aboutsummaryrefslogtreecommitdiffstats
path: root/include/auth.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-07-20 00:24:12 -0700
committerfriendica <info@friendica.com>2014-07-20 00:24:12 -0700
commitf65890091e2fdca896d665609be2d1d8d578829c (patch)
tree768d039f93ba93e84c4564a641bb6c8f674cf994 /include/auth.php
parent67000917f48d3b199cc46b1eb9a4e59de32855f9 (diff)
downloadvolse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.tar.gz
volse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.tar.bz2
volse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.zip
add more control to auth paranoia setting
Diffstat (limited to 'include/auth.php')
-rw-r--r--include/auth.php31
1 files changed, 27 insertions, 4 deletions
diff --git a/include/auth.php b/include/auth.php
index 8e02b7b4f..a8a1a5f5c 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -130,11 +130,34 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
- if(get_config('system','paranoia')) {
- logger('Session address changed. Paranoid setting in effect, blocking session. '
+
+ $partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.'));
+ $partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.'));
+
+ $paranoia = intval(get_config('system','paranoia'));
+ switch($paranoia) {
+ case 0:
+ // no IP checking
+ break;
+ case 2:
+ // check 2 octets
+ $partial1 = substr($partial1,0,strrpos($partial1,'.'));
+ $partial2 = substr($partial2,0,strrpos($partial2,'.'));
+ if($partial1 == $partial2)
+ break;
+ case 1:
+ // check 3 octets
+ if($partial1 == $partial2)
+ break;
+ case 3:
+ default:
+ // check any difference at all
+ logger('Session address changed. Paranoid setting in effect, blocking session. '
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
- nuke_session();
- goaway(z_root());
+ nuke_session();
+ goaway(z_root());
+ break;
+
}
}