public static function ShowDebugConsole() { if (UL_DEBUG) { ?> <script type="text/javascript"> top.uLoginConsoleRef = window.open("", "uLoginConsoleWindow", "height=150,width=450,location=0,menubar=0,status=0,toolbar=0,scrollbars=1"); top.uLoginConsoleRef.document.writeln( '<html><head><style type=text/css>' +'body{background-color:white}' +'.logtype0{color:black}' +'.logtype1{color:blue}' +'.logtype2{color:gold}' +'.logtype3{color:orange}' +'.logtype4{color:red}' +'</style><title>uLogin Debug Console</title>' +'</head><body onLoad="self.focus()"><?php $log = ulLog::DebugLog(); foreach ($log as $logEntry) { $nameFormatTag = 'logtype' . $logEntry['type']; $openFormatTag = '<span class="' . $nameFormatTag . '">'; $closeFormatTag = '</span>'; $formattedTs = number_format($logEntry['ts'] - $GLOBALS['ul_start_ts'], 4); echo '• ' . $openFormatTag . $formattedTs . ' ' . $logEntry['msg'] . $closeFormatTag . '<br/>'; } ?> </body></html>'); top.uLoginConsoleRef.document.close(); </script><?php } }
/** * This function checks to make sure a session exists and is coming from the proper host. On new visits and hacking * attempts this function will return false. * * @return bool */ private static function preventHijacking() { $fp = self::tryFingerprint(); $sses = $_SESSION['sses']; // Check for changed user agent, but make special exception for IE if ($sses['userAgent'] != $fp['userAgent'] && !(strpos($sses['userAgent'], 'Trident') !== false && strpos($fp['userAgent'], 'Trident') !== false)) { ulLog::DebugLog('User agent mismatch.', 3); return false; } // Check for changed referrer domain if (UL_SESSION_CHECK_REFERER) { if (!empty($sses['hostDomain']) && $sses['hostDomain'] != $fp['hostDomain']) { ulLog::DebugLog('HTTP_REFERER mismatch.', 3); return false; } } // Check for changed IP, but take proxies into consideration if (UL_SESSION_CHECK_IP) { $sessionIpSegment = substr($sses['IPaddress'], 0, 7); $remoteIpSegment = substr($fp['IPaddress'], 0, 7); if ($sses['IPaddress'] != $fp['IPaddress'] && !(in_array($sessionIpSegment, self::$aolProxies) && in_array($remoteIpSegment, self::$aolProxies))) { ulLog::DebugLog('IP mismatch.', 3); return false; } } // Check for secret token if (!self::verifyTokenCookie()) { ulLog::DebugLog('Session token mismatch.', 3); return false; } return true; }