diff --git a/web/includes/functions.php b/web/includes/functions.php index c77e107a6..61998a9e5 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -141,30 +141,29 @@ function getAuthUser( $auth ) { } function generateAuthHash( $useRemoteAddr ) { - if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) { + if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and $_SESSION['username'] and $_SESSION['passwordHash'] ) { # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 if ( ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) or ! isset($_SESSION['AuthHash']) ) { - if ( ! ( $_SESSION['username'] and $_SESSION['passwordHash'] ) ) { - Warning("Can't generate auth hash until we are logged in"); + # Don't both regenerating Auth Hash if an hour hasn't gone by yet + $time = localtime(); + $authKey = ''; + if ( $useRemoteAddr ) { + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; } else { - # Don't both regenerating Auth Hash if an hour hasn't gone by yet - $time = localtime(); - if ( $useRemoteAddr ) { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; - } else { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; - } - $auth = md5( $authKey ); - if ( session_status() == PHP_SESSION_NONE ) { - Warning("Session is not active. AuthHash will not be cached."); - } - $_SESSION['AuthHash'] = $auth; - $_SESSION['AuthHashGeneratedAt'] = time(); - } # end if we are logged in yet or not + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; + } + $auth = md5( $authKey ); + if ( session_status() == PHP_SESSION_NONE ) { + Warning("Session is not active. AuthHash will not be cached."); + } + $_SESSION['AuthHash'] = $auth; + $_SESSION['AuthHashGeneratedAt'] = time(); + } else { + Debug( "Using cached auth " . $_SESSION['AuthHash'] ); } # end if AuthHash is not cached return $_SESSION['AuthHash']; } else { - $auth = ""; + $auth = ''; } return( $auth ); }