added the variable %NO_SESSION_STEALING%

master
BodgeMaster 2020-02-24 04:08:05 +01:00
parent b2390933ff
commit 60987ea2fd
2 changed files with 16 additions and 12 deletions

View File

@ -1,17 +1,7 @@
<?php <?php
session_start(); session_start();
//Todo: make this a setting for users that use VPNs/Proxies and seem to jump around the world rather quickly... //Todo: make this a setting for users that use VPNs/Proxies and seem to jump around the world rather quickly...
if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR']){ %NO_SESSION_STEALING%
// force logout
$_SESSION = array();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
header("Location: https://lostcave.ddnss.de/common/threadr/login/?error=session");
die();
}
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!'); $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table $statement = $pdo->prepare('SELECT name FROM users WHERE id = :user_id;'); // to be replaced with optional user name off the user data table

View File

@ -1,3 +1,17 @@
{ {
"CONTENT_DIR":"/common/threadr" "CONTENT_DIR":"/common/threadr",
"NO_SESSION_STEALING":"
if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){
// force logout
$_SESSION = array();
if (ini_get(\"session.use_cookies\")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]);
}
session_destroy();
header(\"Location: https://lostcave.ddnss.de/common/threadr/login/?error=session\");
die();
}"
} }