Only load user from session if other auth mechanisms aren't present.

This commit is contained in:
Isaac Connor 2020-03-02 11:51:07 -05:00
parent 5f16c10e0a
commit f0e7b84001
1 changed files with 3 additions and 2 deletions

View File

@ -263,8 +263,6 @@ if ( ZM_OPT_USE_AUTH ) {
} else { } else {
// Non token based auth // Non token based auth
$user = userFromSession();
if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) { if ( ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) {
$user = getAuthUser($_REQUEST['auth']); $user = getAuthUser($_REQUEST['auth']);
} else if ( } else if (
@ -280,6 +278,9 @@ if ( ZM_OPT_USE_AUTH ) {
return; return;
} }
$user = $ret[0]; $user = $ret[0];
} else {
$user = userFromSession();
} }
if ( !empty($user) ) { if ( !empty($user) ) {