RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1798 from MPOS/x-forwarded-for-check

Browse Source 
[CHANGED] Parse X-FORWARDED-FOR when supplied
This commit is contained in:
Sebastian Grewe 2014-02-26 09:53:29 +01:00
commit 3e64dd3487
2 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
public/include/classes/user.class.php
View File

@ -196,7 +196,7 @@ class User extends Base {
$lastLoginTime = $this->getLastLogin($uid);
$this->updateLoginTimestamp($uid);
$getIPAddress = $this->getUserIp($uid);
if ($getIPAddress !== $_SERVER['REMOTE_ADDR']) {
if ($getIPAddress !== $this->getCurrentIP()) {
$this->log->log("warn", "$username has logged in with a different IP, saved is [$getIPAddress]");
}
$setIPAddress = $this->setUserIp($uid, $_SERVER['REMOTE_ADDR']);
@ -931,7 +931,7 @@ public function isAuthenticated($logout=true) {
* @param checkforwarded bool check HTTP_X_FORWARDED_FOR for a valid ip first
* @return string IP address
*/
public function getCurrentIP($trustremote=true, $checkclient=false, $checkforwarded=false) {
public function getCurrentIP($trustremote=false, $checkclient=false, $checkforwarded=true) {
$client = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : false;
$fwd = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : false;
$remote = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : @$_SERVER['REMOTE_ADDR'];
@ -941,13 +941,7 @@ public function isAuthenticated($logout=true) {
} else if (strpos($fwd, ',') !== false && !$trustremote && $checkforwarded) {
// multiple proxies
$ips = explode(',', $fwd);
$path = array();
foreach ($ips as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP)) {
$path[] = $ip;
}
}
return array_pop($path);
return $ips[0];
} else if (filter_var($fwd, FILTER_VALIDATE_IP) && !$trustremote && $checkforwarded) {
// single
return $fwd;

2
public/index.php
View File

@ -99,7 +99,7 @@ if (count(@$_SESSION['last_ip_pop']) == 2) {
$ip = filter_var($data[0], FILTER_VALIDATE_IP);
$time = date("l, F jS \a\\t g:i a", $data[1]);
$closelink = "<a href='index.php?page=dashboard&clp=1' style='float:right;padding-right:14px;'>Close</a>";
if (@$_SESSION['AUTHENTICATED'] && $_SESSION['last_ip_pop'][0] !== $_SERVER['REMOTE_ADDR']) {
if (@$_SESSION['AUTHENTICATED'] && $_SESSION['last_ip_pop'][0] !== $user->getCurrentIP()) {
$_SESSION['POPUP'][] = array('CONTENT' => "You last logged in from <b>$ip</b> on $time $closelink", 'TYPE' => 'warning');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => "You last logged in from <b>$ip</b> on $time $closelink", 'TYPE' => 'info');