If you are logged in to your 4images and give a link to someone, with sessionid attached to it (http://
example.com/4images/index.php?
sessiond=3DwRG-ef4YHhp3xIv3GOMnQ8Qtd) then there is a chance, that the visitor who visited that link may get automaticaly logged in with your account. This issue was introduced in 4images v1.7.1 (or atleast I've never heard anyone reporting it before that).
Here is a beta patch. Open
includes/sessions.php find:
if (!isset($this->session_info['session_user_id'])) {
return false;
}
Insert
below:
if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
{
session_regenerate_id();
$this->session_id = session_id();
return false;
}
and to ensure this to work on PHP older then v4.3.2, insert at the end of
includes/functions.php just
above closing
?> this:
if (!function_exists("session_regenerate_id"))
{
function session_regenerate_id()
{
return session_id(md5(uniqid(microtime())));
}
}
As of now, this patch is in stage "beta", untill more people test it, on more then one computer