OK,
I found the server behavior for the statement: WA_Auth_RulePasses("Email Confirmed")
The server behavior code is as follows:
Allow if <?php echo $_SESSION['UserEmailVerified']; ?> = 1
Allow if <?php echo $_SESSION['UserID']; ?> <> empty
So i added code to check the session values for both 'UserEmailVerified' and 'UserID' to the page.
When I run the page the session 'UserID' is 4 and the session 'UserEmailVerified' is 0 however the WA_Auth_RulePasses("Email Confirmed") check still returns success.
I'm confused... How can the check return true if the values show up on the same page as being false?
Question:
Is the server behavior check for two entries an && or an || operation?
Example of AND operation: ((confirm == 1) && (userid <> null)) == true;
Example of OR operation: ((confirm == 1) || (userid <> null)) == true;
If the check is an OR operation it would explain the bug.
An OR operation of the two decisions would return true as the userid decision will return true even if the verified value is 0.
Question:
Why does the email confirmed server behavior include code to check the userid?
* Test Code *
===============
<p>Raw UserEmailVerified database table entry for this user: <?php echo $row_WAATKusers['UserEmailVerified'];?></p>
<p>SESSION UserEmailVerified: <?php echo $_SESSION['UserEmailVerified']; ?></p>
<p>SESSION UserID: <?php echo $_SESSION['UserID']; ?></p>
<p>Test of show region: WA_Auth_RulePasses("Email Confirmed"):
<?php if(WA_Auth_RulePasses("Email Confirmed")){ // Begin Show Region ?>
[PASSED]
<?php } // End Show Region ?>
<?php if(!WA_Auth_RulePasses("Email Confirmed")){ // Begin Show Region ?>
[FAILED]
<?php } // End Show Region ?>
</p>
==================================