diff options
| -rw-r--r-- | app/class/controller.class.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/class/controller.class.php b/app/class/controller.class.php index fabd7e7..effaf78 100644 --- a/app/class/controller.class.php +++ b/app/class/controller.class.php @@ -32,6 +32,21 @@ abstract class Controller extends Framework if (isset($_SERVER['HTTPS'])) $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); } + + /* + * Security check + * Assert that the client's IP address does not change during its session. If a change is detected, logout. + */ + function sec_verify_ip() + { + $addr = $_SERVER['REMOTE_ADDR']; + + if ($this->getCurrentUser() && $addr != $this->getOriginIP()) + { + $this->setCurrentUser(); + $this->redirectTo($this->ar() . "/"); + } + } } ?> |