-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.php
executable file
·54 lines (49 loc) · 1.32 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
require_once 'Bunzilla.php';
require_once BUNZ_LIB_DIR . 'db.inc.php';
require_once BUNZ_LIB_DIR . 'cache.inc.php';
/**
* Sessions */
ini_set('session.use_cookies', 1);
ini_set('session.referer_check', $_SERVER['HTTP_HOST']);
ini_set('session.hash_function', 1);
session_name('s');
session_cache_limiter('private, must-revalidate');
session_start();
/**
* Session fixation limitation
*
* If client has been inactive for 1 hour (time can change), logout (basically)
*/
if(isset($_SESSION['last_active'])
&& $_SESSION['last_active'] < time() - 3600)
{ session_unset();
session_destroy();
}
/**
* If client session is more than half an hour old (again, time can change),
* change session id */
if(!isset($_SESSION['created_at']))
$_SESSION['created_at'] = time();
elseif($_SESSION['created_at'] < time() - 1800)
{ session_regenerate_id(true);
$_SESSION['created_at'] = time();
}
/**
* Update session var containing time of last activity */
$_SESSION['last_active'] = time();
/**
* (end of session fixation stuff)
*/
/**
* http_referer_is_host()
*
* @comment does what the name implies
* @usage csrf checks and redirects
* @return boolean */
function http_referer_is_host()
{
return (isset($_SERVER['HTTP_REFERER']) &&
stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']));
}
(new Bunzilla);