From a9a1ea2c18cc12414cb422f6c7f11134b8ee96a5 Mon Sep 17 00:00:00 2001
From: Deepak Srivastava <deepak.srivastava@webaccess.co.in>
Date: Tue, 10 Sep 2013 19:30:03 +0530
Subject: [PATCH] CRM-10128 - fix for anonymous user having same authSrc once
 set.

---
 CRM/Contact/BAO/Contact/Permission.php | 18 +++++++++++++++---
 CRM/Core/Permission.php                |  2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CRM/Contact/BAO/Contact/Permission.php b/CRM/Contact/BAO/Contact/Permission.php
index b5b4e2ab29..94b43b350f 100644
--- a/CRM/Contact/BAO/Contact/Permission.php
+++ b/CRM/Contact/BAO/Contact/Permission.php
@@ -341,11 +341,11 @@ WHERE  (( contact_id_a = %1 AND contact_id_b = %2 AND is_permission_a_b = 1 ) OR
         // does not come here, we redirect in the above statement
       }
       return FALSE;
-    } else if (CRM_Utils_Request::retrieve('cs', 'String', $form, FALSE)) {
-      $session = CRM_Core_Session::singleton();
-      $session->set('authSrc', CRM_Core_Permission::AUTH_SRC_CHECKSUM);
     }
 
+    // set appropriate AUTH source
+    self::toggleChecksumAuthSrc(TRUE);
+
     // so here the contact is posing as $contactID, lets set the logging contact ID variable
     // CRM-8965
     CRM_Core_DAO::executeQuery('SET @civicrm_user_id = %1',
@@ -355,6 +355,18 @@ WHERE  (( contact_id_a = %1 AND contact_id_b = %2 AND is_permission_a_b = 1 ) OR
     return TRUE;
   }
 
+  static function toggleChecksumAuthSrc($checkSumValidationResult = FALSE) {
+    $session = CRM_Core_Session::singleton();
+    if ($checkSumValidationResult && CRM_Utils_Request::retrieve('cs', 'String', $form, FALSE)) {
+      // if result is already validated, and url has cs, set the flag.
+      $session->set('authSrc', CRM_Core_Permission::AUTH_SRC_CHECKSUM);
+    } else if (($session->get('authSrc') & CRM_Core_Permission::AUTH_SRC_CHECKSUM) == CRM_Core_Permission::AUTH_SRC_CHECKSUM) {
+      // if checksum wasn't present in REQUEST OR checksum result validated as FALSE, 
+      // and flag was already set exactly as AUTH_SRC_CHECKSUM, unset it.
+      $session->set('authSrc', CRM_Core_Permission::AUTH_SRC_UNKNOWN);
+    }
+  }
+
   static function validateChecksumContact($contactID, &$form, $redirect = TRUE) {
     if (!self::allow($contactID, CRM_Core_Permission::EDIT)) {
       // check if this is of the format cs=XXX
diff --git a/CRM/Core/Permission.php b/CRM/Core/Permission.php
index a3baf56d3b..a20517476a 100644
--- a/CRM/Core/Permission.php
+++ b/CRM/Core/Permission.php
@@ -68,7 +68,7 @@ class CRM_Core_Permission {
    *
    * @var int
    */
-  CONST AUTH_SRC_CHECKSUM = 1, AUTH_SRC_SITEKEY = 2, AUTH_SRC_LOGIN = 4;
+  CONST AUTH_SRC_UNKNOWN = 1, AUTH_SRC_CHECKSUM = 2, AUTH_SRC_SITEKEY = 4, AUTH_SRC_LOGIN = 8;
 
   /**
    * get the current permission of this user
-- 
2.25.1