Changeset 275 for trunk


Ignore:
Timestamp:
Jul 19, 2007 7:39:26 PM (17 years ago)
Author:
quinn
Message:

Added match_remote_ip_exempt_usernames function for trendease (ported from codebase 1.1dev).

Location:
trunk/lib
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/Auth_SQL.inc.php

    r266 r275  
    7979        // class instantiation time, or can be saved in the db_table under the login_abuse_exempt field.
    8080        'login_abuse_exempt_usernames' => array(),
     81
     82        // Specify usernames to exclude from remote_ip matching. Users behind proxy servers should be appended to this array so their shifting remote IP will not log them out.
     83        'match_remote_ip_exempt_usernames' => array(),
     84
     85        // Match the user's current remote IP against the one they logged in with.
     86        'match_remote_ip' => true,
    8187
    8288        // An array of IP blocks that are bypass the remote_ip comparison check. Useful for dynamic IPs or those behind proxy servers.
     
    387393            'last_access_datetime'  => date('Y-m-d H:i:s'),
    388394            'remote_ip'             => getRemoteAddr(),
    389             'login_abuse_exempt'    => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array($username, $this->_params['login_abuse_exempt_usernames']),
     395            'login_abuse_exempt'    => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($username), $this->_params['login_abuse_exempt_usernames']),
     396            'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($username), $this->_params['match_remote_ip_exempt_usernames']),
    390397            'user_data'             => $user_data
    391398        );
     
    527534            $user_in_trusted_network = false;
    528535        }
     536       
     537        // Do we match the user's remote IP at all? Yes, if set in config and not disabled for specific user.
     538        if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt')) {
     539            $remote_ip_is_matched = ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network);
     540        } else {
     541            $app->logMsg(sprintf('User %s exempt from remote_ip match.',
     542                ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' .  $this->get('username') . ')' : '')
     543            ), LOG_DEBUG, __FILE__, __LINE__);
     544            $remote_ip_is_matched = true;
     545        }
    529546
    530547        // Test login with information stored in session. Skip IP matching for users from trusted networks.
     
    534551            && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']
    535552            && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']
    536             && ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)
     553            && $remote_ip_is_matched
    537554        ) {
    538555            // User is authenticated!
     
    571588            }
    572589            if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {
    573                 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
     590                if ($this->getFeature('match_remote_ip') && !$this->getVal('match_remote_ip_exempt')) {
     591                    $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
     592                } else {
     593                    $expire_reasons[] = sprintf('remote_ip not matched but user was exempt from this check (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
     594                }
    574595            }
    575596            $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);

  • trunk/lib/Prefs.inc.php

    r254 r275  
    165165     * Store a key-value pair in the session. If the value is different than what is set by setDefaults
    166166     * the value will be scheduled to be saved in the database.
    167      * This function determins what data is saved to the database. Ensure clean values!
     167     * This function determines what data is saved to the database. Ensure clean values!
    168168     *
    169169     * @param  string $key          The name of the preference to modify.

  • trunk/lib/SpellCheck.inc.php

    r270 r275  
    6464        $app =& App::getInstance();
    6565
     66        if (!extension_loaded('pspell')) {
     67            trigger_error('Pspell module not installed', E_USER_ERROR);
     68        }
     69
    6670        if (!is_array($params) || empty($params)) {
    6771            trigger_error('SpellCheck parameters not set properly', E_USER_ERROR);
Note: See TracChangeset for help on using the changeset viewer.