source: trunk/header.session.inc.php @ 7126

Revision 7126, 4.0 KB checked in by angelo, 12 years ago (diff)

Ticket #3075 - Corrigir tamanho de tabela de logs do Expresso

Line 
1<?php
2require_once(__DIR__.'/prototype/api/esecurity.php');
3$s = new ESecurity();
4$s->valid();
5
6
7                /***************************************************************************
8                * Expresso Livre                                                           *
9                * http://www.expressolivre.org                                             *
10                * --------------------------------------------                             *
11                *  This program is free software; you can redistribute it and/or modify it *
12                *  under the terms of the GNU General Public License as published by the   *
13                *  Free Software Foundation; either version 2 of the License, or (at your  *
14                *  option) any later version.                                              *
15                \**************************************************************************/
16               
17if ( isset( $_COOKIE[ 'sessionid' ] ) )
18        session_id( $_COOKIE[ 'sessionid' ] );
19
20if( !isset($_SESSION) )
21    session_start( );
22
23$sess = $_SESSION[ 'phpgw_session' ];
24$invalidSession = false;
25$user_agent = array();
26if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){
27        $_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] = $GLOBALS['phpgw_info']['server']['sessions_checkip'];
28        if($GLOBALS['phpgw_info']['server']['use_https'] == 1){
29                $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR'];               
30                if(strlen($new_ip)>30){
31                        $ip_exploded = explode(",",$new_ip);
32                        $new_ip = "";
33                        for($i=0;$i<2;$i++)
34                                $new_ip .= isset($ip_exploded[$i])?(($i==1?",":"").trim($ip_exploded[$i])):("");
35                        if(strlen($new_ip)>30)
36                                $new_ip = $ip_exploded[0];
37                }               
38                $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__);
39        }
40         $GLOBALS['phpgw']->db->query("select trim(sessionid),".($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "ip," : "")."browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__);
41        $GLOBALS['phpgw']->db->next_record();
42        if($GLOBALS['phpgw']->db->row( ))
43                $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( ));
44}
45if($_SESSION['connection_db_info']['user_auth']){
46        $invalidSession = true;
47        $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199);
48        $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']);
49        $user_agent[] = ($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "{$sess['session_id']}{$user_ip[0]}" : "{$sess['session_id']}").$http_user_agent;
50        if(count($user_ip) == 2) {
51                $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent;
52                $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent;
53        }
54        $pconnection_id = $_SESSION['connection_db_info']['user_auth'];
55        if(array_search($pconnection_id, $user_agent)  !== FALSE) {
56                $invalidSession = false;
57        }
58}
59if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession)
60{
61        if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_NAME'],"/controller.php")) {
62                error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 );
63                $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid');
64                $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'].'/login.php?cd=10');
65        }
66
67        setcookie(session_name(),"",0); // Removing session cookie.
68        unset($_SESSION);                               // Removing session values.
69        // From ExpressoAjax response "nosession"
70        if(strstr($_SERVER['SCRIPT_NAME'],"/controller.php")){
71                echo serialize(array("nosession" => true));
72                exit;
73        }
74}
75else{
76        // From ExpressoAjax update session_dla (datetime last access). 
77        if(strstr($_SERVER['SCRIPT_NAME'],"/controller.php"))
78                $_SESSION['phpgw_session']['session_dla'] = time();
79
80}
81?>
Note: See TracBrowser for help on using the repository browser.