<?php // Plug-in 68: Secure Session
/*
* 插件說明:
* 插件用於檢查某個會話是否安全,如果它不安全,就關閉它。它不需要任何參數。
* 黑客攻擊會利用“劫持”PHP會話。可以有多種方式實現,但是一個嚴重的安全漏洞就是黑客通過GET URL字符串尾確定會話ID的網站。
* 憑藉這些信息黑客可以啓動一個會話,然後通過垃圾信息或其他連接傳遞這個URL地址,然後他們通過這個地址返回,並搜索這些鏈接正在被使用的蛛絲馬跡,
* 如果發現這個用戶還沒推出,他們就可以劫持這個會話並以他的身份訪問這個網站。
*/
// This is an executable example with additional code supplied
// To obtain just the plug-ins please click on the Download link
$result = PIPHP_OpenSession();
if (!$result[0]) echo "Could not open session.<br />";
else
{
list($handle, $pass, $name, $email) = $result[1];
echo "Retrieving session variables:<pre>";
echo "Handle: $handle\n";
echo "Pass: $pass\n";
echo "Name: $name\n";
echo "Email: $email</pre>";
}
if (PIPHP_SecureSession()) echo "Session is secure.";
else echo "No session (or unsecured: now terminated).";
function PIPHP_SecureSession()
{
// Plug-in 68: Secure Session
//
// This plug-in tests whether the IP address or User
// Agent are different from those of the user who
// initiated the session. If so, it terminates the
// session to prevent hijacking. It returns TRUE if
// the session appears secure, otherwise it closes
// any session that appears insecure and returns
// FALSE. If the session doesn't exists it returns
// FALSE. It doesn't take any arguments.
$ipnum = getenv("REMOTE_ADDR");
$agent = getenv("HTTP_USER_AGENT");
if (isset($_SESSION['ipnum']))
{
if ($ipnum != $_SESSION['ipnum'] ||
$agent != $_SESSION['agent'])
{
PIPHP_CloseSession();
return FALSE;
}
else return TRUE;
}
else return FALSE;
}
// The plug-ins below are included here to ensure they
// are available to the main plug-in which relies on them
function PIPHP_OpenSession()
{
// Plug-in 66: Open Session
//
// This plug-in returns the four user variables.
// It doesn't take any parameters. On success it
// returns a two-element array, the first of which
// has the value FALSE, and the second is an array
// of values. On failure (if the session variables
// don't exists, for example), it returns a single
// element array with the value FALSE. An easy way
// to read the return values is with a list()
// statement, like this:
//
// $result = PIPHP_ReadSession();
// list($h, $p, $n, $e) = $result[1];
if (!session_start()) return array(FALSE);
if (!isset($_SESSION['handle'])) return array(FALSE);
$vars = array();
$vars[] = $_SESSION['handle'];
$vars[] = $_SESSION['pass'];
$vars[] = $_SESSION['name'];
$vars[] = $_SESSION['email'];
return array(TRUE, $vars);
}
function PIPHP_CloseSession()
{
// Plug-in 67: Close Session
//
// This plug-in ends a previously started session.
// It does not take any arguments and returns TRUE
// on success, otherwise FALSE.
$_SESSION = array();
if (session_id() != "" ||
isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 2592000, '/');
return @session_destroy();
}
?>
插件68:保證會話安全
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.