From 0f4f4adfcb496009aa1913a09e2300a455f7b866 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Mon, 25 Jun 2007 22:52:28 +0200
Subject: [PATCH] degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz
---
 feed.php     | 2 +-
 inc/auth.php | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/feed.php b/feed.php
index 298c20a65..f63d7c498 100644
--- a/feed.php
+++ b/feed.php
@@ -161,7 +161,7 @@ function rssRecentChanges(&$rss,$num,$ltype,$ns,$minor){
         $user = @$recent['user']; // the @ spares time repeating lookup
         $item->author = '';
 
-        if($user && $conf['useacl']){
+        if($user && $conf['useacl'] && $auth){
             $userInfo = $auth->getUserData($user);
             $item->author = $userInfo['name'];
             if($guardmail) {
diff --git a/inc/auth.php b/inc/auth.php
index 2511516c2..c30aabe82 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -39,11 +39,10 @@
       if (class_exists($auth_class)) {
         $auth = new $auth_class();
         if ($auth->success == false) {
+          // degrade to unauthenticated user
           unset($auth);
+          auth_logoff();
           msg($lang['authtempfail'], -1);
-
-          // turn acl config setting off for the rest of this page
-          $conf['useacl'] = 0;
         }
       } else {
         nice_die($lang['authmodfailed']);
@@ -54,7 +53,7 @@
   }
 
   // do the login either by cookie or provided credentials
-  if($conf['useacl']){
+  if($conf['useacl'] && $auth){
     if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
     if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
     if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
@@ -125,7 +124,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
     if ($auth->checkPass($user,$pass)){
       // make logininfo globally available
       $_SERVER['REMOTE_USER'] = $user;
-      $USERINFO = $auth->getUserData($user); //FIXME move all references to session
+      $USERINFO = $auth->getUserData($user);
 
       // set cookie
       $pass   = PMA_blowfish_encrypt($pass,auth_cookiesalt());
-- 
GitLab