firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c246503ca8ac4e1932e294ac1e8016b214b31f25
BlueLotus_XSSReceiver/auth.php
Firesun e63a14d32a Version 3.4.0 
1. 增加了ADMIN_IP_CHECK_ENABLE与XFF_ENABLE两个选项,在有反代或负载均衡的情况下可开启XFF_ENABLE,关闭ADMIN_IP_CHECK_ENABLE
2. 修复一系列bug
2016-12-27 21:49:19 +08:00

36 lines
1.3 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("functions.php");
//设置httponly
ini_set("session.cookie_httponly", 1);
session_start();
//判断登陆情况ip和useragent是否改变改变则强制退出
if ( !(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] != "" && $_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT']) ) {
$_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = "";
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
if ( ADMIN_IP_CHECK_ENABLE && !(isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === getRealIP()) ) {
$_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = "";
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
//开启CSP
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");
Reference in New Issue View Git Blame Copy Permalink