better detect disable http auht

[Pman.Core] / DataObjects / Core_person.php

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 5e30028..56c08af 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -254,11 +254,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     function isAuth()
     {
         // do not start a session if we are using http auth...
-        if (empty($_SERVER['PHP_AUTH_USER']) && php_sapi_name() != "cli") {
-            @session_start();
+        // we have a situation where the app is behind a http access and is also login
+        // need to work out a way to handle that.
+ 
+        if (php_sapi_name() != "cli" && (empty($_SERVER['PHP_AUTH_USER']) || !empty($ff->disable_http_auth)))  {
+             @session_start();
         }
-       
-        $ff= HTML_FlexyFramework::get();
+        
+         
        
         $sesPrefix = $this->sesPrefix();
         
@@ -287,7 +290,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         // http basic auth..
         $u = DB_DataObject::factory($this->tableName());
         
-        if (!empty($_SERVER['PHP_AUTH_USER']) 
+        if (empty($ff->disable_http_auth)  // http auth requests should not have this...
+            &&
+            !empty($_SERVER['PHP_AUTH_USER']) 
             &&
             !empty($_SERVER['PHP_AUTH_PW'])
             &&
@@ -301,6 +306,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             self::$authUser = $u;
             return true; 
         }
+        
+        // at this point all http auth stuff is done, so we can init session
+        
+        
         //die("test init");
         if (!$this->canInitializeSystem()) {
           //  die("can not init");