aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2011-09-08 18:47:30 +0000
committerrvelices <rv-github@modusoptimus.com>2011-09-08 18:47:30 +0000
commitbfd6bc92ddb21bb2a743dc701142b840575caf47 (patch)
tree232174f7a1fa3350f2b216aee5d44a73d22ca600
parent1d3fc9005f00927c19c291f33b5bfffdd81cad6e (diff)
- fix protection against session hijacking for IPv4; ti be done later for ipv6
git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_session.inc.php15
1 files changed, 9 insertions, 6 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 6d0f12a9b..411b374bf 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -94,13 +94,16 @@ function pwg_session_close()
function get_remote_addr_session_hash()
{
- $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.'))
- ? ':'
- : '.'
- ;
-
- return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
+ if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
+ {//ipv4
+ return vsprintf(
+ "%02X%02X",
+ explode('.',$_SERVER['REMOTE_ADDR'])
+ );
+ }
+ return ''; //ipv6 not yet
}
+
/**
* this function returns
* a string corresponding to the value of the variable save in the session