session validation: check for tt-rss version

This commit is contained in:
Andrew Dolgov 2013-04-04 12:55:15 +04:00
parent 9fb91a2043
commit 810205625b
2 changed files with 4 additions and 0 deletions

View File

@ -630,6 +630,7 @@
@session_start();
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION;
$result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
WHERE id = '$user_id'");

View File

@ -5,6 +5,7 @@
require_once "db.php";
require_once "lib/accept-to-gettext.php";
require_once "lib/gettext/gettext.inc";
require_once "version.php";
$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
@ -38,6 +39,8 @@
if (SINGLE_USER_MODE) return true;
if (!$link) return false;
if (VERSION != $_SESSION["version"]) return false;
$check_ip = $_SESSION['ip_address'];
switch (SESSION_CHECK_ADDRESS) {