diff options
| author | cassio <cassiopc@gmail.com> | 2015-09-13 11:40:58 +0000 |
|---|---|---|
| committer | cassio <cassiopc@gmail.com> | 2015-09-13 11:40:58 +0000 |
| commit | 0e7484e5c9e17e8eb21f5113774963605ddf1b87 (patch) | |
| tree | 54a8d57d9d5d10b33aad9a741bd9a275686ae377 /src/globals.php | |
| parent | 40ed6646e902830881fe2c530ce110d73f5a5a0b (diff) | |
| download | boca-0e7484e5c9e17e8eb21f5113774963605ddf1b87.tar.gz boca-0e7484e5c9e17e8eb21f5113774963605ddf1b87.zip | |
bug fixes for authentication
Diffstat (limited to 'src/globals.php')
| -rwxr-xr-x | src/globals.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/globals.php b/src/globals.php index 5ece1e8..d87db56 100755 --- a/src/globals.php +++ b/src/globals.php @@ -205,13 +205,15 @@ function IntrusionNotify($where) { // verifica se a sessao esta aberta e ok function ValidSession() { if (!isset($_SESSION["usertable"])) return(FALSE); - if ($_SESSION["usertable"]["usersession"] == session_id() || $_SESSION["usertable"]["usersessionextra"] == session_id()) return(TRUE); - if(($_SESSION["usertable"]["userip"] == getIP() && $_SESSION["usertable"]["usermultilogin"] == 't') || - $_SESSION["usertable"]["usertype"] == 'score') return(TRUE); - $_SESSION["usertable"] = DBUserInfo($_SESSION["usertable"]["contestnumber"], - $_SESSION["usertable"]["usersitenumber"], - $_SESSION["usertable"]["usernumber"]); - if ($_SESSION["usertable"]["usersession"] != session_id() && $_SESSION["usertable"]["usersessionextra"] != session_id()) return(FALSE); + $gip = getIP(); + if ($_SESSION["usertable"]["userip"] != $gip || + $_SESSION["usertable"]["usersession"] != session_id()) return(FALSE); + if($_SESSION["usertable"]["usermultilogin"] == 't') return(TRUE); + + $tmp = DBUserInfo($_SESSION["usertable"]["contestnumber"], + $_SESSION["usertable"]["usersitenumber"], + $_SESSION["usertable"]["usernumber"]); + if ($tmp["userip"] != $gip) return(FALSE); return(TRUE); } // grava erro no arquivo de log |