fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

SECISSUE fix #952 로그인 사용자의 session id를 재발급하도록 개선

Browse source 
- 로그인 후, admin 액션 접근 시 session id 재발급
This commit is contained in:
bnu 2014-09-04 14:52:37 +09:00
parent 56567bba9e
commit 59960c3b08
4 changed files with 62 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
modules/member/member.controller.php
View file

@ -1809,6 +1809,8 @@ class memberController extends member
}
}
$_SESSION['session_checkup'] = null;
$this->regenerateSession();
$this->setSessionInfo();
return $output;
@ -1868,6 +1870,31 @@ class memberController extends member
$this->addMemberMenu( 'dispMemberOwnDocument', 'cmd_view_own_document');
}
function validateSession()
{
$destory_session = false;
if($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) $destory_session = true;
if($destory_session)
{
$this->destroySessionInfo();
return false;
}
return true;
}
function regenerateSession()
{
if(!$_SESSION['session_checkup'] || time() - $_SESSION['session_checkup'] > 30)
{
session_regenerate_id(true);
$_SESSION['session_checkup'] = time();
}
}
/**
* Logged method for providing a personalized menu
* Login information is used in the output widget, or personalized page

6
modules/member/member.model.php
View file

@ -234,6 +234,12 @@ class memberModel extends member
}
Context::set('logged_info', $logged_info);
if($logged_info->is_admin == 'Y' || $logged_info->is_site_admin)
{
$oMemberController = getController('member');
$oMemberController->regenerateSession();
}
return $logged_info;
}
return NULL;