/** * Validate authentication data * @see http://phpsec.org/projects/guide/4.html * @see http://www.serversidemagazine.com/php/session-hijacking * @return <Boolean> */ public function validate() { if (isset($this->appSession) && $this->appSession->AuthData['_initialized'] !== null) { if ($this->_securityLevel == self::LEVEL_LOW && ($this->_initialized || isset($this->appSession->AuthData['_username']) || time() - $this->appSession->AuthData['_time'] <= $this->_authSessionExpire) || ($this->_securityLevel == self::LEVEL_MEDIUM || $this->_securityLevel == self::LEVEL_HIGH) && $this->_fingerprint == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $this->_securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) { //LEVEL_HIGH $this->_time = time(); $this->isValid = true; $this->username = $this->appSession->AuthData['_username']; $this->group = $this->appSession->AuthData['_group']; } } else { $this->isValid = false; } }
/** * Validate authentication data * @see http://phpsec.org/projects/guide/4.html * @see http://www.serversidemagazine.com/php/session-hijacking * @return boolean */ public function validate() { $authData = $this->appSession->AuthData; $securityLevel = $authData['_securityLevel']; if (isset($this->appSession) && $authData !== null) { if ($securityLevel == self::LEVEL_LOW && (isset($authData['_username']) || time() - $authData['_time'] <= $this->getSessionExpire()) || ($securityLevel == self::LEVEL_MEDIUM || $securityLevel == self::LEVEL_HIGH) && $authData['_fingerprint'] == md5($_SERVER['HTTP_USER_AGENT'] . $this->getSalt()) || $securityLevel == self::LEVEL_HIGH && $this->_id == md5($this->appSession->getId())) { //LEVEL_HIGH $this->isValid = true; $this->appSession->AuthData['_time'] = time(); $this->username = $authData['_username']; if (isset($authData['_userID'])) { $this->userID = $authData['_userID']; } $this->group = $authData['_group']; } } else { $this->isValid = false; } }