From 2f8bed375c124c1d7e36138acc6903fcfcf15a8f Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Mon, 22 Jan 2024 14:38:18 -0700
Subject: [PATCH] Security - validate session

---
 .../resources/classes/authentication.php          |  5 ++++-
 resources/check_auth.php                          | 15 +++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/core/authentication/resources/classes/authentication.php b/core/authentication/resources/classes/authentication.php
index 5d73ad0de5e..e90d08a5915 100644
--- a/core/authentication/resources/classes/authentication.php
+++ b/core/authentication/resources/classes/authentication.php
@@ -229,6 +229,9 @@ public function validate() {
 					$_SESSION["user_uuid"] = $result["user_uuid"];
 					$_SESSION["context"] = $result['domain_name'];
 
+				//used to validate the session
+					$_SESSION["user_hash"] = hash('sha256', $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
+
 				//user session array
 					$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
 					$_SESSION["user"]["domain_name"] = $result["domain_name"];
@@ -266,7 +269,7 @@ public function validate() {
 						}
 					}
 
-				//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
+					//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
 					if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
 						$x = 0;
 						$sql = "select distinct(permission_name) from v_group_permissions ";
diff --git a/resources/check_auth.php b/resources/check_auth.php
index ef9ee901fcb..e5d60115231 100644
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -42,8 +42,19 @@
 //define variables
 	if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
 
+//if session authorized is not set then set the default value to false
+	if (!isset($_SESSION['authorized'])) {
+		$_SESSION['authorized'] = false;
+	}
+
+//validate the session address
+	if ($_SESSION['authorized'] && $_SESSION["user_hash"] !== hash('sha256', $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'])) {
+		session_destroy();
+		header("Location: ".PROJECT_PATH."/?path=".urlencode($target_path));
+	}
+
 //if the session is not authorized then verify the identity
-	if (!isset($_SESSION['authorized']) || (isset($_SESSION['authorized']) && !$_SESSION['authorized'])) {
+	if (!$_SESSION['authorized']) {
 
 		//clear the menu
 			unset($_SESSION["menu"]);
@@ -98,4 +109,4 @@
 
 	}
 
-?>
+?>
\ No newline at end of file