From d246fb9fe1f18eb98037758f1b7369b34258fbf7 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 16 Oct 2018 12:12:07 +0300
Subject: [PATCH] remove session REMOTE_ADDR checks

---
 include/sessions.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/include/sessions.php b/include/sessions.php
index b79988d9..5584c25b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -49,15 +49,8 @@
 
 		if ($_SESSION["uid"]) {
 
-			if (!defined('_SKIP_SESSION_ADDRESS_CHECKS') || !_SKIP_SESSION_ADDRESS_CHECKS) {
-				if ($_SESSION["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
-					$_SESSION["login_error_msg"] = __("Session failed to validate.");
-					return false;
-				}
-			}
-
 			if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
-				$_SESSION["login_error_msg"] = __("Session failed to validate.");
+				$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
 				return false;
 			}
 
-- 
2.39.2