[1040] | 1 | <?php |
---|
[6801] | 2 | require_once(__DIR__.'/prototype/api/esecurity.php'); |
---|
| 3 | $s = new ESecurity(); |
---|
| 4 | $s->valid(); |
---|
| 5 | |
---|
| 6 | |
---|
[5509] | 7 | /*************************************************************************** |
---|
| 8 | * Expresso Livre * |
---|
| 9 | * http://www.expressolivre.org * |
---|
| 10 | * -------------------------------------------- * |
---|
| 11 | * This program is free software; you can redistribute it and/or modify it * |
---|
| 12 | * under the terms of the GNU General Public License as published by the * |
---|
| 13 | * Free Software Foundation; either version 2 of the License, or (at your * |
---|
| 14 | * option) any later version. * |
---|
| 15 | \**************************************************************************/ |
---|
| 16 | |
---|
[3018] | 17 | if ( isset( $_COOKIE[ 'sessionid' ] ) ) |
---|
| 18 | session_id( $_COOKIE[ 'sessionid' ] ); |
---|
[1040] | 19 | |
---|
[6801] | 20 | if( !isset($_SESSION) ) |
---|
| 21 | session_start( ); |
---|
[1040] | 22 | |
---|
[3018] | 23 | $sess = $_SESSION[ 'phpgw_session' ]; |
---|
| 24 | $invalidSession = false; |
---|
| 25 | $user_agent = array(); |
---|
| 26 | if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){ |
---|
| 27 | $_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] = $GLOBALS['phpgw_info']['server']['sessions_checkip']; |
---|
[7126] | 28 | if($GLOBALS['phpgw_info']['server']['use_https'] == 1){ |
---|
| 29 | $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR']; |
---|
| 30 | if(strlen($new_ip)>30){ |
---|
| 31 | $ip_exploded = explode(",",$new_ip); |
---|
| 32 | $new_ip = ""; |
---|
| 33 | for($i=0;$i<2;$i++) |
---|
| 34 | $new_ip .= isset($ip_exploded[$i])?(($i==1?",":"").trim($ip_exploded[$i])):(""); |
---|
| 35 | if(strlen($new_ip)>30) |
---|
| 36 | $new_ip = $ip_exploded[0]; |
---|
| 37 | } |
---|
| 38 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__); |
---|
[3018] | 39 | } |
---|
| 40 | $GLOBALS['phpgw']->db->query("select trim(sessionid),".($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "ip," : "")."browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__); |
---|
| 41 | $GLOBALS['phpgw']->db->next_record(); |
---|
| 42 | if($GLOBALS['phpgw']->db->row( )) |
---|
| 43 | $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( )); |
---|
| 44 | } |
---|
| 45 | if($_SESSION['connection_db_info']['user_auth']){ |
---|
| 46 | $invalidSession = true; |
---|
| 47 | $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); |
---|
| 48 | $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']); |
---|
| 49 | $user_agent[] = ($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "{$sess['session_id']}{$user_ip[0]}" : "{$sess['session_id']}").$http_user_agent; |
---|
| 50 | if(count($user_ip) == 2) { |
---|
| 51 | $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent; |
---|
| 52 | $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent; |
---|
| 53 | } |
---|
| 54 | $pconnection_id = $_SESSION['connection_db_info']['user_auth']; |
---|
| 55 | if(array_search($pconnection_id, $user_agent) !== FALSE) { |
---|
| 56 | $invalidSession = false; |
---|
| 57 | } |
---|
| 58 | } |
---|
| 59 | if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession) |
---|
| 60 | { |
---|
[3867] | 61 | if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_NAME'],"/controller.php")) { |
---|
[3018] | 62 | error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 ); |
---|
| 63 | $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid'); |
---|
| 64 | $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'].'/login.php?cd=10'); |
---|
| 65 | } |
---|
[1464] | 66 | |
---|
[3018] | 67 | setcookie(session_name(),"",0); // Removing session cookie. |
---|
| 68 | unset($_SESSION); // Removing session values. |
---|
| 69 | // From ExpressoAjax response "nosession" |
---|
[3867] | 70 | if(strstr($_SERVER['SCRIPT_NAME'],"/controller.php")){ |
---|
[3018] | 71 | echo serialize(array("nosession" => true)); |
---|
| 72 | exit; |
---|
| 73 | } |
---|
| 74 | } |
---|
| 75 | else{ |
---|
| 76 | // From ExpressoAjax update session_dla (datetime last access). |
---|
[3867] | 77 | if(strstr($_SERVER['SCRIPT_NAME'],"/controller.php")) |
---|
[3018] | 78 | $_SESSION['phpgw_session']['session_dla'] = time(); |
---|
| 79 | |
---|
| 80 | } |
---|
[1040] | 81 | ?> |
---|