From: Andrew Dolgov Date: Fri, 21 Aug 2015 06:02:16 +0000 (+0300) Subject: remove SESSION_CHECK_ADDRESS X-Git-Tag: 16.3~123^2 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=f5e66c439e9c8881d745499243341b4095274c12;p=tt-rss.git remove SESSION_CHECK_ADDRESS --- diff --git a/config.php-dist b/config.php-dist index 311b94df..2eaaab61 100644 --- a/config.php-dist +++ b/config.php-dist @@ -141,13 +141,6 @@ // Default lifetime of a session (e.g. login) cookie. In seconds, // 0 means cookie will be deleted when browser closes. - define('SESSION_CHECK_ADDRESS', 1); - // Check client IP address when validating session: - // 0 - disable checking - // 1 - check first 3 octets of an address (recommended) - // 2 - check first 2 octets of an address - // 3 - check entire address - // ********************************* // *** Email and digest settings *** // ********************************* diff --git a/include/sessions.php b/include/sessions.php index 30d50264..c0ec64c3 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -39,41 +39,12 @@ function validate_session() { if (SINGLE_USER_MODE) return true; - //if (VERSION_STATIC != $_SESSION["version"]) return false; - - $check_ip = $_SESSION['ip_address']; - - switch (SESSION_CHECK_ADDRESS) { - case 0: - $check_ip = ''; - break; - case 1: - $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1); - break; - case 2: - $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')); - $check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1); - break; - }; - - if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (incorrect IP)"); - return false; - } - if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version(true)) { $_SESSION["login_error_msg"] = __("Session failed to validate (schema version changed)"); return false; } - /* if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) { - $_SESSION["login_error_msg"] = - __("Session failed to validate (user agent changed)"); - return false; - } */ - if ($_SESSION["uid"]) { $result = Db::get()->query( "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");