Changeset 204 for branches/1.1dev
- Timestamp:
- Aug 9, 2006 10:09:22 PM (18 years ago)
- Location:
- branches/1.1dev
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/config/defaults.inc.php
r187 r204 117 117 setDefault($CFG->trusted_networks, array()); 118 118 119 // Array of usernames which are exempt from remote_ip matching. Users behind 120 // proxy servers should be appended to this array so their shifting remote IP 121 // will not log them out. 122 setDefault($CFG->login_abuse_exempt_usernames, array()); 123 119 124 120 125 /****************************************************************************** -
branches/1.1dev/lib/AuthSQL.inc.php
r82 r204 73 73 // Specify usernames to exclude from the account abuse detection system. This is specified as a hardcoded array provided at 74 74 // class instantiation time, or can be saved in the user_tbl under the login_abuse_exempt field. 75 $this->_params['login_abuse_exempt_usernames'] = isset($params['login_abuse_exempt_usernames']) && is_array($params['login_abuse_exempt_usernames']) ? $params['login_abuse_exempt_usernames'] : array();75 $this->_params['login_abuse_exempt_usernames'] = isset($params['login_abuse_exempt_usernames']) && is_array($params['login_abuse_exempt_usernames']) ? $params['login_abuse_exempt_usernames'] : $CFG->login_abuse_exempt_usernames; 76 76 77 77 $this->_params['trusted_networks'] = isset($params['trusted_networks']) && is_array($params['trusted_networks']) ? $params['trusted_networks'] : $CFG->trusted_networks; … … 82 82 // Feature: Use a login_tbl to detect excessive logins. This requires blocking to be enabled. 83 83 $this->_params['features']['abuse_detection'] = isset($params['features']['abuse_detection']) ? $params['features']['abuse_detection'] : false; 84 85 // Array of usernames which are exempt from remote_ip matching. Users behind proxy servers should be appended to this array so their shifting remote IP will not log them out. 86 $this->_params['match_remote_ip_exempt_usernames'] = isset($params['match_remote_ip_exempt_usernames']) && is_array($params['match_remote_ip_exempt_usernames']) ? $params['match_remote_ip_exempt_usernames'] : $CFG->match_remote_ip_exempt_usernames; 87 88 // Feature: Match the user's current remote IP against the one they logged in with. 89 $this->_params['features']['match_remote_ip'] = isset($params['features']['match_remote_ip']) ? $params['features']['match_remote_ip'] : true; 84 90 85 91 $this->_auth_name = '_auth_' . $this->_params['auth_name']; … … 227 233 'remote_ip' => getRemoteAddr(), 228 234 'abuse_warning_level' => $user_data['abuse_warning_level'], 229 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array($username, $this->_params['login_abuse_exempt_usernames']), 235 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($username), $this->_params['login_abuse_exempt_usernames']), 236 'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($username), $this->_params['match_remote_ip_exempt_usernames']), 230 237 'user_data' => $user_data 231 238 ); … … 364 371 } 365 372 373 // Do we match the user's remote IP at all? Yes, if set in config and not disabled for specific user. 374 if ($this->getFeature('match_remote_ip') && !$this->getVal('match_remote_ip_exempt')) { 375 $remote_ip_is_matched = ($_SESSION[$this->_auth_name]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network); 376 } else { 377 $remote_ip_is_matched = true; 378 } 379 366 380 // Test login with information stored in session. Skip IP matching for users from trusted networks. 367 381 if (true === $_SESSION[$this->_auth_name]['authenticated'] … … 369 383 && strtotime($_SESSION[$this->_auth_name]['login_datetime']) > time() - $this->_params['login_timeout'] 370 384 && strtotime($_SESSION[$this->_auth_name]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 371 && ($_SESSION[$this->_auth_name]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)385 && $remote_ip_is_matched 372 386 ) { 373 387 // User is authenticated! … … 403 417 } 404 418 if ($_SESSION[$this->_auth_name]['remote_ip'] != getRemoteAddr()) { 405 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_auth_name]['remote_ip'], getRemoteAddr()); 419 if ($this->getFeature('match_remote_ip') && !$this->getVal('match_remote_ip_exempt')) { 420 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_auth_name]['remote_ip'], getRemoteAddr()); 421 } else { 422 $expire_reasons[] = sprintf('remote_ip not matched but user was exempt from this check (%s != %s)', $_SESSION[$this->_auth_name]['remote_ip'], getRemoteAddr()); 423 } 406 424 } 407 425 logMsg(sprintf('%s %s (%s) session expired: %s', ucfirst($this->_params['auth_name']), $this->getVal('user_id'), $this->getVal('username'), join(', ', $expire_reasons)), LOG_DEBUG, __FILE__, __LINE__);
Note: See TracChangeset
for help on using the changeset viewer.