Code changes required for the fix:
include/functions.inc.php
find:
setcookie($CONFIG['cookie_name'].'_data', $data, time()+86400*30, $CONFIG['cookie_path']);
change to
if (!defined('LOGIN_PHP') && !defined('LOGOUT_PHP')) setcookie($CONFIG['cookie_name'].'_data', $data, time()+86400*30, $CONFIG['cookie_path']);
include/init.inc.php
find:
if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid']) || !isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass'])) {
$cookie_uid = 0;
$cookie_pass = '*';
} else {
$cookie_uid = (int)$HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid'];
$cookie_pass = substr(addslashes($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass']), 0, 32);
}
change to
if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_id'])) {
$cookie_uid = 0;
$cookie_pass = '*';
} else {
list($cookie_uid, $cookie_pass) = unserialize($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_id']);
$cookie_pass = substr(addslashes($cookie_pass), 0, 32);
$cookie_uid = (int) $cookie_uid;
}
login.php
find:
setcookie($CONFIG['cookie_name'] . '_uid', $USER_DATA['user_id'], time() + $cookie_life_time, $CONFIG['cookie_path']);
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path']);
change to:
$data = serialize(array($USER_DATA['user_id'], md5($HTTP_POST_VARS['password'])));
setcookie($CONFIG['cookie_name'] . '_id', $data, time() + $cookie_life_time, $CONFIG['cookie_path']);
logout.php
find:
setcookie($CONFIG['cookie_name'] . '_pass', '', time()-86400, $CONFIG['cookie_path']);
setcookie($CONFIG['cookie_name'] . '_uid', '', time()-86400, $CONFIG['cookie_path']);
change to
setcookie($CONFIG['cookie_name'] . '_id', '', time()-86400, $CONFIG['cookie_path']);
Note to others: Only use this workaround if you are sure this is the real reason you are unable to login.