diff options
| author | friendica <info@friendica.com> | 2014-05-29 16:14:10 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-05-29 16:14:10 -0700 |
| commit | 9b5eabf1083602382385c62c6ad7d8ae8e167f9e (patch) | |
| tree | a73ed07970a517dbad90f14954fea790193813c3 /include/auth.php | |
| parent | a00103b7dfa0b128cbe6ab03e6a43ccedb24f8c2 (diff) | |
| parent | 1a58777daa0ab9394f38737a806a7a185ebceeb0 (diff) | |
| download | volse-hubzilla-9b5eabf1083602382385c62c6ad7d8ae8e167f9e.tar.gz volse-hubzilla-9b5eabf1083602382385c62c6ad7d8ae8e167f9e.tar.bz2 volse-hubzilla-9b5eabf1083602382385c62c6ad7d8ae8e167f9e.zip | |
Merge branch 'master' into newevent
Conflicts:
include/zot.php
Diffstat (limited to 'include/auth.php')
| -rw-r--r-- | include/auth.php | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/include/auth.php b/include/auth.php index c21705c99..e8f13d0fb 100644 --- a/include/auth.php +++ b/include/auth.php @@ -117,13 +117,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p // first check if we're enforcing that sessions can't change IP address - $check = get_config('system','paranoia'); - // extra paranoia - if the IP changed, log them out - if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { - logger('Session address changed. Paranoid setting in effect, blocking session. ' - . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(z_root()); + if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { + logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); + if(get_config('system','paranoia')) { + logger('Session address changed. Paranoid setting in effect, blocking session. ' + . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); + nuke_session(); + goaway(z_root()); + } } $r = q("select * from account where account_id = %d limit 1", |