diff --git a/public/include/admin_checks.php b/public/include/admin_checks.php
index 29f0a3eb..4935047d 100644
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@@ -78,8 +78,8 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
if (mysqli_connect_errno() || !array_key_exists('client_info', $db_connect)) {
$error[] = "Unable to connect to mysql using provided credentials";
}
- if (($config['strict'] || $config['mc_antidos']) && !$config['memcache']['enabled']) {
- $error[] = "strict or mc_antidos are enabled and memcache is not, memcache is required to use these.";
+ if ($config['mc_antidos'] && !$config['memcache']['enabled']) {
+ $error[] = "mc_antidos is enabled and memcache is not, memcache is required to use this";
}
// poke stratum using gettingstarted details -> enotice
if (substr_count(strtolower(PHP_OS), 'nix') > 0) {
@@ -102,10 +102,6 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
}
// security checks
- // strict not on -> notice
- if (!$config['strict']) {
- $notice[] = "Strict is disabled - if you have memcache, you should turn this on.";
- }
// salts too short -> notice, salts default -> error
if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php
index 7a12442c..6cd887e5 100644
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@@ -12,7 +12,7 @@ if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') {
// Default classes
require_once(CLASS_DIR . '/debug.class.php');
require_once(INCLUDE_DIR . '/lib/KLogger.php');
-if ($config['strict']) {
+if ($config['mysql_filter']) {
require_once(CLASS_DIR . '/strict.class.php');
}
require_once(INCLUDE_DIR . '/database.inc.php');
diff --git a/public/include/classes/memcache_ad.class.php b/public/include/classes/memcache_ad.class.php
index 25b48cf5..724c57d2 100644
--- a/public/include/classes/memcache_ad.class.php
+++ b/public/include/classes/memcache_ad.class.php
@@ -7,116 +7,79 @@ class MemcacheAntiDos
public $rate_limit_this_request = false;
public $rate_limit_api_request = false;
public $rate_limit_site_request = false;
- public function __construct($config, &$memcache, $userORip, $request='', $mcSettings) {
+ public function __construct($config, &$memcache, $request='') {
$this->cache = $memcache;
// set our config options
- $per_page = '';
- $flush_sec_api = $config['flush_seconds_api'];
- $rate_limit_api = $config['rate_limit_api'];
- $flush_sec_site = $config['flush_seconds_site'];
- $rate_limit_site = $config['rate_limit_site'];
- $ajax_add = $config['ajax_hits_additive'];
- unset($config);
+ $userORip = $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
// prep stuff we need to check this request
- $key_md5 = md5($mcSettings['keyprefix'].$userORip);
+ $key_md5 = $config['memcache']['keyprefix'].md5($userORip);
$request_data = $this->cache->get($key_md5);
$now = time();
- $max_req_flush = max(array($flush_sec_api,$flush_sec_site));
+ $max_req_flush = max(array($config['mc_antidos']['flush_seconds_api'],$config['mc_antidos']['flush_seconds_site']));
// check the request
if (is_array($request_data)) {
// this request key already exists, update it
$request_data['la'] = $now;
if ($request == 'api') {
$request_data['ha'] += 1;
- if ($ajax_add) {
+ if ($config['mc_antidos']['ajax_hits_additive']) {
$request_data['hn'] += 1;
}
} else {
$request_data['hn'] += 1;
}
// not rate limited yet, update the rest of the object
- if (($request_data['hn'] < $rate_limit_site) && ($request_data['ha'] < $rate_limit_api)) {
-
- if (((($request_data['hnl'] + $flush_sec_site) <= $now) || ($request_data['hal'] + $flush_sec_api) <= $now) || (($request_data['la'] + $max_req_flush) <= $now)) {
+ if (($request_data['hn'] < $config['mc_antidos']['rate_limit_site']) && ($request_data['ha'] < $config['mc_antidos']['rate_limit_api'])) {
+ if (((($request_data['hnl'] + $config['mc_antidos']['flush_seconds_site']) <= $now) || ($request_data['hal'] + $config['mc_antidos']['flush_seconds_api']) <= $now) || (($request_data['la'] + $max_req_flush) <= $now)) {
// needs to be flushed & updated
$new = $this->getRequestBase();
$new['key'] = $key_md5;
- $new['sid'] = session_id();
- $new['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
- $new['ip'] = $key_md5;
$new['la'] = $now;
- $new['hal'] = ((($request_data['hal'] + $flush_sec_api) <= $now)) ? $now : 1;
- $new['hnl'] = ((($request_data['hnl'] + $flush_sec_site) <= $now)) ? $now : 1;
- $this->cache->set($key_md5, $new, $max_req_flush);
- $this->rate_limit_api_request = ($request_data['ha'] >= $rate_limit_api) ? true : false;
- $this->rate_limit_site_request = ($request_data['hn'] >= $rate_limit_site) ? true : false;
- //$this->rate_limit_this_request = false;
+ $new['hal'] = ((($request_data['hal'] + $config['mc_antidos']['flush_seconds_api']) <= $now)) ? $now : 1;
+ $new['hnl'] = ((($request_data['hnl'] + $config['mc_antidos']['flush_seconds_site']) <= $now)) ? $now : 1;
+ $this->cache->set($key_md5, $new, $config['memcache']['expiration']);
+ $this->rate_limit_api_request = ($request_data['ha'] >= $config['mc_antidos']['rate_limit_api']) ? true : false;
+ $this->rate_limit_site_request = ($request_data['hn'] >= $config['mc_antidos']['rate_limit_site']) ? true : false;
} else {
// no flush, just update
$new = $this->getRequestBase();
- $new['key'] = $key_md5;
- $new['sid'] = session_id();
- $new['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
- $new['ip'] = $key_md5;
+ $new['key'] = $request_data['key'];
$new['la'] = time();
$new['ha'] = $request_data['ha'];
$new['hal'] = $request_data['hal'];
$new['hn'] = $request_data['hn'];
$new['hnl'] = $request_data['hnl'];
- $this->cache->set($key_md5, $new, $max_req_flush);
- //$this->rate_limit_this_request = false;
- $this->rate_limit_api_request = ($request_data['ha'] >= $rate_limit_api) ? true : false;
- $this->rate_limit_site_request = ($request_data['hn'] >= $rate_limit_site) ? true : false;
+ $this->cache->set($key_md5, $new, $config['memcache']['expiration']);
+ $this->rate_limit_api_request = ($request_data['ha'] >= $config['mc_antidos']['rate_limit_api']) ? true : false;
+ $this->rate_limit_site_request = ($request_data['hn'] >= $config['mc_antidos']['rate_limit_site']) ? true : false;
}
} else {
// too many hits, we should rate limit this
- //$this->rate_limit_this_request = true;
- $this->rate_limit_api_request = ($request_data['ha'] >= $rate_limit_api) ? true : false;
- $this->rate_limit_site_request = ($request_data['hn'] >= $rate_limit_site) ? true : false;
+ $this->rate_limit_api_request = ($request_data['ha'] >= $config['mc_antidos']['rate_limit_api']) ? true : false;
+ $this->rate_limit_site_request = ($request_data['hn'] >= $config['mc_antidos']['rate_limit_site']) ? true : false;
}
} else {
// doesn't exist for this request_key, create one
$new = $this->getRequestBase();
- $new['key'] = $key_md5;
- $new['sid'] = session_id();
- $new['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
- $new['ip'] = $key_md5;
+ $new['key'] = $config['memcache']['keyprefix'].md5($userORip);
$new['la'] = time();
if ($request == 'api') {
$new['ha'] += 1;
- if ($ajax_add) {
+ if ($config['mc_antidos']['ajax_hits_additive']) {
$new['hn'] += 1;
}
} else {
$new['hn'] += 1;
}
- $this->cache->set($key_md5, $new, $max_req_flush);
- $this->rate_limit_this_request = false;
+ $this->cache->set($key_md5, $new, $config['memcache']['expiration']);
+ $this->rate_limit_api_request = false;
+ $this->rate_limit_site_request = false;
}
}
public function getRequestBase() {
- $new = array(
- 'key' => '',
- 'sid' => '',
- 'ua' => '',
- 'ip' => '',
- 'la' => 0,
- 'hn' => 0,
- 'hnl' => 0,
- 'ha' => 0,
- 'hal' => 0
- );
+ $new = array('key' => '','la' => 0,'hn' => 0,'hnl' => 0,'ha' => 0,'hal' => 0);
return $new;
}
- public function rateLimitRequest() {
- return $this->rate_limit_this_request;
- }
- public function rateLimitSite() {
- return $this->rate_limit_site_request;
- }
- public function rateLimitAPI() {
- return $this->rate_limit_api_request;
- }
}
?>
\ No newline at end of file
diff --git a/public/include/classes/strict.class.php b/public/include/classes/strict.class.php
index bb6d2974..26576bd1 100644
--- a/public/include/classes/strict.class.php
+++ b/public/include/classes/strict.class.php
@@ -1,143 +1,6 @@
memcache->delete($key);
- }
- private $validation_misses = 0;
- private $initial_ua;
- public function create_or_update_client($client, $force=false, $login=false) {
- $read = $this->memcache->get($client['key']);
- // this needs to be available later
- $update = array('key' => '','sid' => '','ua' => '','ip' => '','la' => 0,'hn' => 0,'hnl' => 0,'ha' => 0,'hal' => 0);
- $update['sid'] = $client['sid'];
- $update['ua'] = md5($this->initial_ua);
- $update['ip'] = $client['ip'];
- $update['la'] = time();
- $update['key'] = md5($this->memcache_key.$client['ip']);
- $validation_misses = 0;
- if ($read !== false) {
- $read_model = array('key' => '','sid' => '','ua' => '','ip' => '','la' => 0,'hn' => 0,'hnl' => 0,'ha' => 0,'hal' => 0);
- $read_model['sid'] = @$read['sid'];
- $read_model['ip'] = @$read['ip'];
- $read_model['ua'] = @$read['ua'];
- $read_model['la'] = @$read['la'];
- $read_model['key'] = md5($this->memcache_key.$read['ip']);
- // key already exists, update
- if ($this->validate_client) {
- if ($this->verify_client($read_model, $update, $login)) {
- $update_client = $this->memcache->set($update['key'], $update);
- }
- }
- } else {
- $update_client = $this->memcache->set($client['key'], $client);
- if ($force && $login) {
- $update_client = $this->memcache->set($update['key'], $update);
- }
- }
- }
- public function verify_client($client_model, $data, $login=false) {
- $fails = 0;
- $fails += ((count($client_model)) !== (count($data)) && $this->validate_client) ? 1 : 0;
- $fails += ($client_model['ua'] !== $data['ua'] && $this->validate_client && $this->validate_client_ua) ? 1 : 0;
- $fails += ($client_model['ip'] !== $data['ip'] && $this->validate_client && $this->validate_client_ip) ? 1 : 0;
- $now = time();
- $this->validation_misses = $fails;
- if ($fails > $this->validate_client_num && $login == false && $this->validate_client) {
- // something changed
- $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
- $location = (@$_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
- $location .= $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'];
- $this->session_delete_key($client_model['key']);
- $this->session_delete_key($data['key']);
- @session_start();
- @session_regenerate_id(true);
- $_SESSION = null;
- $_SESSION['POPUP'][] = array('CONTENT' => "Session revoked due to a change in your client. You may have a plugin messing with your useragent, or your IP address may have changed.", 'TYPE' => 'warning');
- $location.= '?page=login';
- if (!headers_sent()) exit(header('Location: ' . $location));
- exit('');
- }
- return ($fails > 0) ? false : true;
- }
- public function read_if_client_exists($client_key) {
- if ($this->memcache !== null) {
- $exists = $this->memcache->get($client_key);
- }
- return ($exists !== null) ? $exists : false;
- }
- public function regen_session_id() {
- $sidbefore = @session_id();
- @session_regenerate_id(true);
- $sid = session_id();
- return $sid;
- }
- public function __construct($config, &$memcache) {
- $this->initial_ua = $_SERVER['HTTP_USER_AGENT'];
- $this->memcache = $memcache;
- $this->memcache_key = $config['memcache']['keyprefix'];
- if ($config['strict__verify_client']) {
- $this->validate_client = true;
- $this->validate_client_ip = $config['strict__verify_client_ip'];
- $this->validate_client_ua = $config['strict__verify_client_useragent'];
- $this->validate_client_sid = $config['strict__verify_client_sessionid'];
- $this->validate_client_num = 0;
- if ($config['strict__verify_server']) {
- $proto = (@$_SERVER['HTTPS'] == "on") ? 'https' : 'http';
- $location = $proto."://".$_SERVER['SERVER_NAME'] . $_SERVER['SERVER_PORT'];
- if ($config['strict__verify_server']) {
- if ($config['strict__bind_protocol']."://".$config['strict__bind_host'].$config['strict__bind_port'] !== $location) {
- return false;
- }
- }
- }
- $client = array('key' => '','sid' => '','ua' => '','ip' => '','la' => 0,'hn' => 0,'hnl' => 0,'ha' => 0,'hal' => 0);
- $client['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
- $client['ip'] = md5($_SERVER['REMOTE_ADDR']);
- $client['la'] = time();
- $client['key'] = md5($this->memcache_key.$client['ip']);
- $read = $this->read_if_client_exists($client['key']);
- }
- session_set_cookie_params((time()+$config['cookie']['duration']), $config['cookie']['path'], $config['cookie']['domain'], false, true);
- $session_start = @session_start();
- $client['sid'] = session_id();
- $valid_session_id = $this->valid_session_id($client['sid']);
- if (!$valid_session_id || !$session_start) {
- @session_destroy();
- $client['sid'] = $this->regen_session_id();
- session_start();
- }
- if ($read !== null) {
- // client exists, verify
- $this->create_or_update_client($client, true, false);
-
- } else {
- // doesn't exist
- $this->create_or_update_client($client, true, true);
- }
- @setcookie(session_name(), $client['sid'], (time()+$config['cookie']['duration']), $config['cookie']['path'], $config['cookie']['domain'], false, true);
- // post changes validate
- if ($this->validate_client) {
- $read_post = $this->read_if_client_exists($client['key']);
- if ($read_post !== null) {
- $this->verify_client($client, $read_post, true);
- }
- }
- }
-}
-
class mysqli_strict extends mysqli {
public function bind_param($paramTypes) {
if (!is_string($paramTypes)) {
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index bcac801c..aa2b0319 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -503,17 +503,10 @@ class User extends Base {
if (!empty($lastIP) && (!empty($lastLoginTime))) {
$_SESSION['last_ip_pop'] = array($lastIP, $lastLoginTime);
}
- if ($this->config['strict'] && $this->config['memcache']['enabled']) {
- session_regenerate_id(true);
- $_SESSION['AUTHENTICATED'] = '1';
- // $this->user from checkUserPassword
- $_SESSION['USERDATA'] = $this->user;
- } else {
- session_regenerate_id(true);
- $_SESSION['AUTHENTICATED'] = '1';
- // $this->user from checkUserPassword
- $_SESSION['USERDATA'] = $this->user;
- }
+ session_regenerate_id(true);
+ $_SESSION['AUTHENTICATED'] = '1';
+ // $this->user from checkUserPassword
+ $_SESSION['USERDATA'] = $this->user;
}
/**
@@ -814,17 +807,10 @@ class User extends Base {
**/
public function isAuthenticated($logout=true) {
$this->debug->append("STA " . __METHOD__, 4);
- if (!$this->config['strict']) {
- if (@$_SESSION['AUTHENTICATED'] == true &&
- !$this->isLocked($_SESSION['USERDATA']['id']) &&
- $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
- ) return true;
- } else {
- if (@$_SESSION['AUTHENTICATED'] && $_SESSION['AUTHENTICATED'] == '1' &&
- (!$this->isLocked($_SESSION['USERDATA']['id'])) &&
- ($this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']))
- return true;
- }
+ if (@$_SESSION['AUTHENTICATED'] == true &&
+ !$this->isLocked($_SESSION['USERDATA']['id']) &&
+ $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
+ ) return true;
// Catchall
if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
return false;
diff --git a/public/include/config/security.inc.dist.php b/public/include/config/security.inc.dist.php
index 56cd4e32..20f4c140 100644
--- a/public/include/config/security.inc.dist.php
+++ b/public/include/config/security.inc.dist.php
@@ -2,22 +2,12 @@
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
/**
- * Strict Mode
- * Extra security options that can help protect against a few different types of attacks
- * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-strict-mode
+ * Misc
+ * Extra security settings
+ *
**/
-$config['strict'] = true;
-$config['strict__https_only'] = false;
-$config['strict__mysql_filter'] = true;
-$config['strict__verify_client'] = true;
-$config['strict__verify_client_ip'] = true;
-$config['strict__verify_client_useragent'] = true;
-$config['strict__verify_client_sessionid'] = true;
-$config['strict__verify_client_fails'] = 0;
-$config['strict__verify_server'] = false;
-$config['strict__bind_protocol'] = 'https';
-$config['strict__bind_host'] = '';
-$config['strict__bind_port'] = 443;
+$config['https_only'] = false;
+$config['mysql_filter'] = true;
/**
* Memcache Rate Limiting
diff --git a/public/include/database.inc.php b/public/include/database.inc.php
index 1146e239..a65e708b 100644
--- a/public/include/database.inc.php
+++ b/public/include/database.inc.php
@@ -2,7 +2,7 @@
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
// Instantiate class, we are using mysqlng
-if ($config['strict'] && $config['strict__mysql_filter']) {
+if ($config['mysql_filter']) {
$mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
} else {
$mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index d80dd08c..a8f7cd0e 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -29,17 +29,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserIdByEmail
$port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
$location = (@$_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
$location .= $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'];
- if ($config['strict'] && $config['memcache']['enabled']) {
- $update = array('key' => '','sid' => '','ua' => '','ip' => '','la' => 0,'hn' => 0,'hnl' => 0,'ha' => 0,'hal' => 0);
- $session->regen_session_id();
- $update['sid'] = session_id();
- $update['ua'] = md5($_SERVER['HTTP_USER_AGENT']);
- $update['ip'] = md5($_SERVER['REMOTE_ADDR']);
- $update['la'] = time();
- $update['key'] = md5($update['ip']);
- $session->create_or_update_client($update, true, true);
- $location.= '?page=dashboard';
- }
+ $location.= '?page=dashboard';
if (!headers_sent()) header('Location: ' . $location);
exit('');
} else {
diff --git a/public/include/pages/logout.inc.php b/public/include/pages/logout.inc.php
index c15f350a..9b6e12a6 100644
--- a/public/include/pages/logout.inc.php
+++ b/public/include/pages/logout.inc.php
@@ -1,18 +1,7 @@
logoutUser();
- $update = $session::$client_model;
- $update['sid'] = session_id();
- $update['ua'] = $_SERVER['HTTP_USER_AGENT'];
- $update['ip'] = $_SERVER['REMOTE_ADDR'];
- $update['la'] = time();
- $update['key'] = md5($update['ua'].$update['ip']);
- $session->create_or_update_client($update, true);
-} else {
- $user->logoutUser();
-}
+$user->logoutUser();
$smarty->assign("CONTENT", "default.tpl");
?>
diff --git a/public/index.php b/public/index.php
index 5fcb7ac6..811b9b05 100644
--- a/public/index.php
+++ b/public/index.php
@@ -40,40 +40,33 @@ define("BASEPATH", dirname(__FILE__) . "/");
include_once('include/bootstrap.php');
// switch to https if config option is enabled
-$hts = ($config['strict__https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
-($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
+$hts = ($config['https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
+($config['https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
-if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
+if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled']) {
if (PHP_OS == 'WINNT') {
require_once(CLASS_DIR . 'memcached.class.php');
}
- // strict mode and memcache antidos need a memcache handle
+ // memcache antidos needs a memcache handle
$memcache = new Memcached();
$memcache->addServer($config['memcache']['host'], $config['memcache']['port']);
}
-if ($config['memcache']['enabled'] && $config['strict'] || $config['mc_antidos']['enabled']) {
+if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled']) {
require_once(CLASS_DIR . '/memcache_ad.class.php');
}
-if ($config['memcache']['enabled'] && $config['strict']) {
- $session = new strict_session($config, $memcache);
- if ($config['strict__verify_server'] && !$session) {
- // server not verified, session manager will kill the client verification failures
- exit(header('HTTP/1.1 401 Unauthorized'));
- }
-} else {
- $session_start = @session_start();
- session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
- if (!$session_start) {
- session_destroy();
- session_regenerate_id(true);
- session_start();
- }
- @setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+$session_start = @session_start();
+session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+if (!$session_start) {
+ session_destroy();
+ session_regenerate_id(true);
+ session_start();
}
+@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+
// Rate limiting
-if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
+if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled']) {
$skip_check = false;
// if this is an api call we need to be careful not to time them out for those calls separately
$per_page = '';
@@ -97,14 +90,12 @@ if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $conf
$skip_check = true;
}
if (!$skip_check) {
- $mcad = new MemcacheAntiDos($config['mc_antidos'], $memcache, $_SERVER['REMOTE_ADDR'], $per_page, $config['memcache']);
- $rate_limit_reached_site = $mcad->rateLimitSite();
- $rate_limit_reached_api = $mcad->rateLimitAPI();
- if ($rate_limit_reached_api && $is_ajax_call && $config['mc_antidos']['protect_ajax']) {
+ $mcad = new MemcacheAntiDos($config, $memcache, $per_page);
+ if ($config['mc_antidos']['protect_ajax'] && $is_ajax_call && $mcad->rate_limit_api_request) {
exit(header('HTTP/1.1 401 Unauthorized'));
}
$error_page = $config['mc_antidos']['error_push_page'];
- if ($rate_limit_reached_site == true) {
+ if ($mcad->rate_limit_site_request) {
if (!is_array($error_page) || count($error_page) < 1 || (empty($error_page['page']) && empty($error_page['action']))) {
die("You are sending too many requests too fast!");
} else {