diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-08-12 01:58:58 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-08-12 01:58:58 +0000 |
| commit | b1ef984526f462a2c2132ab34a039490bceeb836 (patch) | |
| tree | 53ee825ff6a23fff4cfc5eede0fafc010c017089 /phpBB/includes/auth/auth_apache.php | |
| parent | b5a6291fa5a3c57eeb6a5cbe0411bde2a239402d (diff) | |
| download | forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.gz forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.bz2 forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.xz forums-b1ef984526f462a2c2132ab34a039490bceeb836.zip | |
- auto sync attachment topic flag [Bug #2949]
- corrected paths for templates stored in the db and filenames displayed in the template editor [Bug #3662]
- removed some useless language strings [Bug #3648]
- corrected escaping of usernames and passwords in auth modules [Bug #3696], added ldap_escape
git-svn-id: file:///svn/phpbb/trunk@6266 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth/auth_apache.php')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 8556fb5707..3ee0f1347f 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -121,6 +121,9 @@ function autologin_apache() if (!empty($php_auth_user) && !empty($php_auth_pw)) { + set_var($php_auth_user, $php_auth_user, 'string'); + set_var($php_auth_pw, $php_auth_pw, 'string'); + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; @@ -190,7 +193,15 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { - return (isset($_SERVER['PHP_AUTH_USER']) && ($_SERVER['PHP_AUTH_USER'] === $user['username'])) ? true : false; + if (!isset($_SERVER['PHP_AUTH_USER'])) + { + return false; + } + + $php_auth_user = ''; + set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string'); + + return ($php_auth_user === $user['username']) ? true : false; } ?>
\ No newline at end of file |