From: Alan <alan@roojs.com>
Date: Thu, 19 May 2022 05:55:19 +0000 (+0800)
Subject: better detect disable http auht
X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=commitdiff_plain;h=cbab89641fa1f2d533c70e6a5983e488568880e4

better detect disable http auht
---

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 8799d542..56c08afc 100644
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -257,7 +257,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         // we have a situation where the app is behind a http access and is also login
         // need to work out a way to handle that.
  
-        if (php_sapi_name() != "cli" && empty($_SERVER['PHP_AUTH_USER']) && !empty($ff->disable_http_auth))  {
+        if (php_sapi_name() != "cli" && (empty($_SERVER['PHP_AUTH_USER']) || !empty($ff->disable_http_auth)))  {
              @session_start();
         }
         
@@ -290,7 +290,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         // http basic auth..
         $u = DB_DataObject::factory($this->tableName());
         
-        if (empty($_COOKIE['PHPSESSID']) // http auth requests should not have this...
+        if (empty($ff->disable_http_auth)  // http auth requests should not have this...
             &&
             !empty($_SERVER['PHP_AUTH_USER']) 
             &&