From 13c2dc126d8bb4c57273178fc455dab6f02e1efc Mon Sep 17 00:00:00 2001
From: Alexey Sokolov <alexey+znc@asokolov.org>
Date: Thu, 16 Apr 2015 01:21:57 +0100
Subject: [PATCH] Fix rare conflict of HTTP-Basic auth and cookies.

Fix #946
---
 src/HTTPSock.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/src/HTTPSock.cpp
+++ b/src/HTTPSock.cpp
@@ -122,7 +122,7 @@ void CHTTPSock::ReadLine(const CString&
 		sLine.Token(2).Base64Decode(sUnhashed);
 		m_sUser = sUnhashed.Token(0, false, ":");
 		m_sPass = sUnhashed.Token(1, true, ":");
-		m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
+		// Postpone authorization attempt until end of headers, because cookies should be read before that, otherwise session id will be overwritten in GetSession()
 	} else if (sName.Equals("Content-Length:")) {
 		m_uPostLen = sLine.Token(1).ToULong();
 		if (m_uPostLen > MAX_POST_SIZE)
@@ -170,6 +170,14 @@ void CHTTPSock::ReadLine(const CString&
 	} else if (sLine.empty()) {
 		m_bGotHeader = true;
 
+		if (!m_sUser.empty()) {
+			m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
+			if (!m_bLoggedIn) {
+				// Error message already was sent
+				return;
+			}
+		}
+
 		if (m_bPost) {
 			m_sPostData = GetInternalReadBuffer();
 			CheckPost();