Revision 2582,
1.3 KB
checked in by niltonneto, 14 years ago
(diff) |
Ticket #1041 - Arrumando validação do ip sem ser da sessão.
|
Rev | Line | |
---|
[1040] | 1 | <?php |
---|
[2075] | 2 | if ( isset( $_COOKIE[ 'sessionid' ] ) ) |
---|
| 3 | session_id( $_COOKIE[ 'sessionid' ] ); |
---|
| 4 | |
---|
[1061] | 5 | session_start( ); |
---|
[1040] | 6 | |
---|
[1061] | 7 | $sess = $_SESSION[ 'phpgw_session' ]; |
---|
[2582] | 8 | $user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); |
---|
| 9 | $connection_id = "{$sess['session_id']}{$user_ip}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); |
---|
[1040] | 10 | |
---|
[1469] | 11 | |
---|
[2178] | 12 | if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id)) |
---|
[1040] | 13 | { |
---|
[2391] | 14 | if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { |
---|
[2178] | 15 | error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 ); |
---|
[2391] | 16 | @require_once dirname( __FILE__ ) . '/logout.php'; |
---|
| 17 | } |
---|
| 18 | |
---|
| 19 | setcookie(session_name(),"",0); // Removing session cookie. |
---|
| 20 | unset($_SESSION); // Removing session values. |
---|
| 21 | // From ExpressoAjax response "nosession" |
---|
| 22 | if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){ |
---|
| 23 | echo serialize(array("nosession" => true)); |
---|
| 24 | exit; |
---|
| 25 | } |
---|
[1040] | 26 | } |
---|
[2391] | 27 | else{ |
---|
| 28 | // From ExpressoAjax update session_dla (datetime last access). |
---|
| 29 | if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")) |
---|
| 30 | $_SESSION['phpgw_session']['session_dla'] = time(); |
---|
| 31 | } |
---|
[1040] | 32 | ?> |
---|
Note: See
TracBrowser
for help on using the repository browser.