Add time-out to password resets; prevent repeated mails #50
@ -78,15 +78,6 @@ class Authentication
|
|||||||
*/
|
*/
|
||||||
public static function isLoggedIn()
|
public static function isLoggedIn()
|
||||||
{
|
{
|
||||||
// Check whether the active session matches the current user's environment.
|
|
||||||
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
|
|
||||||
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
|
|
||||||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
|
|
||||||
{
|
|
||||||
session_destroy();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// A user is logged in if a user id exists in the session and this id is (still) in the database.
|
// A user is logged in if a user id exists in the session and this id is (still) in the database.
|
||||||
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
|
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user