From f0e7b840015934cbaf23a1c90801bf59a1c9ad7b Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 2 Mar 2020 11:51:07 -0500 Subject: [PATCH] Only load user from session if other auth mechanisms aren't present. --- web/includes/auth.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index f958463c3..29991001b 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -263,8 +263,6 @@ if ( ZM_OPT_USE_AUTH ) { } else { // Non token based auth - $user = userFromSession(); - if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) { $user = getAuthUser($_REQUEST['auth']); } else if ( @@ -280,6 +278,9 @@ if ( ZM_OPT_USE_AUTH ) { return; } $user = $ret[0]; + } else { + $user = userFromSession(); + } if ( !empty($user) ) {