mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 23:55:19 +00:00
add more control to auth paranoia setting
This commit is contained in:
parent
67000917f4
commit
f65890091e
3 changed files with 966 additions and 905 deletions
|
@ -130,11 +130,34 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
|
|||
|
||||
if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
|
||||
logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
|
||||
if(get_config('system','paranoia')) {
|
||||
|
||||
$partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.'));
|
||||
$partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.'));
|
||||
|
||||
$paranoia = intval(get_config('system','paranoia'));
|
||||
switch($paranoia) {
|
||||
case 0:
|
||||
// no IP checking
|
||||
break;
|
||||
case 2:
|
||||
// check 2 octets
|
||||
$partial1 = substr($partial1,0,strrpos($partial1,'.'));
|
||||
$partial2 = substr($partial2,0,strrpos($partial2,'.'));
|
||||
if($partial1 == $partial2)
|
||||
break;
|
||||
case 1:
|
||||
// check 3 octets
|
||||
if($partial1 == $partial2)
|
||||
break;
|
||||
case 3:
|
||||
default:
|
||||
// check any difference at all
|
||||
logger('Session address changed. Paranoid setting in effect, blocking session. '
|
||||
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
|
||||
nuke_session();
|
||||
goaway(z_root());
|
||||
break;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
1838
util/messages.po
1838
util/messages.po
File diff suppressed because it is too large
Load diff
|
@ -1 +1 @@
|
|||
2014-07-17.739
|
||||
2014-07-20.742
|
||||
|
|
Loading…
Reference in a new issue