Changeset 3018 for branches/2.2/header.session.inc.php
- Timestamp:
- 07/08/10 17:52:20 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/header.session.inc.php
r1464 r3018 1 1 <?php 2 session_id( $_COOKIE[ 'sessionid' ] ); 3 session_ start( );2 if ( isset( $_COOKIE[ 'sessionid' ] ) ) 3 session_id( $_COOKIE[ 'sessionid' ] ); 4 4 5 $sess = $_SESSION[ 'phpgw_session' ]; 6 $connection_id = "{$sess['session_id']}{$sess['session_ip']}".substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 5 session_start( ); 7 6 7 $sess = $_SESSION[ 'phpgw_session' ]; 8 $invalidSession = false; 9 $user_agent = array(); 10 if (isset($GLOBALS['phpgw']) && !isset($_SESSION['connection_db_info'])){ 11 $_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] = $GLOBALS['phpgw_info']['server']['sessions_checkip']; 12 if($GLOBALS['phpgw_info']['server']['use_https'] == 1) { 13 $new_ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : ""). $_SERVER['REMOTE_ADDR']; 14 $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET ip='$new_ip' WHERE account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}'",__LINE__,__FILE__); 15 } 16 $GLOBALS['phpgw']->db->query("select trim(sessionid),".($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "ip," : "")."browser from phpgw_access_log where account_id <> 0 and lo = 0 and sessionid='{$GLOBALS['sessionid']}' limit 1",__LINE__,__FILE__); 17 $GLOBALS['phpgw']->db->next_record(); 18 if($GLOBALS['phpgw']->db->row( )) 19 $_SESSION['connection_db_info']['user_auth'] = implode("",$GLOBALS['phpgw']->db->row( )); 20 } 21 if($_SESSION['connection_db_info']['user_auth']){ 22 $invalidSession = true; 23 $http_user_agent = substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199); 24 $user_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR']) : array($_SERVER['REMOTE_ADDR']); 25 $user_agent[] = ($_SESSION['phpgw_info']['admin']['server']['sessions_checkip'] ? "{$sess['session_id']}{$user_ip[0]}" : "{$sess['session_id']}").$http_user_agent; 26 if(count($user_ip) == 2) { 27 $user_agent[] = "{$sess['session_id']}{$user_ip[1]}".$http_user_agent; 28 $user_agent[] = $sess['session_id'].implode(",",array_reverse($user_ip)).$http_user_agent; 29 } 30 $pconnection_id = $_SESSION['connection_db_info']['user_auth']; 31 if(array_search($pconnection_id, $user_agent) !== FALSE) { 32 $invalidSession = false; 33 } 34 } 35 if (empty($_SESSION['phpgw_session']['session_id']) || $invalidSession) 36 { 37 if($_SESSION['connection_db_info']['user_auth'] && !strstr($_SERVER['SCRIPT_URL'],"/controller.php")) { 38 error_log( '[ INVALID SESSION ] >>>>' .$_SESSION['connection_db_info']['user_auth'].'<<<< - >>>>' . implode("",$user_agent), 0 ); 39 $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid'); 40 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'].'/login.php?cd=10'); 41 } 8 42 9 if ($_SESSION['connection_db_info']['user_auth'] && implode('',$_SESSION['connection_db_info']['user_auth']) !== $connection_id) 10 { 11 setcookie("PHPSESSID","",0); 12 setcookie ("sessionid","",0); 13 echo lang("An important error has occured with your login, please contact your system administrator"); 14 exit; 15 } 43 setcookie(session_name(),"",0); // Removing session cookie. 44 unset($_SESSION); // Removing session values. 45 // From ExpressoAjax response "nosession" 46 if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")){ 47 echo serialize(array("nosession" => true)); 48 exit; 49 } 50 } 51 else{ 52 // From ExpressoAjax update session_dla (datetime last access). 53 if(strstr($_SERVER['SCRIPT_URL'],"/controller.php")) 54 $_SESSION['phpgw_session']['session_dla'] = time(); 55 56 } 16 57 ?>
Note: See TracChangeset
for help on using the changeset viewer.