diff --git a/inc/auth.php b/inc/auth.php
index ed32dc95d27ca36bf1adbee23880152e554651b4..5c005434ac59191451846cba77c107cd9c5c6d01 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -55,16 +55,16 @@
// do the login either by cookie or provided credentials
if($conf['useacl']){
+ if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
+ if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
+ if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
+
// if no credentials were given try to use HTTP auth (for SSO)
if(empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])){
$_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
}
- if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
- if (!isset($_REQUEST['p'])) $_REQUEST['p'] = '';
- if (!isset($_REQUEST['r'])) $_REQUEST['r'] = '';
-
// external trust mechanism in place?
if(!is_null($auth) && $auth->canDo('external')){
$auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
@@ -115,7 +115,7 @@ function auth_login($user,$pass,$sticky=false){
global $auth;
$sticky ? $sticky = true : $sticky = false; //sanity check
- if(isset($user)){
+ if(!empty($user)){
//usual login
if ($auth->checkPass($user,$pass)){
// make logininfo globally available
diff --git a/inc/auth/punbb.class.php b/inc/auth/punbb.class.php
index 71959910f7d024a16baee92bcbef43cc344ce202..fb9b905ff7a68fa3155ecfef1732baf87456cf96 100644
--- a/inc/auth/punbb.class.php
+++ b/inc/auth/punbb.class.php
@@ -114,7 +114,7 @@ class auth_punbb extends auth_mysql {
$sticky ? $sticky = true : $sticky = false; //sanity check
// someone used the login form
- if(isset($user)){
+ if(!empty($user)){
if($this->checkPass($user,$pass)){
$expire = ($sticky) ? time() + 31536000 : 0;
$uinfo = $this->getUserData($user);
@@ -157,6 +157,7 @@ class auth_punbb extends auth_mysql {
function logOff(){
global $pun_user;
$pun_user = array();
+ $pun_user['is_guest'] = 1;
pun_setcookie(1, random_pass(8), time() + 31536000);
}
}