iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

WebMods: Set another cookie if the IP check fails

Browse Source 
This means that they will get a new cookie on the next request. This will make
sure that you will be able to use webadmin again if your IP changed (which seems
to happen to quite a number of people).

Signed-off-by: Uli Schlachter <psychon@znc.in>
This commit is contained in:
Uli Schlachter
2011-07-13 20:40:55 +02:00
parent 00024b1b3a
commit 4fbca80705
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
WebModules.cpp
View File

@@ -533,9 +533,16 @@ void CWebSock::OnPageRequest(const CString& sURI) {
}
CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
// Check that their session really belongs to their IP address. IP-based
// authentication is bad, but here it's just an extra layer that makes
// stealing cookies harder to pull off.
//
// When their IP is wrong, we give them an invalid cookie. This makes
// sure that they will get a new cookie on their next request.
if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) {
DEBUG("Expected IP: " << GetSession()->GetIP());
DEBUG("Remote IP: " << GetRemoteIP());
SendCookie("SessionId", "WRONG_IP_FOR_SESSION");
PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
return PAGE_DONE;
}