- fix protection against session hijacking for IPv4; ti be done later for ipv6

git-svn-id: http://piwigo.org/svn/trunk@12119 68402e56-0260-453c-a942-63ccdbb3a9ee
author: rvelices <rv-github@modusoptimus.com> 2011-09-08 18:47:30 +0000
committer: rvelices <rv-github@modusoptimus.com> 2011-09-08 18:47:30 +0000
commit: bfd6bc92ddb21bb2a743dc701142b840575caf47 (patch)
tree: 232174f7a1fa3350f2b216aee5d44a73d22ca600
parent: 1d3fc9005f00927c19c291f33b5bfffdd81cad6e (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 6d0f12a9b..411b374bf 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -94,13 +94,16 @@ function pwg_session_close()
 
 function get_remote_addr_session_hash()
 {
-  $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.'))
-    ? ':'
-    : '.'
-  ;
-
-  return substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
+  if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
+  {//ipv4
+    return vsprintf(
+      "%02X%02X",
+      explode('.',$_SERVER['REMOTE_ADDR'])
+    );
+  }
+  return ''; //ipv6 not yet
 }
+
 /**
  * this function returns
  * a string corresponding to the value of the variable save in the session
author	rvelices <rv-github@modusoptimus.com>	2011-09-08 18:47:30 +0000
committer	rvelices <rv-github@modusoptimus.com>	2011-09-08 18:47:30 +0000
commit	bfd6bc92ddb21bb2a743dc701142b840575caf47 (patch)
tree	232174f7a1fa3350f2b216aee5d44a73d22ca600
parent	1d3fc9005f00927c19c291f33b5bfffdd81cad6e (diff)