From c66972f2cb89e65a8bbf8e39d42e8e479f7eb8dc Mon Sep 17 00:00:00 2001
From: Adrian Lang <lang@cosmocode.de>
Date: Wed, 4 Nov 2009 11:01:15 +0100
Subject: Emit less E_NOTICEs and E_STRICTs

  Changes of behaviour are:
  * Allow the user name, title & description \e2\80\9c0\e2\80\9d
  * Default to Port 443 if using HTTPS
  * Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is
    logged in
  * Do not pass empty fragment field in the event data for event
    ACTION_SHOW_REDIRECT
  * Handle chunked encoding in HTTPClient

darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz
---
 inc/auth.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index 0c0edef5f..7dd7eb557 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -74,7 +74,7 @@ if($conf['useacl']){
             $_REQUEST['http_credentials'] = true;
         }
 
-        if($_REQUEST['authtok']){
+        if(isset($_REQUEST['authtok'])){
             // when an authentication token is given, trust the session
             auth_validateToken($_REQUEST['authtok']);
         }elseif(!is_null($auth) && $auth->canDo('external')){
@@ -336,7 +336,13 @@ function auth_ismanager($user=null,$groups=null,$adminonly=false){
     global $USERINFO;
 
     if(!$conf['useacl']) return false;
-    if(is_null($user))   $user   = $_SERVER['REMOTE_USER'];
+    if(is_null($user)) {
+        if (!isset($_SERVER['REMOTE_USER'])) {
+            return false;
+        } else {
+            $user = $_SERVER['REMOTE_USER'];
+        }
+    }
     if(is_null($groups)) $groups = (array) $USERINFO['grps'];
     $user   = auth_nameencode($user);
 
@@ -1019,7 +1025,7 @@ function auth_setCookie($user,$pass,$sticky) {
 
     // set cookie
     $cookie = base64_encode($user).'|'.((int) $sticky).'|'.base64_encode($pass);
-    if($sticky) $time = time()+60*60*24*365; //one year
+    $time = $sticky ? (time()+60*60*24*365) : 0; //one year
     if (version_compare(PHP_VERSION, '5.2.0', '>')) {
         setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
     }else{
@@ -1039,6 +1045,9 @@ function auth_setCookie($user,$pass,$sticky) {
  * @returns array
  */
 function auth_getCookie(){
+    if (!isset($_COOKIE[DOKU_COOKIE])) {
+        return array(null, null, null);
+    }
     list($user,$sticky,$pass) = explode('|',$_COOKIE[DOKU_COOKIE],3);
     $sticky = (bool) $sticky;
     $pass   = base64_decode($pass);
-- 
cgit v1.2.3