RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce session logout if IP address changed

Browse Source 
Fixes #179
This commit is contained in:
Sebastian Grewe 2013-06-13 13:59:45 +02:00
parent 82155b6f72
commit bfaa0a67ef
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/include/classes/user.class.php
View File

@ -44,6 +44,9 @@ class User {
public function getUserToken($id) {
return $this->getSingle($id, 'token', 'id');
}
public function getUserIp($id) {
return $this->getSingle($id, 'loggedIp', 'id');
}
public function getIdFromToken($token) {
return $this->getSingle($token, 'id', 'token', 's');
}
@ -546,7 +549,7 @@ class User {
**/
public function isAuthenticated() {
$this->debug->append("STA " . __METHOD__, 4);
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']))
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']) && $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'])
return true;
// Catchall
$this->logoutUser();