forked from firesunCN/BlueLotus_XSSReceiver
-
Notifications
You must be signed in to change notification settings - Fork 1
/
auth.php
24 lines (21 loc) · 1.09 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
//设置httponly
ini_set("session.cookie_httponly", 1);
session_start();
//判断登陆情况,ip和useragent是否改变,改变则强制退出
if (!(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === $_SERVER['REMOTE_ADDR'] && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] != "" && $_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT'])) {
$_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = "";
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
//开启CSP
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");