Browse Source

remove SESSION_CHECK_ADDRESS

Andrew Dolgov 4 years ago
parent
commit
f5e66c439e
2 changed files with 0 additions and 36 deletions
  1. 0 7
      config.php-dist
  2. 0 29
      include/sessions.php

+ 0 - 7
config.php-dist

@@ -141,13 +141,6 @@
 	// Default lifetime of a session (e.g. login) cookie. In seconds, 
 	// 0 means cookie will be deleted when browser closes.
 
-	define('SESSION_CHECK_ADDRESS', 1);
-	// Check client IP address when validating session:
-	// 0 - disable checking
-	// 1 - check first 3 octets of an address (recommended)
-	// 2 - check first 2 octets of an address
-	// 3 - check entire address
-
 	// *********************************
 	// *** Email and digest settings ***
 	// *********************************

+ 0 - 29
include/sessions.php

@@ -39,41 +39,12 @@
 	function validate_session() {
 		if (SINGLE_USER_MODE) return true;
 
-		//if (VERSION_STATIC != $_SESSION["version"]) return false;
-
-		$check_ip = $_SESSION['ip_address'];
-
-		switch (SESSION_CHECK_ADDRESS) {
-		case 0:
-			$check_ip = '';
-			break;
-		case 1:
-			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
-			break;
-		case 2:
-			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.'));
-			$check_ip = substr($check_ip, 0, strrpos($check_ip, '.')+1);
-			break;
-		};
-
-		if ($check_ip && strpos($_SERVER['REMOTE_ADDR'], $check_ip) !== 0) {
-			$_SESSION["login_error_msg"] =
-				__("Session failed to validate (incorrect IP)");
-			return false;
-		}
-
 		if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
 			$_SESSION["login_error_msg"] =
 				__("Session failed to validate (schema version changed)");
 			return false;
 		}
 
-		/* if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
-			$_SESSION["login_error_msg"] =
-				__("Session failed to validate (user agent changed)");
-			return false;
-		} */
-
 		if ($_SESSION["uid"]) {
 			$result = Db::get()->query(
 				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");