mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-16 04:19:41 +02:00
Code Issues Releases Wiki Activity

Rotating IP workaround suggested by vHiker (this is already in the new 2.2 session object)

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2635 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-06-14 16:35:14 +00:00
parent fb14e12508
commit 72322e2cd1
1 changed files with 44 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
phpBB/includes/sessions.php
View File

@ -229,8 +229,7 @@ function session_pagestart($user_ip, $thispage_id)
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id
AND s.session_ip = '$user_ip'";
AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
@ -242,6 +241,16 @@ function session_pagestart($user_ip, $thispage_id)
// Did the session exist in the DB?
//
if ( isset($userdata['user_id']) )
{
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);
if ( $ip_check_s == $ip_check_u )
{
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
@ -250,11 +259,9 @@ function session_pagestart($user_ip, $thispage_id)
//
if ( $current_time - $userdata['session_time'] > 60 )
{
// || $userdata['user_session_page'] != $thispage_id
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'
AND session_ip = '$user_ip'";
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
@ -290,6 +297,7 @@ function session_pagestart($user_ip, $thispage_id)
return $userdata;
}
}
}
//
// If we reach here then no (valid) session exists. So we'll create a new one,