makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 22:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Rotating IP workaround suggested by vHiker (this is already in the new 2.2 session object)

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2635 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-06-14 16:35:14 +00:00
parent fb14e12508
commit 72322e2cd1
1 changed files with 44 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
phpBB/includes/sessions.php
View file

@ -229,8 +229,7 @@ function session_pagestart($user_ip, $thispage_id)
$sql = "SELECT u.*, s.* $sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id' WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id AND u.user_id = s.session_user_id";
AND s.session_ip = '$user_ip'";
if ( !($result = $db->sql_query($sql)) ) if ( !($result = $db->sql_query($sql)) )
{ {
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
@ -242,6 +241,16 @@ function session_pagestart($user_ip, $thispage_id)
// Did the session exist in the DB? // Did the session exist in the DB?
// //
if ( isset($userdata['user_id']) ) if ( isset($userdata['user_id']) )
{
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);
if ( $ip_check_s == $ip_check_u )
{ {
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : ''; $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
@ -250,11 +259,9 @@ function session_pagestart($user_ip, $thispage_id)
// //
if ( $current_time - $userdata['session_time'] > 60 ) if ( $current_time - $userdata['session_time'] > 60 )
{ {
// || $userdata['user_session_page'] != $thispage_id
$sql = "UPDATE " . SESSIONS_TABLE . " $sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "' WHERE session_id = '" . $userdata['session_id'] . "'";
AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) ) if ( !$db->sql_query($sql) )
{ {
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
@ -290,6 +297,7 @@ function session_pagestart($user_ip, $thispage_id)
return $userdata; return $userdata;
} }
} }
}
// //
// If we reach here then no (valid) session exists. So we'll create a new one, // If we reach here then no (valid) session exists. So we'll create a new one,