Changeset 2850 for branches/2.0/header.session.inc.php
- Timestamp:
- 05/25/10 11:21:48 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/header.session.inc.php
r2582 r2850 1 1 <?php 2 2 if ( isset( $_COOKIE[ 'sessionid' ] ) ) 3 3 session_id( $_COOKIE[ 'sessionid' ] ); 4 4 … … 6 6 7 7 $sess = $_SESSION[ 'phpgw_session' ]; 8 $user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); 9 $connection_id = "{$sess['session_id']}{$user_ip}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 10 11 12 if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id)) 8 $invalidSession = false; 9 $user_agent = array(); 10 if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){ 11 if($GLOBALS['phpgw_info']['server']['use_https'] == 1) { 12 $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR']; 13 $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__); 14 } 15 $GLOBALS['phpgw']->db->query("select trim(sessionid), ip, browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__); 16 $GLOBALS['phpgw']->db->next_record(); 17 if($GLOBALS['phpgw']->db->row( )) 18 $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( )); 19 } 20 if($_SESSION['connection_db_info']['user_auth']){ 21 $invalidSession = true; 22 $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 23 $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']); 24 $user_agent[] = "{$sess['session_id']}{$user_ip[0]}".$http_user_agent; 25 if(count($user_ip) == 2) { 26 $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent; 27 $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent; 28 } 29 $pconnection_id = $_SESSION['connection_db_info']['user_auth']; 30 if(array_search($pconnection_id, $user_agent) !== FALSE) { 31 $invalidSession = false; 32 } 33 } 34 if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession) 13 35 { 14 36 if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { 15 error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 );16 @require_once dirname( __FILE__ ) . '/logout.php';37 error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 ); 38 require_once dirname( __FILE__ ) . '/logout.php'; 17 39 } 18 40
Note: See TracChangeset
for help on using the changeset viewer.