From 7aced345c5a2871f6eddfe316297b4ff9a0ebb76 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 27 Jan 2009 09:25:00 +0000
Subject: [PATCH] Fix guest/bot session problems with apache authentication
 plugin (Bug #41085)

git-svn-id: file:///svn/phpbb/trunk@9307 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/auth/auth_apache.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index 77a462ac6b..fa41c41de4 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -225,6 +225,18 @@ function user_row_apache($username, $password)
 */
 function validate_session_apache(&$user)
 {
+	// We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
+	if ($user['user_id'] == ANONYMOUS)
+	{
+		return true;
+	}
+
+	// Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
+	if ($user['user_type'] == USER_IGNORE)
+	{
+		return true;
+	}
+
 	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return false;