mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

better fix for bug #41085

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9311 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2009-01-29 13:08:44 +00:00
parent 5f77d4855d
commit f0efebefd5
1 changed files with 8 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
phpBB/includes/auth/auth_apache.php
View File

@@ -227,27 +227,22 @@ function user_row_apache($username, $password)
*/
function validate_session_apache(&$user)
{
// We only need to check authenticated users. For anonymous user as well as bots the session of course did not expire.
if ($user['user_id'] == ANONYMOUS)
// Check if PHP_AUTH_USER is set and handle this case
if (isset($_SERVER['PHP_AUTH_USER']))
{
return true;
$php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
return ($php_auth_user === $user['username']) ? true : false;
}
// Checking for a bot is a bit mroe complicated... but we are able to check this with the user type (anonymous has the same as bots)
// PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
if ($user['user_type'] == USER_IGNORE)
{
return true;
}
if (!isset($_SERVER['PHP_AUTH_USER']))
{
return false;
}
$php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
return ($php_auth_user === $user['username']) ? true : false;
return false;
}
?>