Jump to content
MakeWebGames

Session Hijacking Protection

Zero-Affect

By Zero-Affect
in General Discussion

 Share

Recommended Posts

Drizzah Newbie

Drizzah

Posted
Posted
Wow you got that out of another topic i commented on = (MINE)
Yes' this may be your thought up idea to add to the topic, but by far is not your code as it has been pretty much used before you most likely got into php. As I have stated here in the past. I am no coder and only come here for extra ideas to use myself, but when someone here may be asking for help with something or I may be able to add to something being posted that may or may not work. I will do so. Also, what I posted does work just as well as what you have posted on the first page. I only said I think it will work because of simple people like yourself that have nothing better to do than to talk trash to other members of the forum (Internet Gangster)!

You posted this:

if ( isset($_SESSION['HTTP_USER_AGENT']) ) {
   if ( $_SESSION['HTTP_USER_AGENT'] != sha1( $_SERVER['HTTP_USER_AGENT'] )) {
  session_unset();
  session_destroy();
  header("Location: login.php");
   }
} else {
   $_SESSION['HTTP_USER_AGENT'] = sha1( $_SERVER['HTTP_USER_AGENT'] );
}

 

I posted this:

$IP = $_SERVER['REMOTE_ADDR'];
$IP = mysql_real_escape_string($IP);
if
(isset($_SESSION['HTTP_USER_AGENT']) && 
($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) {
session_write_close();
header('Location:
login.php'); die;
} else {
$_SESSION['HTTP_USER_AGENT'] = 
sha1($_SERVER['HTTP_USER_AGENT']);
}

 

:thumbsup:

Zeggy Newbie

Zeggy

Posted
Posted

The first two lines with $IP have nothing to do with the rest of the script and doesn't actually do anything even if they did.

The rest of the lines are an exact copy of what lazyt posted, except you added a bunch of random line breaks, and instead of session unset/destroy, you have session_write_close.

I don't really see how what you posted is any different :P

CrazyT Newbie

CrazyT

Posted
Posted
Wow you got that out of another topic i commented on = (MINE)
Yes' this may be your thought up idea to add to the topic, but by far is not your code as it has been pretty much used before you most likely got into php. As I have stated here in the past. I am no coder and only come here for extra ideas to use myself, but when someone here may be asking for help with something or I may be able to add to something being posted that may or may not work. I will do so. Also, what I posted does work just as well as what you have posted on the first page. I only said I think it will work because of simple people like yourself that have nothing better to do than to talk trash to other members of the forum (Internet Gangster)!

You posted this:

if ( isset($_SESSION['HTTP_USER_AGENT']) ) {
   if ( $_SESSION['HTTP_USER_AGENT'] != sha1( $_SERVER['HTTP_USER_AGENT'] )) {
  session_unset();
  session_destroy();
  header("Location: login.php");
   }
} else {
   $_SESSION['HTTP_USER_AGENT'] = sha1( $_SERVER['HTTP_USER_AGENT'] );
}

 

I posted this:

$IP = $_SERVER['REMOTE_ADDR'];
$IP = mysql_real_escape_string($IP);
if
(isset($_SESSION['HTTP_USER_AGENT']) && 
($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) {
session_write_close();
header('Location:
login.php'); die;
} else {
$_SESSION['HTTP_USER_AGENT'] = 
sha1($_SERVER['HTTP_USER_AGENT']);
}

 

:thumbsup:

LOL Don't try claim stuff i posted (edited) :) n00b

Drizzah Newbie

Drizzah

Posted
Posted
The first two lines with $IP have nothing to do with the rest of the script and doesn't actually do anything even if they did.

The rest of the lines are an exact copy of what lazyt posted, except you added a bunch of random line breaks, and instead of session unset/destroy, you have session_write_close.

I don't really see how what you posted is any different :P

In your eye's maybe the code don't work, but if it's used right in the header file, it does serve a purpose.

 

global $db,$c,$userid, $set;
$IP = $_SERVER['REMOTE_ADDR'];
$IP = mysql_real_escape_string($IP);
if (isset($_SESSION['HTTP_USER_AGENT']) && ($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) {
session_write_close();
header('Location: login.php'); die;
} else {
$_SESSION['HTTP_USER_AGENT'] = sha1($_SERVER['HTTP_USER_AGENT']);
}
$db->query("UPDATE users SET laston=unix_timestamp(),lastip='$IP' WHERE userid='".abs(@intval($userid))."'");

 

As for the above reply to me again about taking codes and pasting them here claiming they are mine. I have done none of that as you clearly see on any post I have made here. I did not say the code was mine. I saw another post using another method and then saw your method and combined the both of them incase others may want to try it.

I am not a coder once again. Never wanted to be and not trying to be either.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...