hi efla.
This is a mechanism for anti-CSRF.
It says not "No autologin ... " but "Now, loggin in ..."
There are many modules which has vulnerablities against CSRF.
If you believe that you use no CSRF-weak module, disable the protection like this:
line 213 of include/common.php
// autologin hack GIJ
if(empty($HTTP_SESSION_VARS['xoopsUserId']) && isset($HTTP_COOKIE_VARS['autologin_uname']) && isset($HTTP_COOKIE_VARS['autologin_pass'])) {
// redirect to XOOPS_URL/ when query string exists (anti-CSRF)
if( ! empty( $HTTP_SERVER_VARS['QUERY_STRING'] ) ) {
redirect_header( XOOPS_URL . '/' , 0 , 'Now, logging in automatically' ) ;
exit ;
}
$myts =& MyTextSanitizer::getInstance();
$uname = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_uname']);
$pass = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_pass']);