Commit 5f994bb3 authored by Kasper Skårhøj's avatar Kasper Skårhøj
Browse files

* Added TYPo3_CONF_VARS[FE][lockHashKeyWords] so it is optional to lock FE user sessions to HTTP_USER_AGENT


git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@425 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 87d8fdd2
2004-08-04 Kasper Skårhøj,,, <kasper@typo3.com>
* Added TYPo3_CONF_VARS[FE][lockHashKeyWords] so it is optional to lock FE user sessions to HTTP_USER_AGENT
2004-08-03 Kasper Skårhøj,,, <kasper@typo3.com>
* Added and Changed features around page languages. More to come including a document guiding people about charsets and localization.
......
......@@ -165,6 +165,7 @@ $TYPO3_CONF_VARS = Array(
'addRootLineFields' => '', // Comma-list of fields from the 'pages'-table. These fields are added to the select query for fields in the rootline.
'checkFeUserPid' => 1, // Boolean. If set, the pid of fe_user logins must be sent in the form as the field 'pid' and then the user must be located in the pid. Default is 1 from Typo32+. If you unset this, you should change the fe_users.username eval-flag 'uniqueInPid' to 'unique' in $TCA. This will do: $TCA['fe_users']['columns']['username']['config']['eval']= 'nospace,lower,required,unique';
'lockIP' => 2, // Integer (0-4). If >0, fe_users are locked to (a part of) their REMOTE_ADDR IP for their session. Enhances security but may throw off users that may change IP during their session (in which case you can lower it to 2 or 3). The integer indicates how many parts of the IP address to include in the check. Reducing to 1-3 means that only first, second or third part of the IP address is used. 4 is the FULL IP address and recommended. 0 (zero) disables checking of course.
'lockHashKeyWords' => 'useragent', // Keyword list (Strings commaseparated). Currently only "useragent"; If set, then the FE user session is locked to the value of HTTP_USER_AGENT. This lowers the risk of session hi-jacking. However some cases (like payment gateways) might have to use the session cookie and in this case you will have to disable that feature (eg. with a blank string).
'defaultUserTSconfig' => '', // Enter lines of default frontend user/group TSconfig.
'defaultTypoScript_constants' => '', // Enter lines of default TypoScript, constants-field.
'defaultTypoScript_constants.' => Array(), // Lines of TS to include after a static template with the uid = the index in the array (Constants)
......
......@@ -449,6 +449,7 @@
$this->fe_user = t3lib_div::makeInstance('tslib_feUserAuth');
$this->fe_user->lockIP = $this->TYPO3_CONF_VARS['FE']['lockIP'];
$this->fe_user->lockHashKeyWords = $this->TYPO3_CONF_VARS['FE']['lockHashKeyWords'];
$this->fe_user->checkPid = $this->TYPO3_CONF_VARS['FE']['checkFeUserPid'];
$this->fe_user->checkPid_value = $GLOBALS['TYPO3_DB']->cleanIntList(t3lib_div::_GP('pid')); // List of pid's acceptable
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment