Halaman utama Jelajahi Bantuan
Masuk
fusionpbx
/
fusionpbx-framework
cermin dari https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Add a new default settings -> security -> session_rotate.

markjcrane 10 tahun lalu
induk
c537fe60dd
melakukan
3ae499797e
2 mengubah file dengan 16 tambahan dan 13 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 7 0
      core/default_settings/app_defaults.php
  2. 9 13
      resources/php.php

+ 7 - 0
core/default_settings/app_defaults.php
Tampilan Berkas 

@@ -50,6 +50,13 @@ if ($domains_processed == 1) {
 
 		$array[$x]['default_setting_enabled'] = 'true';

 		$array[$x]['default_setting_description'] = 'Set the default strength for system generated passwords.  Valid Options: 1 - Numeric Only, 2 - Include Lower Apha, 3 - Include Upper Alpha, 4 - Include Special Characters.';

 		$x++;

+		$array[$x]['default_setting_category'] = 'security';

+		$array[$x]['default_setting_subcategory'] = 'session_rotate';

+		$array[$x]['default_setting_name'] = 'text';

+		$array[$x]['default_setting_value'] = '4';

+		$array[$x]['default_setting_enabled'] = 'true';

+		$array[$x]['default_setting_description'] = 'Whether to regenerate the session ID.';

+		$x++;

 		$array[$x]['default_setting_category'] = 'email';

 		$array[$x]['default_setting_subcategory'] = 'smtp_auth';

 		$array[$x]['default_setting_name'] = 'var';

+ 9 - 13
resources/php.php
Tampilan Berkas 

@@ -30,20 +30,16 @@
 
 	//session handling
 
 		//start the session
 
 			session_start();
 
-		//set the last activity time stamp
 
-			$_SESSION['session']['last_activity'] = time();
 
-		//check whether to timout the session
 
-			//if (isset($_SESSION['session']['last_activity']) && (time() - $_SESSION['session']['last_activity'] > 14400)) {
 
-			//	session_destroy();	// destroy session data in storage
 
-			//	session_unset();	// unset $_SESSION variable for the runtime
 
-			//}
 
 		//regenerate sessions to avoid session id attacks such as session fixation
 
-			if (!isset($_SESSION['session']['created'])) {
 
-				$_SESSION['session']['created'] = time();
 
-			} else if (time() - $_SESSION['session']['created'] > 28800) {
 
-				// session started more than 8 hours ago
 
-				session_regenerate_id(true);    // rotate the session id
 
-				$_SESSION['session']['created'] = time();  // update creation time
 
+			if ($_SESSION['security']['session_rotate']['boolean'] == "true") {
 
+				$_SESSION['session']['last_activity'] = time();
 
+				if (!isset($_SESSION['session']['created'])) {
 
+					$_SESSION['session']['created'] = time();
 
+				} else if (time() - $_SESSION['session']['created'] > 28800) {
 
+					// session started more than 8 hours ago
 
+					session_regenerate_id(true);    // rotate the session id
 
+					$_SESSION['session']['created'] = time();  // update creation time
 
+				}
 
 			}
 
 
 	//get the document_root parent directory