From ea4eea614594b9d398ca07423d8ee5f6cf9019e7 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Wed, 7 Jun 2017 15:13:25 +0200 Subject: [PATCH] adding a variable to ignore IP in sessions, currently broken it seems --- bureau/class/m_mem.php | 3 ++- debian/changelog | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index 3146975d..0eb007aa 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -285,7 +285,8 @@ class m_mem { return false; } $db->next_record(); - if ($db->f("ip")) { + if (variable_get('single_ip_desktop', '0', "Set this to 1 to enable the IP address check and unicity for an account. Prevents multiple connections to the same account and disable IP address roaming.") + && $db->f("ip")) { if ($db->f("me") != $db->f("ip")) { $err->raise("mem", _("IP address incorrect, please contact the administrator")); return false; diff --git a/debian/changelog b/debian/changelog index 880b1f94..5bad7af2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,11 +4,15 @@ alternc (3.1.11) oldoldstable; urgency=low * added CSRF token to all forms (as much as possible) to prevent cross-site attacks * added XSS protection to many form fields and views * migrated the DB abstraction layer from mysql_* functions to PDO + (necessary for security, also adds PHP7.0 compatibility) * migrated the DB calls from addslases to prepared-queries or quotes * fix many unix rights issues (prevents a root escalation from alterncpanel!) * fix some little interface issues on forms + * enh adding IP address to panel logs (PR #153) + * enh adding X-Forwarded-Proto detection for SSL, not only HTTP_SSL from Apache + * enh add a variable to enable IP check in the panel (broken), disabled by default - -- Benjamin Sonntag Fri, 27 May 2016 10:36:00 +0200 + -- Benjamin Sonntag Wed, 7 Jun 2017 10:36:00 +0300 alternc (3.1.10) oldoldstable; urgency=low