weird problem, strict for isAuthenticated

2014-01-29 14:46:21 -05:00 · 2014-01-29 14:46:21 -05:00 · 51818421d8
commit 51818421d8
parent 5d017f60c3
2 changed files with 11 additions and 4 deletions
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -814,10 +814,17 @@ class User extends Base {
   **/
 public function isAuthenticated($logout=true) {
    $this->debug->append("STA " . __METHOD__, 4);
-    if (@$_SESSION['AUTHENTICATED'] == '1' &&
-        !$this->isLocked($_SESSION['USERDATA']['id']) &&
-        $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
+    if (!$this->config['strict']) {
+      if (@$_SESSION['AUTHENTICATED'] == true &&
+      !$this->isLocked($_SESSION['USERDATA']['id']) &&
+      $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
      ) return true;
+    } else {
+      if (@$_SESSION['AUTHENTICATED'] && $_SESSION['AUTHENTICATED'] == '1' &&
+      (!$this->isLocked($_SESSION['USERDATA']['id'])) &&
+      ($this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']))
+        return true;
+    }
    // Catchall
    if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
    return false;
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -150,7 +150,7 @@ if ($user->isAuthenticated()) {


 // 2fa - one last time so we can sync with changes we made during this page
-if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
+if ($config['twofactor']['enabled'] && $user->isAuthenticated()) {
  // set the token to be the old token, just in case an error occured
  $ea_token = (@$oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token;
  $wf_token = (@$oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token;