24 lines
1.1 KiB
PHP
24 lines
1.1 KiB
PHP
<?php
|
||
if (!defined('IN_XSS_PLATFORM')) {
|
||
exit('Access Denied');
|
||
}
|
||
|
||
//设置httponly
|
||
ini_set("session.cookie_httponly", 1);
|
||
session_start();
|
||
|
||
//判断登陆情况,ip和useragent是否改变,改变则强制退出
|
||
if (!(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === $_SERVER['REMOTE_ADDR'] && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] != "" && $_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT'])) {
|
||
$_SESSION['isLogin'] = false;
|
||
$_SESSION['user_IP'] = "";
|
||
$_SESSION['user_agent'] = "";
|
||
session_unset();
|
||
session_destroy();
|
||
header("Location: login.php");
|
||
exit();
|
||
}
|
||
|
||
//开启CSP
|
||
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
|
||
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
|
||
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'"); |