It will be great if this module check IP address for user one not only login action but and during usual work session. Because in case of cookie stealing there is no login action at all. Thank you for your attention!

CommentFileSizeAuthor
#3 userone-1372878-check-address-continually-3.patch1.96 KBjayelless
#1 userone-1372878-check-address-continually-1.patch1.87 KBjayelless

Comments

jayelless’s picture

jayelless commented
StatusFileSize
new userone-1372878-check-address-continually-1.patch1.87 KB

I have prepared a patch to userone that performs a check of the remote ip address against authorised ip addresses every time a form is built. If the remote address is not in the authorised list, then the form is replaced with a warning, effectively preventing all administration activity.

The list of authorised ip addresses is saved into the $_SESSION array at login so that changes to it during the session do not immediately kill the ability of that administrator to work. This will allow a change of authorised addresses to happen in an orderly manner, or to enable a mistake in entering addresses to be corrected before the end of the session.

Patch attached. Please review and include if acceptable.

Regards.

jayelless’s picture

jayelless commented
Status: Active » Needs review
jayelless’s picture

jayelless commented
StatusFileSize
new userone-1372878-check-address-continually-3.patch1.96 KB

Found an error in the original patch that caused problems when no addresses were specified. Patch re-rolled to fix that

naveenvalecha’s picture

naveenvalecha
He/Him
commented
Issue summary: View changes
Status: Needs review » Closed (outdated)

Closing because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.

naveenvalecha’s picture

naveenvalecha
He/Him
commented
Version: 6.x-1.1 » 6.x-1.x-dev