use X-Real-IP headers if possible while authenticating

author: Andrew Dolgov <[email protected]> 2021-01-05 10:17:24 +0300
committer: Andrew Dolgov <[email protected]> 2021-01-05 10:17:24 +0300
commit: a8302fb25316661512951fdf744ac1bae6e94ef6 (patch)
tree: 0f726961700794735328d35841c7f1e1ae98eb9c /classes/userhelper.php
parent: 87646621385686d6127f61a30ff71c5899d6a7a7 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php
index fd0b0ac57..4cc6768db 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -38,7 +38,7 @@ class UserHelper {
 				$usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
 				$usth->execute([$user_id]);
 
-				$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
+				$_SESSION["ip_address"] = UserHelper::get_user_ip();
 				$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
 				$_SESSION["pwd_hash"] = $row["pwd_hash"];
 
@@ -63,7 +63,7 @@ class UserHelper {
 			if (!$_SESSION["csrf_token"])
 				$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
 
-			$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
+			$_SESSION["ip_address"] = UserHelper::get_user_ip();
 
 			Pref_Prefs::initialize_user_prefs($_SESSION["uid"]);
 
@@ -138,4 +138,11 @@ class UserHelper {
 
 	}
 
+	static function get_user_ip() {
+		foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR", "REMOTEADDR"] as $hdr) {
+			if (isset($_SERVER[$hdr]))
+				return $_SERVER[$hdr];
+		}
+	}
+
 }
author	Andrew Dolgov <[email protected]>	2021-01-05 10:17:24 +0300
committer	Andrew Dolgov <[email protected]>	2021-01-05 10:17:24 +0300
commit	a8302fb25316661512951fdf744ac1bae6e94ef6 (patch)
tree	0f726961700794735328d35841c7f1e1ae98eb9c /classes/userhelper.php
parent	87646621385686d6127f61a30ff71c5899d6a7a7 (diff)