Changeset 2855
- Timestamp:
- 05/25/10 17:00:15 (14 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/doc-expressolivre/debian/arqs-conf/header.inc.php
r2842 r2855 123 123 $GLOBALS['phpgw_info']['server']['versions']['current_header'] = $setup_info['phpgwapi']['versions']['current_header']; 124 124 unset($setup_info); 125 $GLOBALS['phpgw_info']['server']['versions']['header'] = '2. 0';125 $GLOBALS['phpgw_info']['server']['versions']['header'] = '2.2'; 126 126 /* This is a fix for NT */ 127 127 if(!isset($GLOBALS['phpgw_info']['flags']['noapi']) || !$GLOBALS['phpgw_info']['flags']['noapi'] == True) … … 131 131 $connection_id = $GLOBALS['phpgw']->session->sessionid; 132 132 if (!strlen($connection_id) != 32){ 133 if (!isset($_SESSION['connection_db_info']))134 {135 $GLOBALS['phpgw']->db->query("select trim(sessionid), ip, browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['phpgw']->session->sessionid}' limit 1",__LINE__,__FILE__);136 $GLOBALS['phpgw']->db->next_record( );137 $_SESSION['connection_db_info']['user_auth'] = $GLOBALS['phpgw']->db->row( );138 }139 133 include("header.session.inc.php"); 140 134 } -
trunk/header.inc.php.template
r2326 r2855 118 118 $GLOBALS['phpgw_info']['server']['versions']['current_header'] = $setup_info['phpgwapi']['versions']['current_header']; 119 119 unset($setup_info); 120 $GLOBALS['phpgw_info']['server']['versions']['header'] = '2. 0';120 $GLOBALS['phpgw_info']['server']['versions']['header'] = '2.2'; 121 121 /* This is a fix for NT */ 122 122 if(!isset($GLOBALS['phpgw_info']['flags']['noapi']) || !$GLOBALS['phpgw_info']['flags']['noapi'] == True) … … 126 126 $connection_id = $GLOBALS['phpgw']->session->sessionid; 127 127 if (!strlen($connection_id) != 32){ 128 if (!isset($_SESSION['connection_db_info']))129 {130 $GLOBALS['phpgw']->db->query("select trim(sessionid), ip, browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['phpgw']->session->sessionid}' limit 1",__LINE__,__FILE__);131 $GLOBALS['phpgw']->db->next_record( );132 $_SESSION['connection_db_info']['user_auth'] = $GLOBALS['phpgw']->db->row( );133 }134 128 include("header.session.inc.php"); 135 129 } -
trunk/header.session.inc.php
r2522 r2855 10 10 * option) any later version. * 11 11 \**************************************************************************/ 12 12 if ( isset( $_COOKIE[ 'sessionid' ] ) ) 13 13 session_id( $_COOKIE[ 'sessionid' ] ); 14 14 15 15 session_start( ); 16 16 17 $sess = $_SESSION[ 'phpgw_session' ]; 17 $user_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); 18 $connection_id = "{$sess['session_id']}{$user_ip}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 19 20 if ( empty($_SESSION['phpgw_session']['session_id']) || 21 ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id) 22 ) 18 $invalidSession = false; 19 $user_agent = array(); 20 if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){ 21 if($GLOBALS['phpgw_info']['server']['use_https'] == 1) { 22 $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR']; 23 $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__); 24 } 25 $GLOBALS['phpgw']->db->query("select trim(sessionid), ip, browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__); 26 $GLOBALS['phpgw']->db->next_record(); 27 if($GLOBALS['phpgw']->db->row( )) 28 $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( )); 29 } 30 if($_SESSION['connection_db_info']['user_auth']){ 31 $invalidSession = true; 32 $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 33 $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']); 34 $user_agent[] = "{$sess['session_id']}{$user_ip[0]}".$http_user_agent; 35 if(count($user_ip) == 2) { 36 $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent; 37 $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent; 38 } 39 $pconnection_id = $_SESSION['connection_db_info']['user_auth']; 40 if(array_search($pconnection_id, $user_agent) !== FALSE) { 41 $invalidSession = false; 42 } 43 } 44 if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession) 23 45 { 24 46 if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { 25 error_log( '[ INVALID SESSION ] >>>>' . implode('',$_SESSION['connection_db_info']['user_auth']) . '<<<< - >>>>' . $connection_id . '<<<<', 0 );26 @require_once dirname( __FILE__ ) . '/logout.php';47 error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 ); 48 require_once dirname( __FILE__ ) . '/logout.php'; 27 49 } 28 50 -
trunk/logout.php
r2 r2855 20 20 'nonavbar' => True 21 21 ); 22 include( './header.inc.php');22 include(dirname( __FILE__ ).'/header.inc.php'); 23 23 24 24 $GLOBALS['sessionid'] = get_var('sessionid',array('GET','COOKIE')); -
trunk/phpgwapi/inc/class.sessions.inc.php
r2686 r2855 404 404 * Get the ip address of current users 405 405 * 406 * @return string ip address406 * @return string HTTP_X_FORWARDED_FOR (if exists) and REMOTE_ADDR ip addresses. 407 407 */ 408 408 function getuser_ip() 409 409 { 410 /* 411 if (getenv(HTTP_X_FORWARDED_FOR)) 412 { 413 if (getenv(HTTP_CLIENT_IP)) 414 { 415 $ip=getenv(HTTP_CLIENT_IP); 416 } 417 else 418 { 419 $ip=getenv(HTTP_X_FORWARDED_FOR); 420 } 421 $ip_proxy=getenv(REMOTE_ADDR); 422 } 423 else 424 { 425 $ip=getenv(REMOTE_ADDR); 426 } 427 return $ip; 428 */ 429 return (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); 410 return (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : "").$_SERVER['REMOTE_ADDR']; 430 411 } 431 412
Note: See TracChangeset
for help on using the changeset viewer.