aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-07-21 21:28:45 -0700
committerfriendica <info@friendica.com>2014-07-21 21:28:45 -0700
commitdd215607f37121be296c6da645d6398562c6ff44 (patch)
treef8e1d7b4d17d42e0a8a4926aa9d4ef6854ca5c3f
parent68b7dc48bb25ea73190d850660e555bdb491e692 (diff)
downloadvolse-hubzilla-dd215607f37121be296c6da645d6398562c6ff44.tar.gz
volse-hubzilla-dd215607f37121be296c6da645d6398562c6ff44.tar.bz2
volse-hubzilla-dd215607f37121be296c6da645d6398562c6ff44.zip
paranoia tweaks
-rw-r--r--include/auth.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/include/auth.php b/include/auth.php
index a8a1a5f5c..cc07917b7 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -128,13 +128,17 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
// first check if we're enforcing that sessions can't change IP address
- if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
+ if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
$partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.'));
$partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.'));
- $paranoia = intval(get_config('system','paranoia'));
+
+ $paranoia = intval(get_pconfig($_SESSION['uid'],'system','paranoia'));
+ if(! $paranoia)
+ $paranoia = intval(get_config('system','paranoia'));
+
switch($paranoia) {
case 0:
// no IP checking