From 60987ea2fdf79827a0fe3755a1173e5532e632f5 Mon Sep 17 00:00:00 2001
From: BodgeMaster <>
Date: Mon, 24 Feb 2020 04:08:05 +0100
Subject: [PATCH] added the variable %NO_SESSION_STEALING%

---
 threadr/userhome/index.php | 12 +-----------
 variable_grabbler.cfg      | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/threadr/userhome/index.php b/threadr/userhome/index.php
index bf90a81..745068f 100644
--- a/threadr/userhome/index.php
+++ b/threadr/userhome/index.php
@@ -1,17 +1,7 @@
 <?php
 session_start();
 //Todo: make this a setting for users that use VPNs/Proxies and seem to jump around the world rather quickly...
-if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR']){
-  // force logout
-  $_SESSION = array();
-  if (ini_get("session.use_cookies")) {
-    $params = session_get_cookie_params();
-    setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
-  }
-  session_destroy();
-  header("Location: https://lostcave.ddnss.de/common/threadr/login/?error=session");
-  die();
-}
+%NO_SESSION_STEALING%
 
 $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
 $statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table
diff --git a/variable_grabbler.cfg b/variable_grabbler.cfg
index 8b2d637..5006482 100644
--- a/variable_grabbler.cfg
+++ b/variable_grabbler.cfg
@@ -1,3 +1,17 @@
 {
-"CONTENT_DIR":"/common/threadr"
+"CONTENT_DIR":"/common/threadr",
+
+"NO_SESSION_STEALING":"
+if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){
+  // force logout
+  $_SESSION = array();
+  if (ini_get(\"session.use_cookies\")) {
+    $params = session_get_cookie_params();
+    setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]);
+  }
+  session_destroy();
+  header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\");
+  die();
+}"
+
 }