dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a new default settings -> security -> session_rotate.

This commit is contained in:
markjcrane 2015-08-21 11:21:08 -06:00
parent 8167e1a523
commit 0a41b069fc
2 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/default_settings/app_defaults.php
View File

@ -50,6 +50,13 @@ if ($domains_processed == 1) {
$array[$x]['default_setting_enabled'] = 'true';
$array[$x]['default_setting_description'] = 'Set the default strength for system generated passwords. Valid Options: 1 - Numeric Only, 2 - Include Lower Apha, 3 - Include Upper Alpha, 4 - Include Special Characters.';
$x++;
$array[$x]['default_setting_category'] = 'security';
$array[$x]['default_setting_subcategory'] = 'session_rotate';
$array[$x]['default_setting_name'] = 'text';
$array[$x]['default_setting_value'] = '4';
$array[$x]['default_setting_enabled'] = 'true';
$array[$x]['default_setting_description'] = 'Whether to regenerate the session ID.';
$x++;
$array[$x]['default_setting_category'] = 'email';
$array[$x]['default_setting_subcategory'] = 'smtp_auth';
$array[$x]['default_setting_name'] = 'var';

22
resources/php.php
View File

@ -30,20 +30,16 @@
//session handling
//start the session
session_start();
//set the last activity time stamp
$_SESSION['session']['last_activity'] = time();
//check whether to timout the session
//if (isset($_SESSION['session']['last_activity']) && (time() - $_SESSION['session']['last_activity'] > 14400)) {
// session_destroy(); // destroy session data in storage
// session_unset(); // unset $_SESSION variable for the runtime
//}
//regenerate sessions to avoid session id attacks such as session fixation
if (!isset($_SESSION['session']['created'])) {
$_SESSION['session']['created'] = time();
} else if (time() - $_SESSION['session']['created'] > 28800) {
// session started more than 8 hours ago
session_regenerate_id(true); // rotate the session id
$_SESSION['session']['created'] = time(); // update creation time
if ($_SESSION['security']['session_rotate']['boolean'] == "true") {
$_SESSION['session']['last_activity'] = time();
if (!isset($_SESSION['session']['created'])) {
$_SESSION['session']['created'] = time();
} else if (time() - $_SESSION['session']['created'] > 28800) {
// session started more than 8 hours ago
session_regenerate_id(true); // rotate the session id
$_SESSION['session']['created'] = time(); // update creation time
}
}
//get the document_root parent directory