diff options
author | Andrew Dolgov <[email protected]> | 2006-03-02 09:32:44 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2006-03-02 09:32:44 +0100 |
commit | 09018e9526843334144d90c1891de2489148f85f (patch) | |
tree | f8cb246596ec592cb10cdc0ddd92ed44e792f8e7 /sessions.php | |
parent | 8fd92701e9074b79a72982809a6a87f8e943399a (diff) |
new option: SESSION_CHECK_ADDRESS
Diffstat (limited to 'sessions.php')
-rw-r--r-- | sessions.php | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/sessions.php b/sessions.php index 54b862a39..3d931d968 100644 --- a/sessions.php +++ b/sessions.php @@ -22,7 +22,13 @@ global $session_connection,$session_read; - $query = "SELECT data FROM ttrss_sessions WHERE id='$id'"; + $ip_address = $_SERVER["REMOTE_ADDR"]; + + if (SESSION_CHECK_ADDRESS) { + $address_check_qpart = " AND ip_address = '$ip_address'"; + } + + $query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart"; $res = db_query($session_connection, $query); @@ -47,12 +53,18 @@ $data = db_escape_string(base64_encode($data), $session_connection); + $ip_address = $_SERVER["REMOTE_ADDR"]; + + if (SESSION_CHECK_ADDRESS) { + $address_check_qpart = " AND ip_address = '$ip_address'"; + } + if ($session_read) { $query = "UPDATE ttrss_sessions SET data='$data', - expire='$expire' WHERE id='$id'"; + expire='$expire' WHERE id='$id' $address_check_qpart"; } else { - $query = "INSERT INTO ttrss_sessions (id, data, expire) - VALUES ('$id', '$data', '$expire')"; + $query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address) + VALUES ('$id', '$data', '$expire', '$ip_address')"; } db_query($session_connection, $query); @@ -71,8 +83,14 @@ function destroy ($id) { global $session_connection; - - $query = "DELETE FROM ttrss_sessions WHERE id = '$id'"; + + $ip_address = $_SERVER["REMOTE_ADDR"]; + + if (SESSION_CHECK_ADDRESS) { + $address_check_qpart = " AND ip_address = '$ip_address'"; + } + + $query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart"; db_query($session_connection, $query); |