Permalink
Browse files

fixed bug for anonymous user auth.

  • Loading branch information...
padams committed Jan 8, 2017
1 parent 2f413b4 commit 9079a26532f12f6df93dff8647cd2376a1acc4dc
Showing with 8 additions and 8 deletions.
  1. +2 −2 modules/base/classes/serviceUser.php
  2. +1 −3 owa_controller.php
  3. +4 −2 owa_coreAPI.php
  4. +1 −1 owa_template.php
@@ -300,8 +300,8 @@ public function isAdmin() {
}
public function isAnonymousUser() {
- $role = $this->getRole();
- if ( ! $this->user->get('user_id') && $this->getRole() === 'everyone') {
+
+ if ( ! $this->user->get('user_id') || $this->getRole() === 'everyone') {
return true;
} else {
return false;
View
@@ -570,15 +570,13 @@ protected function getSitesAllowedForCurrentUser() {
owa_coreAPI::debug('get Sites Allowed for user');
$currentUser = owa_coreAPI::getCurrentUser();
- if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) {
+ if ( $currentUser->isAnonymousUser() || $currentUser->isAdmin() ) {
$result = array();
$relations = owa_coreAPI::getSitesList();
foreach ($relations as $siteRow) {
$site = owa_coreAPI::entityFactory('base.site');
- owa_coreAPI::debug('getSitesAllowedforuser');
-
$site->load($siteRow['id']);
$result[$siteRow['site_id']] = $site;
}
View
@@ -1336,8 +1336,10 @@ public static function createNonce($action) {
$time = owa_coreAPI::getNonceTimeInterval();
$cu = owa_coreAPI::getCurrentUser();
- $user_id = $cu->getUserData( 'user_id' );
+ $user_id = $cu->getUserData( 'user_id' );
+
$full_nonce = $time . $action . $user_id . 'owa_nonce';
+
$nonce = substr( owa_coreAPI::saltedHash($full_nonce, 'nonce'), -12, 10);
return $nonce;
@@ -1372,7 +1374,7 @@ public static function getSalt( $scheme ) {
continue;
} else {
- $cached_salts[ $scheme.'_'.$s ] = constant("$const");
+ $cached_salts[ $f.'_'.$s ] = constant("$const");
}
}
}
View
@@ -493,7 +493,7 @@ function makeLink($params = array(), $add_state = false, $url = '', $xml = false
}
// add nonce if called for
- if ($add_nonce) {
+ if ($add_nonce) {
if ( array_key_exists('do', $all_params) ) {
$action = $all_params['do'];
} elseif ( array_key_exists('action', $all_params) ) {

0 comments on commit 9079a26

Please sign in to comment.