| Index: trunk/extensions/IPAuth/IPAuth.php |
| — | — | @@ -50,8 +50,37 @@ |
| 51 | 51 | $wgIPAuthUsers = array( ); |
| 52 | 52 | # $wgIPAuthUsers = array( "127.0.0.1" => "LocalUser" ); |
| 53 | 53 | |
| | 54 | +$wgIPAuthIdSecret = null; |
| | 55 | + |
| | 56 | +$wgHooks['UserLoadFromSession'][] = 'ipAuthUserLoadFromSession'; |
| 54 | 57 | $wgHooks['UserLoadAfterLoadFromSession'][] = 'ipAuthUserLoadAfterLoadFromSession'; |
| 55 | 58 | |
| | 59 | +function ipAuthUserLoadFromSession( $user, &$result ) { |
| | 60 | + global $wgIPAuthUsers, $wgRequest, $wgIPAuthIdSecret; |
| | 61 | + |
| | 62 | + if ( !$wgIPAuthIdSecret ) { |
| | 63 | + return true; |
| | 64 | + } |
| | 65 | + |
| | 66 | + $ip = wfGetIP(); |
| | 67 | + if ( isset( $wgIPAuthUsers[ $ip ] ) ) { |
| | 68 | + $name = $wgIPAuthUsers[ $ip ]; |
| | 69 | + |
| | 70 | + if ( !$wgRequest->checkSessionCookie() ) { // if the client didn't provide a session cookie |
| | 71 | + // pick a new session id to avoid setting up a fresh session over and over. |
| | 72 | + // NOTE: <http://www.php.net/manual/en/function.session-id.php> sais: |
| | 73 | + // Depending on the session handler, not all characters are allowed within the session id. |
| | 74 | + // For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)! |
| | 75 | + $sid = "ipauth" . '-' . preg_replace('![_.:]!', '-', $ip) . '-' . md5("$name:$ip:$wgIPAuthIdSecret"); |
| | 76 | + |
| | 77 | + wfDebug( "Forcing session id for $name at $ip to $sid\n" ); |
| | 78 | + session_id($sid); //note: hope session isn't already open. |
| | 79 | + } |
| | 80 | + } |
| | 81 | + |
| | 82 | + return true; |
| | 83 | +} |
| | 84 | + |
| 56 | 85 | function ipAuthUserLoadAfterLoadFromSession( $user ) { |
| 57 | 86 | global $wgIPAuthUsers; |
| 58 | 87 | |
| — | — | @@ -87,4 +116,3 @@ |
| 88 | 117 | |
| 89 | 118 | return true; |
| 90 | 119 | } |
| 91 | | - |