Merge pull request #1 from friendica/master

Red master has been merged

1 files changed, 32 insertions, 5 deletions

diff --git a/include/auth.php b/include/auth.php
index 8e02b7b4f..cc07917b7 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -128,13 +128,40 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 
 		// first check if we're enforcing that sessions can't change IP address
 
-		if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
+		if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
 			logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-			if(get_config('system','paranoia')) {
-				logger('Session address changed. Paranoid setting in effect, blocking session. ' 
+
+			$partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.')); 
+			$partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.')); 
+
+
+			$paranoia = intval(get_pconfig($_SESSION['uid'],'system','paranoia'));
+			if(! $paranoia)
+				$paranoia = intval(get_config('system','paranoia'));
+
+			switch($paranoia) {
+				case 0:
+					// no IP checking
+					break;
+				case 2:
+					// check 2 octets
+					$partial1 = substr($partial1,0,strrpos($partial1,'.')); 
+					$partial2 = substr($partial2,0,strrpos($partial2,'.')); 
+					if($partial1 == $partial2)
+						break;
+				case 1:
+					// check 3 octets
+					if($partial1 == $partial2)
+						break;
+				case 3:
+				default:
+					// check any difference at all
+					logger('Session address changed. Paranoid setting in effect, blocking session. ' 
 					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-				nuke_session();
-				goaway(z_root());
+					nuke_session();
+					goaway(z_root());
+					break;
+
 			}
 		}