Fix guest/bot session problems with apache authentication plugin (Bug #41085)

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9306 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-01 14:30:32 +02:00 · 2009-01-27 09:23:54 +00:00
parent 49f0ab0ccd
commit 26b69ccafe
2 changed files with 15 additions and 2 deletions
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -104,7 +104,7 @@ function login_apache(&$username, &$password)
 					'user_row'		=> $row,
 				);
 			}
-	
+
 			// Successful login...
 			return array(
 				'status'		=> LOGIN_SUCCESS,
@@ -227,6 +227,18 @@ function user_row_apache($username, $password)
 */
 function validate_session_apache(&$user)
 {
+	// We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
+	if ($user['user_id'] == ANONYMOUS)
+	{
+		return true;
+	}
+
+	// Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
+	if ($user['user_type'] == USER_IGNORE)
+	{
+		return true;
+	}
+
 	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return false;