d8/dd4/_fingerprint_8php_source.html

 <?php

 /*

  You may not change or alter any portion of this comment or credits

  of supporting developers from this source code or any supporting source code

  which is considered copyrighted (c) material of the original comment or credit authors.


  This program is distributed in the hope that it will be useful,

  but WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

 */


 namespace Xoops\Core\Session;


 use Xoops\Core\AttributeInterface;

 use Xoops\Core\HttpRequest;


 class Fingerprint implements FingerprintInterface

 {

     protected $clientFingerprint = array();


     protected function takePrint()

     {

         $clientFingerprint = array();

         $httpRequest = HttpRequest::getInstance();

         $clientFingerprint['clientIp'] = $httpRequest->getClientIp();

         $clientFingerprint['userAgent'] = $httpRequest->getHeader('USER_AGENT');

         $clientFingerprint['acceptLanguage'] = $httpRequest->getHeader('ACCEPT_LANGUAGE');


         return $clientFingerprint;

     }


     public function checkSessionPrint(AttributeInterface $session)

     {

         $score = 0;   // combined levenshtein distance of changes

         $changes = 0; // number of changed fields

         $currentFingerprint = $this->takePrint();

         $savedFingerprint = unserialize($session->get('SESSION_FINGERPRINT'));

         if ($savedFingerprint === false) {

             $savedFingerprint = $currentFingerprint;

             $changes = empty($_SESSION) ? 0 : 3; // in a populated session - force fail;

         }


         foreach ($currentFingerprint as $key => $current) {

             $distance = levenshtein($current, $savedFingerprint[$key]);

             $score += $distance;

             $changes += ($distance>0) ? 1 : 0;

         }


         $return = true;


         // if more than one field changed, or if that change is a distance greater than 30, fail it.

         if (($changes > 1) || ($score > 30)) {

             $session->clear(); // session data should not be preserved

             $return = false;

         }

         $session->set('SESSION_FINGERPRINT', serialize($currentFingerprint));

         return $return;

     }

 }

$_SESSION
$_SESSION['RF']["verify"]
Definition: dialog.php:4

AttributeInterface

Xoops\Core\AttributeInterface\clear
clear()

AttributeInterface

Fingerprint

Xoops\Core\AttributeInterface\get
get($name, $default=null)

Xoops\Core\Session\Fingerprint\takePrint
takePrint()
Definition: Fingerprint.php:41

FingerprintInterface

HttpRequest

Xoops\Core\Session
Definition: Fingerprint.php:12

Xoops\Core\HttpRequest\getInstance
static getInstance()
Definition: HttpRequest.php:171

Xoops\Core\Session\Fingerprint\$clientFingerprint
$clientFingerprint
Definition: Fingerprint.php:34

$current
$current
Definition: install_tpl.php:38

Xoops\Core\Session\Fingerprint\checkSessionPrint
checkSessionPrint(AttributeInterface $session)
Definition: Fingerprint.php:66

Xoops\Core\AttributeInterface\set
set($name, $value)