degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz

feed.php

@@ -161,7 +161,7 @@ function rssRecentChanges(&$rss,$num,$ltype,$ns,$minor){
         $user = @$recent['user']; // the @ spares time repeating lookup
         $item->author = '';
 
-        if($user && $conf['useacl']){
+        if($user && $conf['useacl'] && $auth){
             $userInfo = $auth->getUserData($user);
             $item->author = $userInfo['name'];
             if($guardmail) {

inc/auth.php

@@ -39,11 +39,10 @@
       if (class_exists($auth_class)) {
         $auth = new $auth_class();
         if ($auth->success == false) {
+          // degrade to unauthenticated user
           unset($auth);
+          auth_logoff();
           msg($lang['authtempfail'], -1);
-
-          // turn acl config setting off for the rest of this page
-          $conf['useacl'] = 0;
         }
       } else {
         nice_die($lang['authmodfailed']);
@@ -54,7 +53,7 @@
   }
 
   // do the login either by cookie or provided credentials
-  if($conf['useacl']){
+  if($conf['useacl'] && $auth){
     if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
     if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
     if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
@@ -125,7 +124,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
     if ($auth->checkPass($user,$pass)){
       // make logininfo globally available
       $_SERVER['REMOTE_USER'] = $user;
-      $USERINFO = $auth->getUserData($user); //FIXME move all references to session
+      $USERINFO = $auth->getUserData($user);
 
       // set cookie
       $pass   = PMA_blowfish_encrypt($pass,auth_cookiesalt());