<?php // Plug-in 68: Secure Session
/*
* 插件说明:
* 插件用于检查某个会话是否安全,如果它不安全,就关闭它。它不需要任何参数。
* 黑客攻击会利用“劫持”PHP会话。可以有多种方式实现,但是一个严重的安全漏洞就是黑客通过GET URL字符串尾确定会话ID的网站。
* 凭借这些信息黑客可以启动一个会话,然后通过垃圾信息或其他连接传递这个URL地址,然后他们通过这个地址返回,并搜索这些链接正在被使用的蛛丝马迹,
* 如果发现这个用户还没推出,他们就可以劫持这个会话并以他的身份访问这个网站。
*/
// This is an executable example with additional code supplied
// To obtain just the plug-ins please click on the Download link
$result = PIPHP_OpenSession();
if (!$result[0]) echo "Could not open session.<br />";
else
{
list($handle, $pass, $name, $email) = $result[1];
echo "Retrieving session variables:<pre>";
echo "Handle: $handle\n";
echo "Pass: $pass\n";
echo "Name: $name\n";
echo "Email: $email</pre>";
}
if (PIPHP_SecureSession()) echo "Session is secure.";
else echo "No session (or unsecured: now terminated).";
function PIPHP_SecureSession()
{
// Plug-in 68: Secure Session
//
// This plug-in tests whether the IP address or User
// Agent are different from those of the user who
// initiated the session. If so, it terminates the
// session to prevent hijacking. It returns TRUE if
// the session appears secure, otherwise it closes
// any session that appears insecure and returns
// FALSE. If the session doesn't exists it returns
// FALSE. It doesn't take any arguments.
$ipnum = getenv("REMOTE_ADDR");
$agent = getenv("HTTP_USER_AGENT");
if (isset($_SESSION['ipnum']))
{
if ($ipnum != $_SESSION['ipnum'] ||
$agent != $_SESSION['agent'])
{
PIPHP_CloseSession();
return FALSE;
}
else return TRUE;
}
else return FALSE;
}
// The plug-ins below are included here to ensure they
// are available to the main plug-in which relies on them
function PIPHP_OpenSession()
{
// Plug-in 66: Open Session
//
// This plug-in returns the four user variables.
// It doesn't take any parameters. On success it
// returns a two-element array, the first of which
// has the value FALSE, and the second is an array
// of values. On failure (if the session variables
// don't exists, for example), it returns a single
// element array with the value FALSE. An easy way
// to read the return values is with a list()
// statement, like this:
//
// $result = PIPHP_ReadSession();
// list($h, $p, $n, $e) = $result[1];
if (!session_start()) return array(FALSE);
if (!isset($_SESSION['handle'])) return array(FALSE);
$vars = array();
$vars[] = $_SESSION['handle'];
$vars[] = $_SESSION['pass'];
$vars[] = $_SESSION['name'];
$vars[] = $_SESSION['email'];
return array(TRUE, $vars);
}
function PIPHP_CloseSession()
{
// Plug-in 67: Close Session
//
// This plug-in ends a previously started session.
// It does not take any arguments and returns TRUE
// on success, otherwise FALSE.
$_SESSION = array();
if (session_id() != "" ||
isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 2592000, '/');
return @session_destroy();
}
?>
插件68:保证会话安全
最新推荐文章于 2024-09-20 21:32:51 发布