<?php // Start session ini_set("session.cookie_httponly", 1); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") { ini_set("session.cookie_secure", 1); $IS_HTTPS = true; } elseif (isset($_SERVER['HTTPS'])) { ini_set("session.cookie_secure", 1); $IS_HTTPS = true; } else { $IS_HTTPS = false; } session_set_cookie_params($GLOBALS['SESSION_LIFETIME'], '/', $_SERVER['SERVER_NAME'], $IS_HTTPS, true); session_start(); // Handle logouts if (isset($_POST["logout"])) { if (isset($_SESSION["dual-login"])) { $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"]; $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"]; unset($_SESSION["dual-login"]); } else { session_regenerate_id(true); session_unset(); session_destroy(); session_write_close(); header("Location: /"); } } // Set session IP and UA if (!isset($_SESSION['SESS_REMOTE_IP'])) { $_SESSION['SESS_REMOTE_IP'] = $_SERVER['REMOTE_ADDR']; } if (!isset($_SESSION['SESS_REMOTE_UA'])) { $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT']; } // Check session function session_check() { if (!isset($_SESSION['SESS_REMOTE_IP']) || !isset($_SESSION['SESS_REMOTE_UA'])) { return false; } if ($_SESSION['SESS_REMOTE_IP'] != $_SERVER['REMOTE_ADDR']) { return false; } if ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT']) { return false; } return true; } if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) { exit("Invalid session"); }