Changeset 12119


Ignore:
Timestamp:
Sep 8, 2011, 8:47:30 PM (9 years ago)
Author:
rvelices
Message:
  • fix protection against session hijacking for IPv4; ti be done later for ipv6
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_session.inc.php

    r11951 r12119  
    9595function get_remote_addr_session_hash()
    9696{
    97   $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.'))
    98     ? ':'
    99     : '.'
    100   ;
    101 
    102   return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
    103 }
     97  if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
     98  {//ipv4
     99    return vsprintf(
     100      "%02X%02X",
     101      explode('.',$_SERVER['REMOTE_ADDR'])
     102    );
     103  }
     104  return ''; //ipv6 not yet
     105}
     106
    104107/**
    105108 * this function returns
Note: See TracChangeset for help on using the changeset viewer.