/**
* Code modified from dokuwiki
* /dokuwiki/inc/auth.php
*
* Builds a pseudo UID from browser and IP data
*
* This is neither unique nor unfakable - still it adds some
* security. Using the first part of the IP makes sure
* proxy farms like AOLs are stil okay.
*
* @author Andreas Gohr <*****@*****.**>
*
* @return string a MD5 sum of various browser headers
*/
function auth_browseruid($legacy = false)
{
$uid = '';
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$uid .= $_SERVER['HTTP_USER_AGENT'];
}
if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {
$uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
}
// IE does not report ACCEPT_LANGUAGE consistently
//if( $legacy && isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ){
// $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
//}
if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) {
$uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
}
if ($legacy) {
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
if (strpos($ip, '.') !== false) {
$uid .= substr($ip, 0, strpos($ip, '.'));
} elseif (strpos($ip, ':') !== false) {
$uid .= substr($ip, 0, strpos($ip, ':'));
}
}
} else {
$ip = gpsession::clientIP(true);
$uid .= substr($ip, 0, strpos($ip, '.'));
}
//ie8 will report ACCEPT_LANGUAGE as en-us and en-US depending on the type of request (normal, ajax)
$uid = strtolower($uid);
return md5($uid);
}
