firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 2.2.2

Browse Source 
增加注销按钮
完善注释
This commit is contained in:
firesun
2015-10-30 22:46:04 +08:00
parent 13630da377
commit 51513e2f05
20 changed files with 180 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
auth.php
View File

@@ -2,9 +2,12 @@
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
//设置httponly
ini_set("session.cookie_httponly", 1);
session_start();
//判断登陆情况ip和useragent是否改变改变则强制退出
if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSION['user_IP']) &&$_SESSION['user_IP']!="" &&$_SESSION['user_IP']=== $_SERVER['REMOTE_ADDR'] &&isset($_SESSION['user_agent']) &&$_SESSION['user_agent']!="" &&$_SESSION['user_agent']=== $_SERVER['HTTP_USER_AGENT'] ))
{
$_SESSION['isLogin']=false;
@@ -16,9 +19,8 @@ if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSI
exit();
}
//开启CSP
header("Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; frame-src 'none'");
?>