Changeset 12119


Ignore:
Timestamp:
09/08/11 20:47:30 (8 years ago)
Author:
rvelices
Message:
  • fix protection against session hijacking for IPv4; ti be done later for ipv6
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_session.inc.php

    r11951 r12119  
    9595function get_remote_addr_session_hash() 
    9696{ 
    97   $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.')) 
    98     ? ':' 
    99     : '.' 
    100   ; 
    101  
    102   return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4); 
    103 } 
     97  if (strpos($_SERVER['REMOTE_ADDR'],':')===false) 
     98  {//ipv4 
     99    return vsprintf( 
     100      "%02X%02X", 
     101      explode('.',$_SERVER['REMOTE_ADDR']) 
     102    ); 
     103  } 
     104  return ''; //ipv6 not yet 
     105} 
     106 
    104107/** 
    105108 * this function returns 
Note: See TracChangeset for help on using the changeset viewer.