Changeset 275 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Jul 19, 2007 7:39:26 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r266 r275 79 79 // class instantiation time, or can be saved in the db_table under the login_abuse_exempt field. 80 80 'login_abuse_exempt_usernames' => array(), 81 82 // Specify usernames to exclude from remote_ip matching. Users behind proxy servers should be appended to this array so their shifting remote IP will not log them out. 83 'match_remote_ip_exempt_usernames' => array(), 84 85 // Match the user's current remote IP against the one they logged in with. 86 'match_remote_ip' => true, 81 87 82 88 // An array of IP blocks that are bypass the remote_ip comparison check. Useful for dynamic IPs or those behind proxy servers. … … 387 393 'last_access_datetime' => date('Y-m-d H:i:s'), 388 394 'remote_ip' => getRemoteAddr(), 389 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array($username, $this->_params['login_abuse_exempt_usernames']), 395 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($username), $this->_params['login_abuse_exempt_usernames']), 396 'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($username), $this->_params['match_remote_ip_exempt_usernames']), 390 397 'user_data' => $user_data 391 398 ); … … 527 534 $user_in_trusted_network = false; 528 535 } 536 537 // Do we match the user's remote IP at all? Yes, if set in config and not disabled for specific user. 538 if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt')) { 539 $remote_ip_is_matched = ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network); 540 } else { 541 $app->logMsg(sprintf('User %s exempt from remote_ip match.', 542 ($this->get('user_id') ? ' ' . $this->get('user_id') . ' (' . $this->get('username') . ')' : '') 543 ), LOG_DEBUG, __FILE__, __LINE__); 544 $remote_ip_is_matched = true; 545 } 529 546 530 547 // Test login with information stored in session. Skip IP matching for users from trusted networks. … … 534 551 && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout'] 535 552 && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 536 && ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)553 && $remote_ip_is_matched 537 554 ) { 538 555 // User is authenticated! … … 571 588 } 572 589 if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) { 573 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr()); 590 if ($this->getFeature('match_remote_ip') && !$this->getVal('match_remote_ip_exempt')) { 591 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr()); 592 } else { 593 $expire_reasons[] = sprintf('remote_ip not matched but user was exempt from this check (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr()); 594 } 574 595 } 575 596 $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
Note: See TracChangeset
for help on using the changeset viewer.