From ce515f7fc25e8e7bbe24acef89b662cef94270ee Mon Sep 17 00:00:00 2001 From: Michael Kuron Date: Thu, 18 May 2017 19:26:01 +0200 Subject: [PATCH] Remove REMOTE_ADDR check --- data/web/inc/sessions.inc.php | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php index f78ce532..0dcd6472 100644 --- a/data/web/inc/sessions.inc.php +++ b/data/web/inc/sessions.inc.php @@ -19,20 +19,14 @@ if (!isset($_SESSION['CSRF']['TOKEN'])) { $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32)); } -// Set session IP and UA -if (!isset($_SESSION['SESS_REMOTE_IP'])) { - $_SESSION['SESS_REMOTE_IP'] = $_SERVER['REMOTE_ADDR']; -} +// Set session UA if (!isset($_SESSION['SESS_REMOTE_UA'])) { $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT']; } // Check session function session_check() { - if (!isset($_SESSION['SESS_REMOTE_IP']) || !isset($_SESSION['SESS_REMOTE_UA'])) { - return false; - } - if ($_SESSION['SESS_REMOTE_IP'] != $_SERVER['REMOTE_ADDR']) { + if (!isset($_SESSION['SESS_REMOTE_UA'])) { return false; } if ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT']) { @@ -70,4 +64,4 @@ if (isset($_POST["logout"])) { session_write_close(); header("Location: /"); } -} \ No newline at end of file +}