diff options
author | Ryan Parrish <[email protected]> | 2013-04-01 10:41:20 -0400 |
---|---|---|
committer | Ryan Parrish <[email protected]> | 2013-04-01 10:41:20 -0400 |
commit | f4bae03a6ef44dbc37138200c8691e17078dbe69 (patch) | |
tree | 02ae082335e88869d0075fa9d9559825829c8a6d /include | |
parent | 7081aaa09bf57d908c77ba21276dcf71901eb184 (diff) | |
parent | 837ec70e3ee4378f4d7a0a616ad0f291b311152a (diff) |
Merge branch 'master' of https://github.com/stickystyle/Tiny-Tiny-RSS
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 1 | ||||
-rw-r--r-- | include/sessions.php | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index e86c97474..ece6d1b91 100644 --- a/include/functions.php +++ b/include/functions.php @@ -621,6 +621,7 @@ $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); $_SESSION["last_version_check"] = time(); diff --git a/include/sessions.php b/include/sessions.php index ff9d28a30..dd1ca663d 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -59,6 +59,9 @@ if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true)) return false; + if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) + return false; + if ($_SESSION["uid"]) { $result = db_query($link, "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'"); |