diff --git a/modules/base/classes/serviceUser.php b/modules/base/classes/serviceUser.php index b998822a6..2cb71224d 100644 --- a/modules/base/classes/serviceUser.php +++ b/modules/base/classes/serviceUser.php @@ -300,8 +300,8 @@ public function isAdmin() { } public function isAnonymousUser() { - $role = $this->getRole(); - if ( ! $this->user->get('user_id') && $this->getRole() === 'everyone') { + + if ( ! $this->user->get('user_id') || $this->getRole() === 'everyone') { return true; } else { return false; diff --git a/owa_controller.php b/owa_controller.php index c9ca90c83..793903f25 100644 --- a/owa_controller.php +++ b/owa_controller.php @@ -570,15 +570,13 @@ protected function getSitesAllowedForCurrentUser() { owa_coreAPI::debug('get Sites Allowed for user'); $currentUser = owa_coreAPI::getCurrentUser(); - if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) { + if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) { $result = array(); $relations = owa_coreAPI::getSitesList(); foreach ($relations as $siteRow) { $site = owa_coreAPI::entityFactory('base.site'); - owa_coreAPI::debug('getSitesAllowedforuser'); - $site->load($siteRow['id']); $result[$siteRow['site_id']] = $site; } diff --git a/owa_coreAPI.php b/owa_coreAPI.php index e119cc8b3..e0dd6da53 100644 --- a/owa_coreAPI.php +++ b/owa_coreAPI.php @@ -1336,8 +1336,10 @@ public static function createNonce($action) { $time = owa_coreAPI::getNonceTimeInterval(); $cu = owa_coreAPI::getCurrentUser(); - $user_id = $cu->getUserData( 'user_id' ); + $user_id = $cu->getUserData( 'user_id' ); + $full_nonce = $time . $action . $user_id . 'owa_nonce'; + $nonce = substr( owa_coreAPI::saltedHash($full_nonce, 'nonce'), -12, 10); return $nonce; @@ -1372,7 +1374,7 @@ public static function getSalt( $scheme ) { continue; } else { - $cached_salts[ $scheme.'_'.$s ] = constant("$const"); + $cached_salts[ $f.'_'.$s ] = constant("$const"); } } } diff --git a/owa_template.php b/owa_template.php index 3eebc69bf..4b5c8a267 100644 --- a/owa_template.php +++ b/owa_template.php @@ -493,7 +493,7 @@ function makeLink($params = array(), $add_state = false, $url = '', $xml = false } // add nonce if called for - if ($add_nonce) { + if ($add_nonce) { if ( array_key_exists('do', $all_params) ) { $action = $all_params['do']; } elseif ( array_key_exists('action', $all_params) ) {