RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #180 from TheSerapher/issue-179

Browse Source 
Enforce session logout if IP address changed
This commit is contained in:
Sebastian Grewe 2013-06-13 05:00:22 -07:00
commit 2019b9da9f
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/include/classes/user.class.php
View File

@ -44,6 +44,9 @@ class User {
public function getUserToken($id) {
return $this->getSingle($id, 'token', 'id');
}
public function getUserIp($id) {
return $this->getSingle($id, 'loggedIp', 'id');
}
public function getIdFromToken($token) {
return $this->getSingle($token, 'id', 'token', 's');
}
@ -546,7 +549,7 @@ class User {
**/
public function isAuthenticated() {
$this->debug->append("STA " . __METHOD__, 4);
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']))
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']) && $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'])
return true;
// Catchall
$this->logoutUser();