diff options
| author | Simon Rettberg | 2026-04-28 14:42:07 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2026-04-28 14:42:07 +0200 |
| commit | f1e35d43695f914677fcf8b2b4550a3c58cdcf10 (patch) | |
| tree | 99b9ca7ba24cbaed033963c20ff41e9303d28a21 /inc/session.inc.php | |
| parent | Add README.md (diff) | |
| download | slx-admin-f1e35d43695f914677fcf8b2b4550a3c58cdcf10.tar.gz slx-admin-f1e35d43695f914677fcf8b2b4550a3c58cdcf10.tar.xz slx-admin-f1e35d43695f914677fcf8b2b4550a3c58cdcf10.zip | |
Add IP address normalization, add support for X-Forwarded-For
Tests written by Junie AI
Diffstat (limited to 'inc/session.inc.php')
| -rw-r--r-- | inc/session.inc.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index ccb878cd..5eea1484 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -18,7 +18,7 @@ class Session ErrorHandler::traceError('Error: Asked to generate session id when already set.'); self::$sid = sha1($salt . ',' . mt_rand(0, 65535) - . $_SERVER['REMOTE_ADDR'] + . Util::getClientIp() . mt_rand(0, 65535) . $_SERVER['REMOTE_PORT'] . mt_rand(0, 65535) @@ -138,7 +138,7 @@ class Session self::delete(); return false; } - if ($row['fixedip'] && $row['lastip'] !== $_SERVER['REMOTE_ADDR']) { + if ($row['fixedip'] && $row['lastip'] !== Util::getClientIp()) { return false; // Ignore but don't invalidate } // Refresh cookie if appropriate @@ -174,7 +174,7 @@ class Session private static function saveOnShutdown(): void { $now = time(); - $args = ['lastip' => $_SERVER['REMOTE_ADDR']]; + $args = ['lastip' => Util::getClientIp()]; if (self::$updateSessionDateline) { $args['dateline'] = $now + CONFIG_SESSION_TIMEOUT; } |