]> git.wh0rd.org Git - tt-rss.git/commitdiff
change behaviour of SESSION_CHECK_ADDRESS
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 26 Nov 2010 09:31:01 +0000 (12:31 +0300)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 26 Nov 2010 09:31:01 +0000 (12:31 +0300)
config.php-dist
functions.php

index 824b843c7719bc6312101eef1d1ecc39a09daaa9..f3045f70ec75af797afec30107d053b3985b060b 100644 (file)
        // configurations. Doesn't seem to work for everyone, so enable with caution.
        // tt-rss uses default PHP session storing mechanism if disabled.
 
-       define('SESSION_CHECK_ADDRESS', true);
-       // Bind session to client IP address (recommended)
+       define('SESSION_CHECK_ADDRESS', 1);
+       // Check client IP address when validating session:
+       // 0 - disable checking
+       // 1 - check first 3 octets of an address (recommended)
+       // 2 - check first 2 octets of an address
+       // 3 - check entire address
 
        define('SESSION_COOKIE_LIFETIME', 0);
        // Default lifetime of a session (e.g. login) cookie. In seconds, 
index d874ba3b9c91c762cd10f2bd86e3e86512c326f3..1d37727fe0ab4ca54fba94e0f0bd0bf3b77ae4d2 100644 (file)
        }
 
        function validate_session($link) {
-               if (SINGLE_USER_MODE) { 
-                       return true;
-               }
+               if (SINGLE_USER_MODE) return true;
 
-               if (SESSION_CHECK_ADDRESS && $_SESSION["uid"]) {
-                       if ($_SESSION["ip_address"]) {
-                               if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
-                                       $_SESSION["login_error_msg"] = __("Session failed to validate (incorrect IP)");
-                                       return false;
-                               }
-                       }
-               }
+               $check_ip = $_SESSION['ip_address'];
 
-               if ($_SESSION["ref_schema_version"] != get_schema_version($link, true)) {
+               switch (SESSION_CHECK_ADDRESS) {
+               case 0:
+                       $check_ip = '';
+                       break;
+               case 1:
+                       $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
+                       break;
+               case 2:
+                       $check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
+                       $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
+                       break;
+               };
+
+               if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0)
+                               $_SESSION["login_error_msg"] = 
+                                       __("Session failed to validate (incorrect IP)");
+
+               if ($_SESSION["ref_schema_version"] != get_schema_version($link, true))
                        return false;
-               }
 
                if ($_SESSION["uid"]) {