harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

paranoia tweaks

Browse Source
This commit is contained in:
friendica 2014-07-21 21:28:45 -07:00
parent 68b7dc48bb
commit dd215607f3
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/auth.php
View File

@ -128,13 +128,17 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
// first check if we're enforcing that sessions can't change IP address
if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
$partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.'));
$partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.'));
$paranoia = intval(get_config('system','paranoia'));
$paranoia = intval(get_pconfig($_SESSION['uid'],'system','paranoia'));
if(! $paranoia)
$paranoia = intval(get_config('system','paranoia'));
switch($paranoia) {
case 0:
// no IP checking