From 731720d7be693bed2ba4747324d099b2a682e24e Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 25 May 2010 03:54:14 +0000
Subject: [PATCH] BUGFIX #5012 BasicAuth should check if there's already a
 current member logged in before asking for a login/password (from r100466)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105572 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/BasicAuth.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/security/BasicAuth.php b/security/BasicAuth.php
index 649eb380f..4e1c32c81 100755
--- a/security/BasicAuth.php
+++ b/security/BasicAuth.php
@@ -28,6 +28,7 @@ class BasicAuth extends Object {
 	 */
 	static function requireLogin($realm, $permissionCode) {
 		if(!Security::database_is_ready() || Director::is_cli()) return true;
+		$authenticated = false;
 		
 		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
 			$member = MemberAuthenticator::authenticate(array(
@@ -35,13 +36,11 @@ class BasicAuth extends Object {
 				'Password' => $_SERVER['PHP_AUTH_PW'],
 			), null);
 			
-			if($member) {
-				$authenticated = true;
-			}
+			if($member || Member::currentUser()) $authenticated = true;
 		}
 		
 		// If we've failed the authentication mechanism, then show the login form
-		if(!isset($authenticated)) {
+		if(!$authenticated) {
 			header("WWW-Authenticate: Basic realm=\"$realm\"");
 			header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');