I was wondering if you all could give me some feedback as to how good this would be?
Cheers
Session creation:
Code: Select all
<?php
$PHPAUCTION_LOGGED_IN = mysql_result($res,0,"id");
$PHPAUCTION_LOGGED_IN_USERNAME = mysql_result($res,0,"nick");
$PHPAUCTION_SESSION_IP = $ipaddress;
$ADMIN_LOGGED_IN_LEVEL = 0;
$PHPAUCTION_SESSION_SECURE = md5($SESSION_PREFIX . $PHPAUCTION_SESSION_IP . $ADMIN_LOGGED_IN_LEVEL);
session_name($SESSION_NAME);
session_register("PHPAUCTION_LOGGED_IN","PHPAUCTION_LOGGED_IN_USERNAME", "PHPAUCTION_SESSION_IP", "PHPAUCTION_SESSION_SECURE", "ADMIN_LOGGED_IN_LEVEL");
?>Code: Select all
<?php
if(isset($HTTP_SESSION_VARS['PHPAUCTION_SESSION_IP']))
{
if($ipaddress != $HTTP_SESSION_VARS['PHPAUCTION_SESSION_IP'])
{
session_unset();
session_destroy();
}
else
{
//check that the data = the md5
$test = md5($SESSION_PREFIX . $HTTP_SESSION_VARS['PHPAUCTION_SESSION_IP'] . $HTTP_SESSION_VARS['ADMIN_LOGGED_IN_LEVEL']);
if($HTTP_SESSION_VARS['PHPAUCTION_SESSION_SECURE']!=$test)
{
session_unset();
session_destroy();
}
}
}
else
{
session_unset();
session_destroy();
}
?>