new option: SESSION_CHECK_ADDRESS

master
Andrew Dolgov 19 years ago
parent 8fd92701e9
commit 09018e9526

@ -104,5 +104,8 @@
// Store session information in a database (recommended)
// Uses default PHP session storing mechanism if disabled
define('SESSION_CHECK_ADDRESS', true);
// Bind sessions to specific IP address (requires DATABASE_BACKED_SESSIONS)
// vim:ft=php
?>

@ -259,6 +259,7 @@ create table ttrss_scheduled_updates (id integer not null primary key auto_incre
create table ttrss_sessions (id varchar(300) unique not null primary key,
data text,
expire integer not null,
ip_address varchar(15) not null default '',
index (id),
index (expire)) TYPE=InnoDB;

@ -232,8 +232,9 @@ create table ttrss_scheduled_updates (id serial not null primary key,
entered timestamp not null default NOW());
create table ttrss_sessions (id varchar(300) unique not null primary key,
data text,
expire integer not null);
data text,
expire integer not null,
ip_address varchar(15) not null default '');
create index ttrss_sessions_expire_index on ttrss_sessions(expire);

@ -8,6 +8,7 @@ alter table ttrss_entries alter column author set default '';
create table ttrss_sessions (id varchar(300) unique not null primary key,
data text,
expire integer not null,
ip_address varchar(15) not null default '',
index (id),
index (expire)) TYPE=InnoDB;

@ -9,7 +9,8 @@ alter table ttrss_entries alter column author set default '';
create table ttrss_sessions (id varchar(300) unique not null primary key,
data text,
expire integer not null);
expire integer not null,
ip_address varchar(15) not null default '');
create index ttrss_sessions_id_index on ttrss_sessions(id);
create index ttrss_sessions_expire_index on ttrss_sessions(expire);

@ -22,7 +22,13 @@
global $session_connection,$session_read;
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
$ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
$query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart";
$res = db_query($session_connection, $query);
@ -47,12 +53,18 @@
$data = db_escape_string(base64_encode($data), $session_connection);
$ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data',
expire='$expire' WHERE id='$id'";
expire='$expire' WHERE id='$id' $address_check_qpart";
} else {
$query = "INSERT INTO ttrss_sessions (id, data, expire)
VALUES ('$id', '$data', '$expire')";
$query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address)
VALUES ('$id', '$data', '$expire', '$ip_address')";
}
db_query($session_connection, $query);
@ -71,8 +83,14 @@
function destroy ($id) {
global $session_connection;
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
$ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
$query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart";
db_query($session_connection, $query);

Loading…
Cancel
Save