Fix guest/bot session problems with apache authentication plugin (Bug #41085)

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9306 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/docs/CHANGELOG.html

@@ -91,8 +91,9 @@
 		<li>[Fix] Posts incremented for multiple approval of the same topic (Bug #40495 - Patch by TerraFrost)</li>
 		<li>[Fix] Missing end " in quote bb tag deletes text (Bug #40565 - Patch by TerraFrost)</li>
 		<li>[Fix] Friend/foe system displays posts made by foes while composing (Bug #40325 - Patch by TerraFrost and Highway of Life)</li>
-		<li>[Fix] Missing read permission from calls to phpbb_chmod()</li>
+		<li>[Fix] Added missing read permission information for some phpbb_chmod() calls</li>
 		<li>[Fix] Correctly display future dates (Bug #38755)</li>
+		<li>[Fix] Fix guest/bot session problems with apache authentication plugin (Bug #41085)</li>
 		<li>[Change] Allow download of conflicting file for later reference in automatic updater</li>
 		<li>[Change] Default difference view is now 'inline' instead of 'side by side'</li>
 		<li>[Change] Added new option for merging differences to conflicting files in automatic updater</li>

phpBB/includes/auth/auth_apache.php

@@ -104,7 +104,7 @@ function login_apache(&$username, &$password)
 					'user_row'		=> $row,
 				);
 			}
-	
+
 			// Successful login...
 			return array(
 				'status'		=> LOGIN_SUCCESS,
@@ -227,6 +227,18 @@ function user_row_apache($username, $password)
 */
 function validate_session_apache(&$user)
 {
+	// We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
+	if ($user['user_id'] == ANONYMOUS)
+	{
+		return true;
+	}
+
+	// Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
+	if ($user['user_type'] == USER_IGNORE)
+	{
+		return true;
+	}
+
 	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return false;