diff options
author | friendica <info@friendica.com> | 2014-07-20 00:24:12 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-07-20 00:24:12 -0700 |
commit | f65890091e2fdca896d665609be2d1d8d578829c (patch) | |
tree | 768d039f93ba93e84c4564a641bb6c8f674cf994 /include | |
parent | 67000917f48d3b199cc46b1eb9a4e59de32855f9 (diff) | |
download | volse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.tar.gz volse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.tar.bz2 volse-hubzilla-f65890091e2fdca896d665609be2d1d8d578829c.zip |
add more control to auth paranoia setting
Diffstat (limited to 'include')
-rw-r--r-- | include/auth.php | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/include/auth.php b/include/auth.php index 8e02b7b4f..a8a1a5f5c 100644 --- a/include/auth.php +++ b/include/auth.php @@ -130,11 +130,34 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - if(get_config('system','paranoia')) { - logger('Session address changed. Paranoid setting in effect, blocking session. ' + + $partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.')); + $partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.')); + + $paranoia = intval(get_config('system','paranoia')); + switch($paranoia) { + case 0: + // no IP checking + break; + case 2: + // check 2 octets + $partial1 = substr($partial1,0,strrpos($partial1,'.')); + $partial2 = substr($partial2,0,strrpos($partial2,'.')); + if($partial1 == $partial2) + break; + case 1: + // check 3 octets + if($partial1 == $partial2) + break; + case 3: + default: + // check any difference at all + logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(z_root()); + nuke_session(); + goaway(z_root()); + break; + } } |