nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security - validate session

Browse Source
This commit is contained in:
FusionPBX
2024-01-22 14:20:28 -07:00
committed by GitHub
parent 34321b2b1d
commit ee202cd61d
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
resources/check_auth.php
View File

@@ -37,7 +37,7 @@
}
//start the session
if (function_exists('session_start')) {
if (function_exists('session_start')) {
if (!isset($_SESSION)) {
session_start();
}
@@ -70,8 +70,19 @@
//define variables
if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
//if session authorized is not set then set the default value to false
if (!isset($_SESSION['authorized'])) {
$_SESSION['authorized'] = false;
}
//validate the session address
if ($_SESSION['authorized'] && $_SESSION["user_hash"] !== hash('sha256', $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'])) {
session_destroy();
header("Location: ".PROJECT_PATH."/?path=".urlencode($target_path));
}
//if the session is not authorized then verify the identity
if (!isset($_SESSION['authorized']) || (isset($_SESSION['authorized']) && !$_SESSION['authorized'])) {
if (!$_SESSION['authorized']) {
//clear the menu
unset($_SESSION["menu"]);