source: branches/2.0/header.session.inc.php @ 2582

Revision 2582, 1.3 KB checked in by niltonneto, 14 years ago (diff)

Ticket #1041 - Arrumando validação do ip sem ser da sessão.

Line 
1<?php
2        if ( isset( $_COOKIE[ 'sessionid' ] ) )
3                session_id( $_COOKIE[ 'sessionid' ] );
4
5        session_start( );
6
7        $sess = $_SESSION[ 'phpgw_session' ];
8        $user_ip =  (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); 
9        $connection_id = "{$sess['session_id']}{$user_ip}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199);
10
11
12        if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id))
13        {
14                if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) {
15                        error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 );
16                        @require_once dirname( __FILE__ ) . '/logout.php';
17                }
18
19                setcookie(session_name(),"",0); // Removing session cookie.
20                unset($_SESSION);                               // Removing session values.
21                // From ExpressoAjax response "nosession"
22                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){
23                        echo serialize(array("nosession" => true));
24                        exit;
25                }
26        }
27        else{
28                // From ExpressoAjax update session_dla (datetime last access).
29                if(strstr($_SERVER['SCRIPT_URL'],"/controller.php"))
30                        $_SESSION['phpgw_session']['session_dla'] = time();
31        }
32?>
Note: See TracBrowser for help on using the repository browser.