7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #295 from mkuron/patch-1

Browse Source 
Remove REMOTE_ADDR check
This commit is contained in:
André Peters
2017-05-18 19:44:16 +02:00
committed by GitHub
parent 111f65333c ce515f7fc2
commit 9a896f9828
1 changed files with 3 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
data/web/inc/sessions.inc.php
View File

@@ -19,20 +19,14 @@ if (!isset($_SESSION['CSRF']['TOKEN'])) {
$_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32)); $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
} }
// Set session IP and UA // Set session UA
if (!isset($_SESSION['SESS_REMOTE_IP'])) {
$_SESSION['SESS_REMOTE_IP'] = $_SERVER['REMOTE_ADDR'];
}
if (!isset($_SESSION['SESS_REMOTE_UA'])) { if (!isset($_SESSION['SESS_REMOTE_UA'])) {
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
} }
// Check session // Check session
function session_check() { function session_check() {
if (!isset($_SESSION['SESS_REMOTE_IP']) || !isset($_SESSION['SESS_REMOTE_UA'])) { if (!isset($_SESSION['SESS_REMOTE_UA'])) {
return false;
}
if ($_SESSION['SESS_REMOTE_IP'] != $_SERVER['REMOTE_ADDR']) {
return false; return false;
} }
if ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT']) { if ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT']) {
@@ -70,4 +64,4 @@ if (isset($_POST["logout"])) {
session_write_close(); session_write_close();
header("Location: /"); header("Location: /");
} }
} }