插件68：保證會話安全

<?php // Plug-in 68: Secure Session
/*
 * 插件說明：
 * 插件用於檢查某個會話是否安全，如果它不安全，就關閉它。它不需要任何參數。
 * 黑客攻擊會利用“劫持”PHP會話。可以有多種方式實現，但是一個嚴重的安全漏洞就是黑客通過GET URL字符串尾確定會話ID的網站。
 * 憑藉這些信息黑客可以啓動一個會話，然後通過垃圾信息或其他連接傳遞這個URL地址，然後他們通過這個地址返回，並搜索這些鏈接正在被使用的蛛絲馬跡，
 * 如果發現這個用戶還沒推出，他們就可以劫持這個會話並以他的身份訪問這個網站。
 */
// This is an executable example with additional code supplied
// To obtain just the plug-ins please click on the Download link

$result = PIPHP_OpenSession();

if (!$result[0]) echo "Could not open session.<br />";
else
{
   list($handle, $pass, $name, $email) = $result[1];

   echo "Retrieving session variables:<pre>";
   echo "Handle: $handle\n";
   echo "Pass:   $pass\n";
   echo "Name:   $name\n";
   echo "Email:  $email</pre>";
}

if (PIPHP_SecureSession()) echo "Session is secure.";
else echo "No session (or unsecured: now terminated).";

function PIPHP_SecureSession()
{
   // Plug-in 68: Secure Session
   //
   // This plug-in tests whether the IP address or User
   // Agent are different from those of the user who
   // initiated the session. If so, it terminates the
   // session to prevent hijacking. It returns TRUE if
   // the session appears secure, otherwise it closes
   // any session that appears insecure and returns
   // FALSE. If the session doesn't exists it returns
   // FALSE. It doesn't take any arguments.
   
   $ipnum = getenv("REMOTE_ADDR");
   $agent = getenv("HTTP_USER_AGENT");

   if (isset($_SESSION['ipnum']))
   {
      if ($ipnum != $_SESSION['ipnum'] ||
         $agent != $_SESSION['agent'])
      {
         PIPHP_CloseSession();
         return FALSE;
      }
      else return TRUE;
   }
   else return FALSE;
}

// The plug-ins below are included here to ensure they
// are available to the main plug-in which relies on them

function PIPHP_OpenSession()
{
   // Plug-in 66: Open Session
   //
   // This plug-in returns the four user variables.
   // It doesn't take any parameters. On success it
   // returns a two-element array, the first of which
   // has the value FALSE, and the second is an array
   // of values. On failure (if the session variables
   // don't exists, for example), it returns a single
   // element array with the value FALSE. An easy way
   // to read the return values is with a list()
   // statement, like this:
   //
   //    $result = PIPHP_ReadSession();
   //    list($h, $p, $n, $e) = $result[1];

   if (!session_start()) return array(FALSE);
   if (!isset($_SESSION['handle'])) return array(FALSE);

   $vars = array();
   $vars[] = $_SESSION['handle'];
   $vars[] = $_SESSION['pass'];
   $vars[] = $_SESSION['name'];
   $vars[] = $_SESSION['email'];
   return array(TRUE, $vars);
}

function PIPHP_CloseSession()
{
   // Plug-in 67: Close Session
   //
   // This plug-in ends a previously started session.
   // It does not take any arguments and returns TRUE
   // on success, otherwise FALSE.

	$_SESSION = array();

	if (session_id() != "" ||
       isset($_COOKIE[session_name()]))
	   setcookie(session_name(), '', time() - 2592000, '/');

	return @session_destroy();
}

?>