diff options
| author | Andrew Dolgov <[email protected]> | 2021-01-05 10:17:24 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-01-05 10:17:24 +0300 |
| commit | a8302fb25316661512951fdf744ac1bae6e94ef6 (patch) | |
| tree | 0f726961700794735328d35841c7f1e1ae98eb9c | |
| parent | 87646621385686d6127f61a30ff71c5899d6a7a7 (diff) | |
use X-Real-IP headers if possible while authenticating
| -rwxr-xr-x | classes/api.php | 2 | ||||
| -rwxr-xr-x | classes/handler/public.php | 2 | ||||
| -rwxr-xr-x | classes/logger/sql.php | 5 | ||||
| -rw-r--r-- | classes/userhelper.php | 11 |
4 files changed, 15 insertions, 5 deletions
diff --git a/classes/api.php b/classes/api.php index 6b857f689..aa39171bf 100755 --- a/classes/api.php +++ b/classes/api.php @@ -81,7 +81,7 @@ class API extends Handler { $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in - user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); + user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); } } else { diff --git a/classes/handler/public.php b/classes/handler/public.php index 4bd9c06f9..86a82cc61 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -714,7 +714,7 @@ class Handler_Public extends Handler { if (!isset($_SESSION["login_error_msg"])) $_SESSION["login_error_msg"] = __("Incorrect username or password"); - user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); + user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); } $return = clean($_REQUEST['return']); diff --git a/classes/logger/sql.php b/classes/logger/sql.php index 1b44b1e5f..c1ea16ef9 100755 --- a/classes/logger/sql.php +++ b/classes/logger/sql.php @@ -16,7 +16,10 @@ class Logger_SQL { $context = mb_substr($context, 0, 8192); $server_params = [ - "IP" => "REMOTE_ADDR", + "Real IP" => "HTTP_X_REAL_IP", + "Forwarded For" => "HTTP_X_FORWARDED_FOR", + "Forwarded Protocol" => "HTTP_X_FORWARDED_PROTO", + "Remote IP" => "REMOTE_ADDR", "Request URI" => "REQUEST_URI", "User agent" => "HTTP_USER_AGENT", ]; diff --git a/classes/userhelper.php b/classes/userhelper.php index fd0b0ac57..4cc6768db 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -38,7 +38,7 @@ class UserHelper { $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?"); $usth->execute([$user_id]); - $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["ip_address"] = UserHelper::get_user_ip(); $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = $row["pwd_hash"]; @@ -63,7 +63,7 @@ class UserHelper { if (!$_SESSION["csrf_token"]) $_SESSION["csrf_token"] = bin2hex(get_random_bytes(16)); - $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["ip_address"] = UserHelper::get_user_ip(); Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); @@ -138,4 +138,11 @@ class UserHelper { } + static function get_user_ip() { + foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR", "REMOTEADDR"] as $hdr) { + if (isset($_SERVER[$hdr])) + return $_SERVER[$hdr]; + } + } + } |