What's Here?
- Members: 244,263
- Replies: 693,075
- Topics: 113,148
- Snippets: 3,863
- Tutorials: 935
- Total Online: 1,241
- Members: 73
- Guests: 1,168
|
Keep your Sessions on lockdown and prevent Fixation, and Hijacking with this snippet.
|
Submitted By: joeyadms
|
|
Rating:
|
|
Views: 1,738 |
Language: PHP
|
|
Last Modified: May 8, 2008 |
Instructions: Use at the top of your pages, script will start sessions in constructor.
Usage::::
Initialize SessionSecurity, Which will also issue session_start() , also if user's session is open, make sure it belongs to them, if not, make them login again.
Whenever someone logs in, and is authorized, open their session
|
Snippet
<?php /** * Handles Sessions and Security * @name SessionControl * @author Joey Adams * */ class SessionControl { // Configuration private $use_user_agent = true; // Use Users' User-Agent in fingerprint. private $num_ip_digits = 3; // Number of Users' IP digits to include in fingerprint. private $regenerate_id = true; // Constantly regenerate ID's to prevent attacks. private $salt; // Randomly Generated String to include in fingerprint. private $control_word = '_SALT_'; // Control Word to add to Fingerprint. // Call Start Functions to create salt, and start the session. function __construct() { } // Initialize Session and Create Fingerprint public function Open() { $this->_intSalt(); $_SESSION['fprint'] = $this->_Fingerprint(); $this->_RegenerateId(); } // Check to see if Fingerprint is set public function Check() { $this->_RegenerateId(); return (isset($_SESSION['fprint']) && $_SESSION['fprint'] == $this->_Fingerprint ('check')); } // Create Randomly Generated Salt private function _intSalt() { for($i=0;$i<10;$i++) { } $_SESSION['salt_'] = $this->salt; } // Create Unique Fingerprint based on configuration private function _Fingerprint($mode=null) { if ($mode == 'check') { $fingerprint = $_SESSION['salt_']; } else { $fingerprint = $this->salt; } $fingerprint .= $this->control_word; if ($this->use_user_agent) { $fingerprint .= $_SERVER['HTTP_USER_AGENT']; } if ($this->num_ip_digits) { $ip_digits = abs(intval($this-> num_ip_digits)); if ($ip_digits > 4) { $ip_digits = 3; } $digits = explode('.', $_SERVER['REMOTE_ADDR']); for ($i=0; $i<$ip_digits; $i++) { $fingerprint .= $digits[$i] . '.'; } } return md5($fingerprint); } // Regenerate Session ID If Possible private function _RegenerateId() { { } } }
Copy & Paste
|
|
|
Be Social
Reference Sheets
Bye Bye Ads
Monthly Drawing
Top Contributors
Top 10 Kudos This Month
|
Forum Index:
Programming Help |
C and C++ |
VB6 |
Java |
VB.NET |
C# |
ASP.NET |
PHP |
ColdFusion |
Perl and Python |
Ruby |
Databases |
Other Languages |
Game Programming |
Mobile Development |
Software Development |
Computer Science |
Industry News |
Programming Tutorials |
C++ Tutorials |
Visual Basic Tutorials |
Java Tutorials |
VB.NET Tutorials |
C# Tutorials |
Linux Tutorials |
PHP Tutorials |
ColdFusion Tutorials |
Windows Tutorials |
HTML/JavaScript Tutorials |
CSS Tutorials |
Flash Tutorials |
Web Promotion Tutorials |
Graphic Design & Photoshop Tutorials |
Software Development Tutorials |
Database Tutorials |
Other Language Tutorials |
ASP.NET Tutorials |
Game Programming Tutorials |
| 
