new option: SESSION_CHECK_ADDRESS

master
Andrew Dolgov 19 years ago
parent 8fd92701e9
commit 09018e9526

@ -104,5 +104,8 @@
// Store session information in a database (recommended) // Store session information in a database (recommended)
// Uses default PHP session storing mechanism if disabled // Uses default PHP session storing mechanism if disabled
define('SESSION_CHECK_ADDRESS', true);
// Bind sessions to specific IP address (requires DATABASE_BACKED_SESSIONS)
// vim:ft=php // vim:ft=php
?> ?>

@ -259,6 +259,7 @@ create table ttrss_scheduled_updates (id integer not null primary key auto_incre
create table ttrss_sessions (id varchar(300) unique not null primary key, create table ttrss_sessions (id varchar(300) unique not null primary key,
data text, data text,
expire integer not null, expire integer not null,
ip_address varchar(15) not null default '',
index (id), index (id),
index (expire)) TYPE=InnoDB; index (expire)) TYPE=InnoDB;

@ -233,7 +233,8 @@ create table ttrss_scheduled_updates (id serial not null primary key,
create table ttrss_sessions (id varchar(300) unique not null primary key, create table ttrss_sessions (id varchar(300) unique not null primary key,
data text, data text,
expire integer not null); expire integer not null,
ip_address varchar(15) not null default '');
create index ttrss_sessions_expire_index on ttrss_sessions(expire); create index ttrss_sessions_expire_index on ttrss_sessions(expire);

@ -8,6 +8,7 @@ alter table ttrss_entries alter column author set default '';
create table ttrss_sessions (id varchar(300) unique not null primary key, create table ttrss_sessions (id varchar(300) unique not null primary key,
data text, data text,
expire integer not null, expire integer not null,
ip_address varchar(15) not null default '',
index (id), index (id),
index (expire)) TYPE=InnoDB; index (expire)) TYPE=InnoDB;

@ -9,7 +9,8 @@ alter table ttrss_entries alter column author set default '';
create table ttrss_sessions (id varchar(300) unique not null primary key, create table ttrss_sessions (id varchar(300) unique not null primary key,
data text, data text,
expire integer not null); expire integer not null,
ip_address varchar(15) not null default '');
create index ttrss_sessions_id_index on ttrss_sessions(id); create index ttrss_sessions_id_index on ttrss_sessions(id);
create index ttrss_sessions_expire_index on ttrss_sessions(expire); create index ttrss_sessions_expire_index on ttrss_sessions(expire);

@ -22,7 +22,13 @@
global $session_connection,$session_read; global $session_connection,$session_read;
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'"; $ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
$query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart";
$res = db_query($session_connection, $query); $res = db_query($session_connection, $query);
@ -47,12 +53,18 @@
$data = db_escape_string(base64_encode($data), $session_connection); $data = db_escape_string(base64_encode($data), $session_connection);
$ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
if ($session_read) { if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data', $query = "UPDATE ttrss_sessions SET data='$data',
expire='$expire' WHERE id='$id'"; expire='$expire' WHERE id='$id' $address_check_qpart";
} else { } else {
$query = "INSERT INTO ttrss_sessions (id, data, expire) $query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address)
VALUES ('$id', '$data', '$expire')"; VALUES ('$id', '$data', '$expire', '$ip_address')";
} }
db_query($session_connection, $query); db_query($session_connection, $query);
@ -72,7 +84,13 @@
global $session_connection; global $session_connection;
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'"; $ip_address = $_SERVER["REMOTE_ADDR"];
if (SESSION_CHECK_ADDRESS) {
$address_check_qpart = " AND ip_address = '$ip_address'";
}
$query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart";
db_query($session_connection, $query); db_query($session_connection, $query);

Loading…
Cancel
Save