Ignore:
Timestamp:
05/25/10 11:21:48 (14 years ago)
Author:
niltonneto
Message:

Ticket #1041 - Corrigido problema na validação da sessão por IP.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/header.session.inc.php

    r2582 r2850  
    11<?php 
    2         if ( isset( $_COOKIE[ 'sessionid' ] ) ) 
     2    if ( isset( $_COOKIE[ 'sessionid' ] ) ) 
    33                session_id( $_COOKIE[ 'sessionid' ] ); 
    44 
     
    66 
    77        $sess = $_SESSION[ 'phpgw_session' ]; 
    8         $user_ip =  (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);   
    9         $connection_id = "{$sess['session_id']}{$user_ip}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 
    10  
    11  
    12         if (empty($_SESSION['phpgw_session']['session_id']) || ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id)) 
     8        $invalidSession = false; 
     9        $user_agent = array(); 
     10        if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){ 
     11                if($GLOBALS['phpgw_info']['server']['use_https'] == 1) { 
     12                $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR']; 
     13                $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__); 
     14                } 
     15                $GLOBALS['phpgw']->db->query("select trim(sessionid), ip, browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__); 
     16                $GLOBALS['phpgw']->db->next_record(); 
     17                if($GLOBALS['phpgw']->db->row( )) 
     18                        $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( )); 
     19        } 
     20        if($_SESSION['connection_db_info']['user_auth']){ 
     21                $invalidSession = true; 
     22                $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 
     23                $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']); 
     24                $user_agent[] = "{$sess['session_id']}{$user_ip[0]}".$http_user_agent; 
     25                if(count($user_ip) == 2) { 
     26                        $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent; 
     27                        $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent; 
     28                } 
     29                $pconnection_id = $_SESSION['connection_db_info']['user_auth']; 
     30                if(array_search($pconnection_id, $user_agent)  !== FALSE) { 
     31                        $invalidSession = false; 
     32                } 
     33        } 
     34        if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession) 
    1335        { 
    1436                if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { 
    15                         error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 ); 
    16                         @require_once dirname( __FILE__ ) . '/logout.php'; 
     37                        error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 ); 
     38                        require_once dirname( __FILE__ ) . '/logout.php'; 
    1739                } 
    1840 
Note: See TracChangeset for help on using the changeset viewer.