diff options
Diffstat (limited to 'phpBB/includes/auth/auth_apache.php')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 77a462ac6b..fa41c41de4 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -225,6 +225,18 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { + // We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire. + if ($user['user_id'] == ANONYMOUS) + { + return true; + } + + // Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots) + if ($user['user_type'] == USER_IGNORE) + { + return true; + } + if (!isset($_SERVER['PHP_AUTH_USER'])) { return false; |