From 60987ea2fdf79827a0fe3755a1173e5532e632f5 Mon Sep 17 00:00:00 2001 From: BodgeMaster <> Date: Mon, 24 Feb 2020 04:08:05 +0100 Subject: [PATCH] added the variable %NO_SESSION_STEALING% --- threadr/userhome/index.php | 12 +----------- variable_grabbler.cfg | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/threadr/userhome/index.php b/threadr/userhome/index.php index bf90a81..745068f 100644 --- a/threadr/userhome/index.php +++ b/threadr/userhome/index.php @@ -1,17 +1,7 @@ prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table diff --git a/variable_grabbler.cfg b/variable_grabbler.cfg index 8b2d637..5006482 100644 --- a/variable_grabbler.cfg +++ b/variable_grabbler.cfg @@ -1,3 +1,17 @@ { -"CONTENT_DIR":"/common/threadr" +"CONTENT_DIR":"/common/threadr", + +"NO_SESSION_STEALING":" +if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ + // force logout + $_SESSION = array(); + if (ini_get(\"session.use_cookies\")) { + $params = session_get_cookie_params(); + setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); + } + session_destroy(); + header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\"); + die(); +}" + }