diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2009-01-29 13:08:44 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2009-01-29 13:08:44 +0000 |
| commit | f0efebefd5d808e596334b056818319f46a43615 (patch) | |
| tree | 55d4051c41351da946f4808bc17e51bbc9903c04 /phpBB/includes/auth | |
| parent | 5f77d4855dac894689f3468813e17f7d1a2bf45f (diff) | |
| download | forums-f0efebefd5d808e596334b056818319f46a43615.tar forums-f0efebefd5d808e596334b056818319f46a43615.tar.gz forums-f0efebefd5d808e596334b056818319f46a43615.tar.bz2 forums-f0efebefd5d808e596334b056818319f46a43615.tar.xz forums-f0efebefd5d808e596334b056818319f46a43615.zip | |
better fix for bug #41085
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9311 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index f6d5f418d0..930f5a0632 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -227,27 +227,22 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { - // We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire. - if ($user['user_id'] == ANONYMOUS) + // Check if PHP_AUTH_USER is set and handle this case + if (isset($_SERVER['PHP_AUTH_USER'])) { - return true; + $php_auth_user = ''; + set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); + + return ($php_auth_user === $user['username']) ? true : false; } - // Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots) + // PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not) if ($user['user_type'] == USER_IGNORE) { return true; } - if (!isset($_SERVER['PHP_AUTH_USER'])) - { - return false; - } - - $php_auth_user = ''; - set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); - - return ($php_auth_user === $user['username']) ? true : false; + return false; } ?>
\ No newline at end of file |