid, $vbuser['userid']);
+      }
+      return TRUE;
+    }
+  }
+}
+