makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

better fix for bug #41085

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9311 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2009-01-29 13:08:44 +00:00
parent 5f77d4855d
commit f0efebefd5
1 changed files with 8 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
phpBB/includes/auth/auth_apache.php
View file

@ -227,27 +227,22 @@ function user_row_apache($username, $password)
*/ */
function validate_session_apache(&$user) function validate_session_apache(&$user)
{ {
// We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire. // Check if PHP_AUTH_USER is set and handle this case
if ($user['user_id'] == ANONYMOUS) if (isset($_SERVER['PHP_AUTH_USER']))
{ {
return true; $php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
return ($php_auth_user === $user['username']) ? true : false;
} }
// Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots) // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
if ($user['user_type'] == USER_IGNORE) if ($user['user_type'] == USER_IGNORE)
{ {
return true; return true;
} }
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return false; return false;
}
$php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
return ($php_auth_user === $user['username']) ? true : false;
} }
?> ?>