BUGFIX #5012 BasicAuth should check if there's already a current member logged in before asking for a login/password (from r100466)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105572 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-05-25 03:54:14 +00:00
parent dd7e7f813d
commit 731720d7be

View File

@ -28,6 +28,7 @@ class BasicAuth extends Object {
*/
static function requireLogin($realm, $permissionCode) {
if(!Security::database_is_ready() || Director::is_cli()) return true;
$authenticated = false;
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$member = MemberAuthenticator::authenticate(array(
@ -35,13 +36,11 @@ class BasicAuth extends Object {
'Password' => $_SERVER['PHP_AUTH_PW'],
), null);
if($member) {
$authenticated = true;
}
if($member || Member::currentUser()) $authenticated = true;
}
// If we've failed the authentication mechanism, then show the login form
if(!isset($authenticated)) {
if(!$authenticated) {
header("WWW-Authenticate: Basic realm=\"$realm\"");
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');