change behaviour of SESSION_CHECK_ADDRESS

This commit is contained in:
Andrew Dolgov 2010-11-26 12:31:01 +03:00
parent 64e411abf4
commit 0f41fce845
2 changed files with 26 additions and 15 deletions

View File

@ -49,8 +49,12 @@
// configurations. Doesn't seem to work for everyone, so enable with caution.
// tt-rss uses default PHP session storing mechanism if disabled.
define('SESSION_CHECK_ADDRESS', true);
// Bind session to client IP address (recommended)
define('SESSION_CHECK_ADDRESS', 1);
// Check client IP address when validating session:
// 0 - disable checking
// 1 - check first 3 octets of an address (recommended)
// 2 - check first 2 octets of an address
// 3 - check entire address
define('SESSION_COOKIE_LIFETIME', 0);
// Default lifetime of a session (e.g. login) cookie. In seconds,

View File

@ -1901,22 +1901,29 @@
}
function validate_session($link) {
if (SINGLE_USER_MODE) {
return true;
}
if (SINGLE_USER_MODE) return true;
if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) {
if ($_SESSION["ip_address"]) {
if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
$_SESSION["login_error_msg"] = __("Session failed to validate (incorrect IP)");
return false;
}
}
}
$check_ip = $_SESSION['ip_address'];
if ($_SESSION["ref_schema_version"] != get_schema_version($link, true)) {
switch (SESSION_CHECK_ADDRESS) {
case 0:
$check_ip = '';
break;
case 1:
$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
break;
case 2:
$check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
break;
};
if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0)
$_SESSION["login_error_msg"] =
__("Session failed to validate (incorrect IP)");
if ($_SESSION["ref_schema_version"] != get_schema_version($link, true))
return false;
}
if ($_SESSION["uid"]) {