RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FIX] Suppress potential empty HTTP_USER_AGENT

Browse Source
This commit is contained in:
Sebastian Grewe 2014-02-06 16:34:06 +01:00
parent baaf8bf6eb
commit 93470fd63e
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/include/classes/memcache_ad.class.php
View File

@ -10,7 +10,7 @@ class MemcacheAntiDos
public function __construct($config, &$memcache, $request='') {
$this->cache = $memcache;
// set our config options
$userORip = $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
$userORip = $_SERVER['REMOTE_ADDR'].@$_SERVER['HTTP_USER_AGENT'];
// prep stuff we need to check this request
$key_md5 = $config['memcache']['keyprefix'].md5($userORip);
$request_data = $this->cache->get($key_md5);
@ -82,4 +82,4 @@ class MemcacheAntiDos
}
}
?>
?>

4
public/include/classes/user.class.php
View File

@ -552,7 +552,7 @@ class User extends Base {
// $this->user from checkUserPassword
$_SESSION['USERDATA'] = $this->user;
if ($this->config['protect_session_state']) {
$_SESSION['STATE'] = md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT']);
$_SESSION['STATE'] = md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].@$_SERVER['HTTP_USER_AGENT']);
}
}
@ -864,7 +864,7 @@ public function isAuthenticated($logout=true) {
if (@$_SESSION['AUTHENTICATED'] == true &&
!$this->isLocked($_SESSION['USERDATA']['id']) &&
$this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'] &&
(!$this->config['protect_session_state'] || ($this->config['protect_session_state'] && $_SESSION['STATE'] == md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT'])))
(!$this->config['protect_session_state'] || ($this->config['protect_session_state'] && $_SESSION['STATE'] == md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].@$_SERVER['HTTP_USER_AGENT'])))
) return true;
// Catchall
$this->log->log("warn", "Forcing logout, user is locked or IP changed mid session from [".$_SERVER['REMOTE_ADDR']."] [hijack attempt?]");