From 997a4530e6b563933fe5d696577e47ac4eba22bc Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Wed, 5 Apr 2017 19:49:14 +0200
Subject: [PATCH] #188 fixed issue with self service Ajax requests

---
 lam/lib/account.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 0801a46b..52c4cb59 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -1473,7 +1473,7 @@ function validateReCAPTCHA($secretKey) {
  * @param boolean $check2ndFactor check if the 2nd factor was provided if required
  */
 function enforceUserIsLoggedIn($check2ndFactor = true) {
-	if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
+	if ((!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) && empty($_SESSION['selfService_clientPassword'])) {
 		logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login: ' . $_SERVER["SCRIPT_FILENAME"]);
 		die();
 	}