Index: modules/security/security.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/security/security.module,v
retrieving revision 1.15
diff -u -r1.15 security.module
--- modules/security/security.module	28 Aug 2005 01:31:42 -0000	1.15
+++ modules/security/security.module	25 Mar 2006 05:56:39 -0000
@@ -11,6 +11,56 @@
  */
 
 /**
+ * Security checks for the start of every page load
+ */
+function security_init() {
+  $ip = '';
+  $ua = '';
+  $lock_ip = variable_get('security_lock_ip', false); // 1 = /32, 5 = IP class
+  $lock_agent = variable_get('security_lock_agent', false);
+  if ($lock_ip > 0) {
+    $ip = explode('.', $_SERVER['REMOTE_ADDR']);
+    $tmp = array();
+    if($lock_ip == 5) {
+      if ($ip[0] < 128) {
+        $classes = 1;
+      }
+      elseif($ip[0] < 192) {
+        $classes = 2;
+      }
+      else {
+        $classes = 3;
+      }
+    }
+    else {
+      $classes = $lock_ip;
+    }
+    for ($i=0; $i < $classes; $i++) {
+      $tmp[] = $ip[$i];
+    }
+    $ip = implode('.', $tmp);
+    unset($tmp);
+  }
+
+  if($lock_agent) {
+    $ua = $_SERVER['HTTP_USER_AGENT'];
+  }
+
+  if ($lock_ip || $lock_agent) {
+    $fp = sha1($user->uid . $ua . $ip);
+    if (isset($_SESSION['security_fingerprint']) && strcmp($fp, $_SESSION['security_fingerprint']) !== 0) {
+      drupal_set_message(t('Session hijack attempt detected! You have been automatically logged out as a security precaution.'));
+      $_SESSION = array();
+      session_unset();
+      session_destroy();
+    }
+    else {
+      $_SESSION['security_fingerprint'] = $fp;
+    }
+  }
+}
+
+/**
  * Implementation of hook_help().
  */
 function security_help($section = 'admin/help#security') {
@@ -61,8 +111,74 @@
  */
 function security_settings() {
   if (user_access('administer security')) {
-    $output = 'TODO.<br />';
-    return $output;
+    $form = array();
+    $form['security_lock_ip'] = array(
+      '#type' => 'radios',
+      '#title' => t('Lock user sessions to IP'),
+      '#default_value' => variable_get('security_lock_ip', 0),
+      '#options' => array(t('No'), t('First 8 bits'), t('First 16 bits'), t('First 24 bits'), t('Single IP'), t('IP class')),
+      '#description' => t('For IPv4 networks only. Locking users to an IP by IP class is the most friendly for users behind proxies and round-robin network address translation (NAT). Each part of an IP address is 8 bits, so selecting to lock to the first 8 bits will only allow users to keep their session when they connect from an address that always has the same digits in the first part of the address (xxx.-.-.-). Locking to a single IP is the most restrictive connection control.')
+    );
+    $form['security_lock_agent'] = array(
+      '#type' => 'radios',
+      '#title' => t('Lock user sessions to browser user agent'),
+      '#default_value' => variable_get('security_lock_agent', 0),
+      '#options' => array(t('No'), t('Yes')),
+      '#description' => t('Internet browsers tell the server what they are. Turning this on will lock user sessions a specific user agent string.')
+    );
+    return $form;
+  }
+}
+
+/**
+ * Implementation of hook_block().
+ */
+function security_block($op = 'list', $delta = 0, $edit = array()) {
+  global $user;
+  global $base_url;
+
+  if ($op == 'list') {
+     $blocks[0]['info'] = t('User login via HTTPS');
+     return $blocks;
+  }
+  else if ($op == 'view') {
+    $block = array();
+
+    switch ($delta) {
+      case 0:
+        // For usability's sake, avoid showing two login forms on one page.
+        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
+          //die(var_dump(drupal_get_destination()));
+          $form['#action'] = preg_replace("/^http:\/\//", 'https://', url($_GET['q'], drupal_get_destination(), NULL, true));
+          $form['#id'] = 'user-login-form';
+          $form['name'] = array('#type' => 'textfield',
+            '#title' => t('Username'),
+            '#maxlength' => 60,
+            '#size' => 15,
+            '#required' => TRUE,
+          );
+          $form['pass'] = array('#type' => 'password',
+            '#title' => t('Password'),
+            '#size' => 15,
+            '#required' => TRUE,
+          );
+          $form['submit'] = array('#type' => 'submit',
+            '#value' => t('Log in'),
+          );
+
+          if (variable_get('user_register', 1)) {
+            $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
+          }
+          $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
+          $form['links'] = array('#value' => theme('item_list', $items));
+
+          $output .= drupal_get_form('user_login_block', $form, 'user_login');
+
+          $block['subject'] = t('User login');
+          $block['content'] = $output;
+        }
+        return $block;
+    }
   }
 }