badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

session IP mask, for users with varying IPs; mostly from a patch in #303

Browse source 
git-svn-id: file:///home/shish/svn/shimmie2/trunk@779 7f39781d-f577-437e-ae19-be835c7a54ca
This commit is contained in:
shish 2008-04-08 16:02:43 +00:00
parent fba18e10fc
commit c88a35b58c
5 changed files with 112 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

93
core/compat.inc.php Normal file
View file

@ -0,0 +1,93 @@
<?php
/*
* Functions which are only in some versions of PHP,
* or only implemented on some platforms
*/
# (PHP 5 >= 5.2.1)
# Based on http://www.phpit.net/
# article/creating-zip-tar-archives-dynamically-php/2/
if(!function_exists('sys_get_temp_dir')) {
function sys_get_temp_dir() {
// Try to get from environment variable
if(!empty($_ENV['TMP'])) {
return realpath($_ENV['TMP']);
}
else if(!empty($_ENV['TMPDIR'])) {
return realpath($_ENV['TMPDIR']);
}
else if(!empty($_ENV['TEMP'])) {
return realpath($_ENV['TEMP']);
}
// Detect by creating a temporary file
else {
// Try to use system's temporary directory
// as random name shouldn't exist
$temp_file = tempnam(md5(uniqid(rand(), TRUE)), '');
if($temp_file) {
$temp_dir = realpath(dirname($temp_file));
unlink($temp_file);
return $temp_dir;
}
else {
return FALSE;
}
}
}
}
# (PHP >= 5.1)
# from http://www.php.net/inet_pton
if(!function_exists('inet_pton')) {
function inet_pton($ip) {
# ipv4
if(strpos($ip, '.') !== FALSE) {
$ip = pack('N',ip2long($ip));
}
# ipv6
else if(strpos($ip, ':') !== FALSE) {
$ip = explode(':', $ip);
$res = str_pad('', (4*(8-count($ip))), '0000', STR_PAD_LEFT);
foreach($ip as $seg) {
$res .= str_pad($seg, 4, '0', STR_PAD_LEFT);
}
$ip = pack('H'.strlen($res), $res);
}
return $ip;
}
}
# (PHP >= 5.1)
# from http://www.php.net/inet_ntop
if(!function_exists('inet_ntop')) {
function inet_ntop($ip) {
if (strlen($ip)==4) {
// ipv4
list(,$ip)=unpack('N',$ip);
$ip=long2ip($ip);
} elseif(strlen($ip)==16) {
// ipv6
$ip=bin2hex($ip);
$ip=substr(chunk_split($ip,4,':'),0,-1);
$ip=explode(':',$ip);
$res='';
foreach($ip as $seg) {
while($seg{0}=='0') $seg=substr($seg,1);
if ($seg!='') {
$res.=($res==''?'':':').$seg;
} else {
if (strpos($res,'::')===false) {
if (substr($res,-1)==':') continue;
$res.=':';
continue;
}
$res.=($res==''?'':':').'0';
}
}
$ip=$res;
}
return $ip;
}
}
?>

2
core/database.class.php
View file

@ -355,7 +355,7 @@ class Database {
public function get_user_session($name, $session) {
$row = $this->db->GetRow("{$this->SELECT_USER} WHERE name LIKE ? AND md5(concat(pass, ?)) = ?",
array($name, $_SERVER['REMOTE_ADDR'], $session));
array($name, get_session_ip(), $session));
return $row ? new User($row) : null;
}

48
core/util.inc.php
View file

@ -199,6 +199,21 @@ function get_memory_limit() {
return $memory;
}
function get_session_ip() {
global $config;
$mask = $config->get_string("session_hash_mask");
if(!$mask) {
$config->set_string("session_hash_mask", "255.255.0.0");
$mask = "255.255.0.0";
}
$addr = $_SERVER['REMOTE_ADDR'];
$addr = inet_ntop(inet_pton($addr) & inet_pton($mask));
return $addr;
}
/*
* PHP really, really sucks.
*/
@ -317,39 +332,6 @@ function array_contains($array, $target) {
return false;
}
# (PHP 5 >= 5.2.1)
if(!function_exists('sys_get_temp_dir')) {
// Based on http://www.phpit.net/
// article/creating-zip-tar-archives-dynamically-php/2/
function sys_get_temp_dir() {
// Try to get from environment variable
if(!empty($_ENV['TMP'])) {
return realpath($_ENV['TMP']);
}
else if(!empty($_ENV['TMPDIR'])) {
return realpath($_ENV['TMPDIR']);
}
else if(!empty($_ENV['TEMP'])) {
return realpath($_ENV['TEMP']);
}
// Detect by creating a temporary file
else {
// Try to use system's temporary directory
// as random name shouldn't exist
$temp_file = tempnam(md5(uniqid(rand(), TRUE)), '');
if($temp_file) {
$temp_dir = realpath(dirname($temp_file));
unlink($temp_file);
return $temp_dir;
}
else {
return FALSE;
}
}
}
}
// from http://uk.php.net/network
function ip_in_range($IP, $CIDR) {
list ($net, $mask) = split ("/", $CIDR);

5
ext/user/main.php
View file

@ -186,7 +186,6 @@ class UserPage extends Extension {
$name = $_POST['user'];
$pass = $_POST['pass'];
$addr = $_SERVER['REMOTE_ADDR'];
$hash = md5(strtolower($name) . $pass);
$duser = $database->get_user_by_name_and_hash($name, $hash);
@ -224,7 +223,6 @@ class UserPage extends Extension {
private function create_user($event) {
global $database;
$addr = $_SERVER['REMOTE_ADDR'];
$hash = md5(strtolower($event->username) . $event->password);
$email = (!empty($event->email)) ? $event->email : null;
@ -236,7 +234,7 @@ class UserPage extends Extension {
private function set_login_cookie($name, $pass) {
global $config;
$addr = $_SERVER['REMOTE_ADDR'];
$addr = get_session_ip();
$hash = md5(strtolower($name) . $pass);
setcookie("shm_user", $name,
@ -274,7 +272,6 @@ class UserPage extends Extension {
}
else {
global $config;
$addr = $_SERVER['REMOTE_ADDR'];
// FIXME: send_event()
$duser->set_password($pass1);

2
install.php
View file

@ -51,6 +51,7 @@ if(is_readable("config.php")) {
echo "'config.php' exists -- install function is disabled";
exit;
}
require_once "core/compat.inc.php";
require_once "lib/adodb/adodb.inc.php";
require_once "lib/adodb/adodb-xmlschema03.inc.php";
@ -160,6 +161,7 @@ function install_process() { // {{{
} // }}}
function set_admin_cookie($admin_name, $admin_pass) { // {{{
$addr = $_SERVER['REMOTE_ADDR'];
$addr = inet_ntop(inet_pton($addr) & inet_pton("255.255.0.0"));
$hash = md5(strtolower($admin_name) . $admin_pass);
setcookie("shm_user", $admin_name, time()+60*60*24*365);
setcookie("shm_session", md5($hash.$addr), time()+60*60*24*7, "/");