From 26b69ccafe7df8c9e12d929f4f8a0635975b0cdb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 27 Jan 2009 09:23:54 +0000 Subject: [PATCH] Fix guest/bot session problems with apache authentication plugin (Bug #41085) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9306 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 3 ++- phpBB/includes/auth/auth_apache.php | 14 +++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index fa05bdd3b8..b6ddd59e96 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -91,8 +91,9 @@
  • [Fix] Posts incremented for multiple approval of the same topic (Bug #40495 - Patch by TerraFrost)
  • [Fix] Missing end " in quote bb tag deletes text (Bug #40565 - Patch by TerraFrost)
  • [Fix] Friend/foe system displays posts made by foes while composing (Bug #40325 - Patch by TerraFrost and Highway of Life)
  • -
  • [Fix] Missing read permission from calls to phpbb_chmod()
  • +
  • [Fix] Added missing read permission information for some phpbb_chmod() calls
  • [Fix] Correctly display future dates (Bug #38755)
  • +
  • [Fix] Fix guest/bot session problems with apache authentication plugin (Bug #41085)
  • [Change] Allow download of conflicting file for later reference in automatic updater
  • [Change] Default difference view is now 'inline' instead of 'side by side'
  • [Change] Added new option for merging differences to conflicting files in automatic updater
  • diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 80ac81ed46..f6d5f418d0 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -104,7 +104,7 @@ function login_apache(&$username, &$password) 'user_row' => $row, ); } - + // Successful login... return array( 'status' => LOGIN_SUCCESS, @@ -227,6 +227,18 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { + // We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire. + if ($user['user_id'] == ANONYMOUS) + { + return true; + } + + // Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots) + if ($user['user_type'] == USER_IGNORE) + { + return true; + } + if (!isset($_SERVER['PHP_AUTH_USER'])) { return false;