summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--classes/userhelper.php1
-rw-r--r--include/sessions.php21
2 files changed, 2 insertions, 20 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php
index d929583f7..2bb83a02a 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -48,7 +48,6 @@ class UserHelper {
$_SESSION["access_level"] = $user->access_level;
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
$_SESSION["ip_address"] = UserHelper::get_user_ip();
- $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
$_SESSION["pwd_hash"] = $user->pwd_hash;
$user->last_login = Db::NOW();
diff --git a/include/sessions.php b/include/sessions.php
index cda42f52b..9044c609b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -22,35 +22,18 @@
function validate_session() {
if (\Config::get(\Config::SINGLE_USER_MODE)) return true;
- /* if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != \Config::get_schema_version()) {
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (schema version changed)");
- return false;
- } */
-
$pdo = \Db::pdo();
if (!empty($_SESSION["uid"])) {
-
- if ($_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
- $_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");
- return false;
- }
-
$user = \ORM::for_table('ttrss_users')->find_one($_SESSION["uid"]);
if ($user) {
if ($user->pwd_hash != $_SESSION["pwd_hash"]) {
-
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (password changed)");
-
+ $_SESSION["login_error_msg"] = __("Session failed to validate (password changed)");
return false;
}
} else {
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (user not found)");
-
+ $_SESSION["login_error_msg"] = __("Session failed to validate (user not found)");
return false;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 20:28:51 +0000