From 34cd38967a05141b9c2236510c0e4f3fcec452da Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 5 May 2021 10:53:00 +0200
Subject: [session] Add option to bind session to IP address

---
 inc/user.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'inc/user.inc.php')

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 46cc6012..d587c462 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -142,14 +142,14 @@ class User
 		return Database::exec('UPDATE user SET passwd = :passwd WHERE userid = :userid LIMIT 1', compact('userid', 'passwd')) > 0;
 	}
 
-	public static function login($user, $pass)
+	public static function login(string $user, string $pass, bool $fixedIp)
 	{
 		$ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
 		if ($ret === false)
 			return false;
 		if (!Crypto::verify($pass, $ret['passwd']))
 			return false;
-		Session::create($ret['passwd'], $ret['userid'], false);
+		Session::create($ret['passwd'], $ret['userid'], $fixedIp);
 		Session::set('token', md5($ret['passwd'] . ','
 			. rand() . ','
 			. time() . ','
-- 
cgit v1.2.3-55-g7522