forked from root/threadr.lostcave.ddnss.de
added the variable %NO_SESSION_STEALING%
parent
b2390933ff
commit
60987ea2fd
|
@ -1,17 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
session_start();
|
session_start();
|
||||||
//Todo: make this a setting for users that use VPNs/Proxies and seem to jump around the world rather quickly...
|
//Todo: make this a setting for users that use VPNs/Proxies and seem to jump around the world rather quickly...
|
||||||
if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR']){
|
%NO_SESSION_STEALING%
|
||||||
// force logout
|
|
||||||
$_SESSION = array();
|
|
||||||
if (ini_get("session.use_cookies")) {
|
|
||||||
$params = session_get_cookie_params();
|
|
||||||
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
|
|
||||||
}
|
|
||||||
session_destroy();
|
|
||||||
header("Location: https://lostcave.ddnss.de/common/threadr/login/?error=session");
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
|
|
||||||
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
|
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
|
||||||
$statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table
|
$statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table
|
||||||
|
|
|
@ -1,3 +1,17 @@
|
||||||
{
|
{
|
||||||
"CONTENT_DIR":"/common/threadr"
|
"CONTENT_DIR":"/common/threadr",
|
||||||
|
|
||||||
|
"NO_SESSION_STEALING":"
|
||||||
|
if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){
|
||||||
|
// force logout
|
||||||
|
$_SESSION = array();
|
||||||
|
if (ini_get(\"session.use_cookies\")) {
|
||||||
|
$params = session_get_cookie_params();
|
||||||
|
setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]);
|
||||||
|
}
|
||||||
|
session_destroy();
|
||||||
|
header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\");
|
||||||
|
die();
|
||||||
|
}"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue