mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2025-12-13 05:25:56 +00:00
new option: SESSION_CHECK_ADDRESS
This commit is contained in:
Andrew Dolgov
@@ -104,5 +104,8 @@
|
||||
// Store session information in a database (recommended)
|
||||
// Uses default PHP session storing mechanism if disabled
|
||||
|
||||
define('SESSION_CHECK_ADDRESS', true);
|
||||
// Bind sessions to specific IP address (requires DATABASE_BACKED_SESSIONS)
|
||||
|
||||
// vim:ft=php
|
||||
?>
|
||||
|
||||
@@ -259,6 +259,7 @@ create table ttrss_scheduled_updates (id integer not null primary key auto_incre
|
||||
create table ttrss_sessions (id varchar(300) unique not null primary key,
|
||||
data text,
|
||||
expire integer not null,
|
||||
ip_address varchar(15) not null default '',
|
||||
index (id),
|
||||
index (expire)) TYPE=InnoDB;
|
||||
|
||||
|
||||
@@ -232,8 +232,9 @@ create table ttrss_scheduled_updates (id serial not null primary key,
|
||||
entered timestamp not null default NOW());
|
||||
|
||||
create table ttrss_sessions (id varchar(300) unique not null primary key,
|
||||
data text,
|
||||
expire integer not null);
|
||||
data text,
|
||||
expire integer not null,
|
||||
ip_address varchar(15) not null default '');
|
||||
|
||||
create index ttrss_sessions_expire_index on ttrss_sessions(expire);
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ alter table ttrss_entries alter column author set default '';
|
||||
create table ttrss_sessions (id varchar(300) unique not null primary key,
|
||||
data text,
|
||||
expire integer not null,
|
||||
ip_address varchar(15) not null default '',
|
||||
index (id),
|
||||
index (expire)) TYPE=InnoDB;
|
||||
|
||||
|
||||
@@ -9,7 +9,8 @@ alter table ttrss_entries alter column author set default '';
|
||||
|
||||
create table ttrss_sessions (id varchar(300) unique not null primary key,
|
||||
data text,
|
||||
expire integer not null);
|
||||
expire integer not null,
|
||||
ip_address varchar(15) not null default '');
|
||||
|
||||
create index ttrss_sessions_id_index on ttrss_sessions(id);
|
||||
create index ttrss_sessions_expire_index on ttrss_sessions(expire);
|
||||
|
||||
30
sessions.php
30
sessions.php
@@ -22,7 +22,13 @@
|
||||
|
||||
global $session_connection,$session_read;
|
||||
|
||||
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
|
||||
$ip_address = $_SERVER["REMOTE_ADDR"];
|
||||
|
||||
if (SESSION_CHECK_ADDRESS) {
|
||||
$address_check_qpart = " AND ip_address = '$ip_address'";
|
||||
}
|
||||
|
||||
$query = "SELECT data FROM ttrss_sessions WHERE id='$id' $address_check_qpart";
|
||||
|
||||
$res = db_query($session_connection, $query);
|
||||
|
||||
@@ -47,12 +53,18 @@
|
||||
|
||||
$data = db_escape_string(base64_encode($data), $session_connection);
|
||||
|
||||
$ip_address = $_SERVER["REMOTE_ADDR"];
|
||||
|
||||
if (SESSION_CHECK_ADDRESS) {
|
||||
$address_check_qpart = " AND ip_address = '$ip_address'";
|
||||
}
|
||||
|
||||
if ($session_read) {
|
||||
$query = "UPDATE ttrss_sessions SET data='$data',
|
||||
expire='$expire' WHERE id='$id'";
|
||||
expire='$expire' WHERE id='$id' $address_check_qpart";
|
||||
} else {
|
||||
$query = "INSERT INTO ttrss_sessions (id, data, expire)
|
||||
VALUES ('$id', '$data', '$expire')";
|
||||
$query = "INSERT INTO ttrss_sessions (id, data, expire, ip_address)
|
||||
VALUES ('$id', '$data', '$expire', '$ip_address')";
|
||||
}
|
||||
|
||||
db_query($session_connection, $query);
|
||||
@@ -71,8 +83,14 @@
|
||||
function destroy ($id) {
|
||||
|
||||
global $session_connection;
|
||||
|
||||
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
|
||||
|
||||
$ip_address = $_SERVER["REMOTE_ADDR"];
|
||||
|
||||
if (SESSION_CHECK_ADDRESS) {
|
||||
$address_check_qpart = " AND ip_address = '$ip_address'";
|
||||
}
|
||||
|
||||
$query = "DELETE FROM ttrss_sessions WHERE id = '$id' $address_check_qpart";
|
||||
|
||||
db_query($session_connection, $query);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user