XOOPS  2.6.0
Fingerprint.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
13 
16 
28 {
34  protected $clientFingerprint = array();
35 
41  protected function takePrint()
42  {
43  $clientFingerprint = array();
44  $httpRequest = HttpRequest::getInstance();
45  $clientFingerprint['clientIp'] = $httpRequest->getClientIp();
46  $clientFingerprint['userAgent'] = $httpRequest->getHeader('USER_AGENT');
47  $clientFingerprint['acceptLanguage'] = $httpRequest->getHeader('ACCEPT_LANGUAGE');
48 
49  return $clientFingerprint;
50  }
51 
52 
66  public function checkSessionPrint(AttributeInterface $session)
67  {
68  $score = 0; // combined levenshtein distance of changes
69  $changes = 0; // number of changed fields
70  $currentFingerprint = $this->takePrint();
71  $savedFingerprint = unserialize($session->get('SESSION_FINGERPRINT'));
72  if ($savedFingerprint === false) {
73  $savedFingerprint = $currentFingerprint;
74  $changes = empty($_SESSION) ? 0 : 3; // in a populated session - force fail;
75  }
76 
77  foreach ($currentFingerprint as $key => $current) {
78  $distance = levenshtein($current, $savedFingerprint[$key]);
79  $score += $distance;
80  $changes += ($distance>0) ? 1 : 0;
81  }
82 
83  $return = true;
84 
85  // if more than one field changed, or if that change is a distance greater than 30, fail it.
86  if (($changes > 1) || ($score > 30)) {
87  $session->clear(); // session data should not be preserved
88  $return = false;
89  }
90  $session->set('SESSION_FINGERPRINT', serialize($currentFingerprint));
91  return $return;
92  }
93 }
$_SESSION['RF']["verify"]
Definition: dialog.php:4
get($name, $default=null)
$current
Definition: install_tpl.php:38
checkSessionPrint(AttributeInterface $session)
Definition: Fingerprint.php:66