Skip to content
Permalink
Browse files

fixed bug for anonymous user auth.

  • Loading branch information
padams committed Jan 8, 2017
1 parent 2f413b4 commit 9079a26532f12f6df93dff8647cd2376a1acc4dc
Showing with 8 additions and 8 deletions.
  1. +2 −2 modules/base/classes/serviceUser.php
  2. +1 −3 owa_controller.php
  3. +4 −2 owa_coreAPI.php
  4. +1 −1 owa_template.php
@@ -300,8 +300,8 @@ public function isAdmin() {
}

public function isAnonymousUser() {
$role = $this->getRole();
if ( ! $this->user->get('user_id') && $this->getRole() === 'everyone') {

if ( ! $this->user->get('user_id') || $this->getRole() === 'everyone') {
return true;
} else {
return false;
@@ -570,15 +570,13 @@ protected function getSitesAllowedForCurrentUser() {
owa_coreAPI::debug('get Sites Allowed for user');
$currentUser = owa_coreAPI::getCurrentUser();

if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) {
if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) {
$result = array();
$relations = owa_coreAPI::getSitesList();

foreach ($relations as $siteRow) {

$site = owa_coreAPI::entityFactory('base.site');
owa_coreAPI::debug('getSitesAllowedforuser');

$site->load($siteRow['id']);
$result[$siteRow['site_id']] = $site;
}
@@ -1336,8 +1336,10 @@ public static function createNonce($action) {

$time = owa_coreAPI::getNonceTimeInterval();
$cu = owa_coreAPI::getCurrentUser();
$user_id = $cu->getUserData( 'user_id' );
$user_id = $cu->getUserData( 'user_id' );

$full_nonce = $time . $action . $user_id . 'owa_nonce';

$nonce = substr( owa_coreAPI::saltedHash($full_nonce, 'nonce'), -12, 10);

return $nonce;
@@ -1372,7 +1374,7 @@ public static function getSalt( $scheme ) {
continue;
} else {

$cached_salts[ $scheme.'_'.$s ] = constant("$const");
$cached_salts[ $f.'_'.$s ] = constant("$const");
}
}
}
@@ -493,7 +493,7 @@ function makeLink($params = array(), $add_state = false, $url = '', $xml = false
}

// add nonce if called for
if ($add_nonce) {
if ($add_nonce) {
if ( array_key_exists('do', $all_params) ) {
$action = $all_params['do'];
} elseif ( array_key_exists('action', $all_params) ) {

0 comments on commit 9079a26

Please sign in to comment.
You can’t perform that action at this time.