Yes, the fix only works when the user is approved and confirmed in jos_users and in jos_comprofiler. It works by killing off your authentication checks when the password is blank and letting the normal Joomla! login take over.
The autocreation feature creates the user in the jos_users database in 1.5 if they don't exist there already. This is done by the User - Joomla! plugin as a part of the normal login process. In 1.0 I handled it by myself manually inserting the values into jos_users and jos_comprofiler.
You can handle authentication in 1.5 for all plugins by doing this:
[code:1]
jimport( 'joomla.user.authentication');
$auth = & JAuthentication::getInstance();
$result = $auth->authenticate(Array('username'=>$username,'password'=>$password), Array());
if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
// it worked
} else {
// it didn't ;«»)
}
[/code:1]
That will validate the passed username and password and return a JAuthResponse object with the first valid return value including their username, display name and email. Line 506 in /libraries/joomla/application/application.php is the Core Joomla! login routine which is slightly different to the above code (has the arrays already and is a bit longer) but it should give you an idea of how things work.
Once you've done an authenticate you should call the rest of the Core plugins as well, again check out the above section of code and you get an idea of what you need to call, should be onLoginUser on success and onLoginFailure for failure.
Triggering this will cause the User - Joomla! plugin to run which will autocreate the user in jos_users. You can decide if you want to provide autocreation for your own system at this point as well. For example you can capture non CB login events as well if you like though at the present moment you can't halt them, however you could manipulate the jos_user table to block the user before Joomla! tries to log the user in. You could achieve this by putting a CB user plugin ordered before the Joomla! one to intercept a login event and alter the core table. You would have to take responsibility for maintaining a copy of the true value yourself but I'm sure you can handle that, plus the on(Before|After)StoreUser can be used to capture events whenever a user is updated (check out /libraries/joomla/user/user.php)
So you've got lots of options