Public/pics
2
2
Fork 2
Code Issues 6 Pull Requests 2 Releases Wiki Activity

Authentication: remove remnants of user agent checks

Browse Source
This commit is contained in:
Aaron van Geffen 2024-11-05 16:45:40 +01:00
parent 9c86d2c475
commit 8eaeb6c332
1 changed files with 0 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
models/Authentication.php
View File

@ -78,15 +78,6 @@ class Authentication
*/ */
public static function isLoggedIn() public static function isLoggedIn()
{ {
// Check whether the active session matches the current user's environment.
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
{
session_destroy();
return false;
}
// A user is logged in if a user id exists in the session and this id is (still) in the database. // A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']); return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
} }