Commit 3b3a78b2 authored by sewilco's avatar sewilco

[NEW] Use ->get_ip_address() for IP of user instead of 127.0.0.1 proxy.

parent 6648e22b
......@@ -17,7 +17,7 @@ if (isset($_REQUEST['noautosave'])) {
function auto_save($id, $data, $referer = "") {
global $user;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = $tikilib->get_ip_address();
if ($referer == "") {
$referer = preg_replace("/(\?|\&)noautosave=y/","",$_SERVER['REQUEST_URI']);
}
......@@ -31,7 +31,7 @@ function auto_save($id, $data, $referer = "") {
function remove_save($id) {
global $user;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = $tikilib->get_ip_address();
$request_uri = preg_replace("/(\?|\&)noautosave=y/","",$_SERVER['REQUEST_URI']);
$file_name = md5("$user:$user_ip:$request_uri:$id");
if (file_exists("temp/cache/wiki-$file_name")) {
......@@ -46,7 +46,7 @@ function remove_save($id) {
function has_autosave($id) {
global $user;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = $tikilib->get_ip_address();
$request_uri = preg_replace("/(?|&)noautosave='y'/","",$_SERVER['REQUEST_URI']);
$file_name = md5("$user:$user_ip:$request_uri:$id");
......@@ -56,7 +56,7 @@ function has_autosave($id) {
function get_autosave($id) {
global $user;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = $tikilib->get_ip_address();
$request_uri = preg_replace("/(?|&)noautosave='y'/","",$_SERVER['REQUEST_URI']);
$file_name = md5("$user:$user_ip:$request_uri:$id");
if (file_exists("temp/cache/wiki-$file_name")) {
......
......@@ -1998,9 +1998,6 @@ class Comments extends TikiLib {
$_SESSION["lastPost"] = $postDate;
}
if (!isset($_SERVER['REMOTE_ADDR']))
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
// Check for banned userName or banned IP or IP in banned range
// Check for duplicates.
......@@ -2109,7 +2106,7 @@ class Comments extends TikiLib {
$result = $this->query($query,
array( $object[0], (string) $object[1],(int) $this->now, $userName,
$title, $data, $hash, (int) $parentId, $type,
$summary, $smiley, $_SERVER["REMOTE_ADDR"],
$summary, $smiley, $tikilib->get_ip_address(),
$message_id, (string) $in_reply_to, $approved)
);
}
......
......@@ -23,7 +23,7 @@ class LogsLib extends TikiLib {
}
}
if (!$ip) {
$ip = $_SERVER['REMOTE_ADDR'];
$ip = $this->get_ip_address();
}
if (!$client) {
if (!$_SERVER['HTTP_USER_AGENT']) {
......@@ -113,7 +113,7 @@ class LogsLib extends TikiLib {
if ($who == '')
$who = $user;
if ($ip == '')
$ip = $_SERVER['REMOTE_ADDR'];;
$ip = $this->get_ip_address();
if ($client == '')
$client = $_SERVER['HTTP_USER_AGENT'];
if ($logCateg) {
......
......@@ -120,7 +120,7 @@ class ObjectLib extends TikiLib {
case 'wiki': case 'wiki page':
global $tikilib; include_once('lib/tikilib.php');
global $user;
$tikilib->update_page($object, $data, tra('section edit'), $user, $_SERVER["REMOTE_ADDR"]);
$tikilib->update_page($object, $data, tra('section edit'), $user, $tikilib->get_ip_address());
break;
case 'article':
global $artlib; include_once('lib/articles/artlib.php');
......
......@@ -18,7 +18,7 @@ if ( isset($_REQUEST['pollVote']) ) {
$identification = $user;
$pollinfo = $polllib->get_poll($_REQUEST['polls_pollId']);
$anonym=$pollinfo['anonym'];
if($anonym=='i') $identification=$_SERVER['REMOTE_ADDR'];
if($anonym=='i') $identification=$tikilib->get_ip_address();
if($anonym=='c') $identification = ( isset($_COOKIE['tiki_wiki_poll_'.$_REQUEST['polls_pollId']])
? $_COOKIE['tiki_wiki_poll_'.$_REQUEST['polls_pollId']] : MD5(time().'_'.rand(0,1000)) );
if($anonym=='a'||!$polllib->id_has_voted($_REQUEST['polls_pollId'],$identification)) {
......
......@@ -58,10 +58,7 @@ if ( $user ) {
$allowMsgs = 'n';
}
if ( isset($_SERVER['REMOTE_ADDR']) ) {
$IP = $_SERVER['REMOTE_ADDR'];
$smarty->assign('IP', $IP);
}
$smarty->assign('IP', $tikilib->get_ip_address());
if ($prefs['users_prefs_display_timezone'] == 'Site' || (isset($user_preferences[$user]['display_timezone']) && $user_preferences[$user]['display_timezone'] == 'Site')) {
// Everybody stays in the time zone of the server
......
......@@ -11,7 +11,7 @@ function smarty_function_autosave($params, &$smarty)
global $user;
global $js_script;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_ip = $tikilib->get_ip_address();
$request_uri = $_SERVER['REQUEST_URI'];
$file_name = md5("$user:$user_ip:$request_uri:".$params['id']);
$js_script[$params['id']] = "register_id('".$params['id']."');";
......
......@@ -128,13 +128,30 @@ class TikiLib extends TikiDB {
return $return;
}
/*shared*/
// Returns IP address or if 127.0.0.1 looks for a proxy address
function get_ip_address() {
$ip = "127.0.0.1"; // assume localhost
if (isset($_SERVER["REMOTE_ADDR"])) {
$ip = $_SERVER["REMOTE_ADDR"];
}
if ($ip == "127.0.0.1") {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$fwips = explode(',', $_SERVER["HTTP_X_FORWARDED_FOR"]);
$ip = $fwips[0]; // There may be several but using first IP
// This might need improvement for configurations with multiple proxies.
}
}
return $ip;
}
/*shared*/
function check_rules($user, $section) {
// Admin is never banned
if ($user == 'admin')
return false;
$ips = explode('.', $_SERVER["REMOTE_ADDR"]);
$ips = get_ip_address();
$query = "select tb.`message`,tb.`user`,tb.`ip1`,tb.`ip2`,tb.`ip3`,tb.`ip4`,tb.`mode` from `tiki_banning` tb, `tiki_banning_sections` tbs where tbs.`banId`=tb.`banId` and tbs.`section`=? and ( (tb.`use_dates` = ?) or (tb.`date_from` <= ? and tb.`date_to` >= ?))";
$result = $this->query($query,array($section,'n',(int)$this->now,(int)$this->now));
......
......@@ -45,7 +45,7 @@ function key_get($area, $confirmation_text = '', $confirmaction='') {
if ($user) {
$whose = $user;
} else {
$whose = ' '. md5($_SERVER['REMOTE_ADDR'].$_SERVER['USER_AGENT']);
$whose = ' '. md5($tikilib->get_ip_address().$_SERVER['USER_AGENT']);
}
$ticket = md5(uniqid(rand()));
$tikilib->set_user_preference($whose,'ticket',$ticket);
......@@ -83,7 +83,7 @@ function key_check($area) {
if ($user) {
$whose = $user;
} else {
$whose = ' '. md5($_SERVER['REMOTE_ADDR'].$_SERVER['USER_AGENT']);
$whose = ' '. md5($tikilib->get_ip_address().$_SERVER['USER_AGENT']);
}
if (isset($_REQUEST) and is_array($_REQUEST)
and (!isset($_REQUEST['ticket'])
......
......@@ -2135,7 +2135,7 @@ function get_included_groups($group, $recur=true) {
function create_user_cookie($user,$hash=false) {
global $prefs;
if (!$hash) {
$hash = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']) . ".". ($this->now + $prefs['remembertime']);
$hash = md5($tikilib->get_ip_address().$_SERVER['HTTP_USER_AGENT']) . ".". ($this->now + $prefs['remembertime']);
}
$this->delete_user_cookie($user);
$this->set_user_preference($user,'cookie',$hash);
......@@ -2149,7 +2149,7 @@ function get_included_groups($group, $recur=true) {
function get_user_by_cookie($hash,$bypasscheck=false) {
list($check,$expire,$userCookie) = explode('.',$hash, 3);
if ($check == md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']) or $bypasscheck) {
if ($check == md5($tikilib->get_ip_address().$_SERVER['HTTP_USER_AGENT']) or $bypasscheck) {
$query = 'select `user` from `tiki_user_preferences` where `prefName`=? and `value` like ? and `user`=?';
$user = $this->getOne($query, array('cookie',"$check.%",$userCookie));
// $fp=fopen('temp/interlogtest','a+');fputs($fp,"main gubc -- $check.$expire.$userCookie -- $user --\n");fclose($fp);
......@@ -2765,7 +2765,7 @@ function get_included_groups($group, $recur=true) {
function intervalidate($remote,$user,$pass,$get_info = false) {
global $prefs;
include_once('XML/RPC.php');
$hashkey = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']) . ".". ($this->now + $prefs['remembertime']);
$hashkey = md5($tikilib->get_ip_address().$_SERVER['HTTP_USER_AGENT']) . ".". ($this->now + $prefs['remembertime']);
$remote['path'] = preg_replace("/^\/?/","/",$remote['path']);
$client = new XML_RPC_Client($remote['path'], $remote['host'], $remote['port']);
$client->setDebug(0);
......
......@@ -30,7 +30,7 @@ function wikiplugin_agentinfo($data, $params) {
}
if ($info == 'IP') {
$asetup = $_SERVER["REMOTE_ADDR"];
$asetup = $tikilib->get_ip_address();
}
if ($info == 'SVRSW') {
......
......@@ -268,7 +268,7 @@ function wikiplugin_tracker($data, $params) {
elseif ($flds['data'][$cpt]['type'] == 'g')
$_REQUEST['track'][$fl['fieldId']] = $group;
elseif ($flds['data'][$cpt]['type'] == 'I')
$_REQUEST['track'][$fl['fieldId']] = isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']: '';
$_REQUEST['track'][$fl['fieldId']] = $tikilib->get_ip_address();
elseif ($flds['data'][$cpt]['type'] == 'k')
$_REQUEST['track'][$fl['fieldId']] = isset($_REQUEST['page'])?$_REQUEST['page']: '';
} elseif (!empty($itemId) && $flds['data'][$cpt]['options_array'][0] == '2') {
......@@ -277,7 +277,7 @@ function wikiplugin_tracker($data, $params) {
elseif ($flds['data'][$cpt]['type'] == 'g')
$_REQUEST['track'][$fl['fieldId']] = $group;
elseif ($flds['data'][$cpt]['type'] == 'I')
$_REQUEST['track'][$fl['fieldId']] = isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']: '';
$_REQUEST['track'][$fl['fieldId']] = $tikilib->get_ip_address();
}
} elseif ($flds['data'][$cpt]['type'] == 'f') {
$ins_id = 'track_'.$fl['fieldId'];
......@@ -621,7 +621,7 @@ function wikiplugin_tracker($data, $params) {
$assocNumerics = array();
foreach ($flds['data'] as $f) {
if (empty($f['value']) && ($f['type'] == 'u' || $f['type'] == 'g' || $f['type'] == 'I') && ($f['options_array'][0] == '1' || $f['options_array'][0] == '2')) { //need to fill the selector fields for the join
$f['value'] = ($f['type'] == 'I')? $_SERVER['REMOTE_ADDR']: (($f['type'] == 'g')? $group: $user);
$f['value'] = ($f['type'] == 'I')? $tikilib->get_ip_address(): (($f['type'] == 'g')? $group: $user);
}
$assocValues[$f['fieldId']] = $f['value'];
$assocNumerics[$f['fieldId']] = preg_replace('/[^0-9\.\+]/', '', $f['value']); // get rid off the $ and such unit
......
......@@ -165,8 +165,8 @@ function wikiplugin_trackerstat($data, $params) {
if ($iUser >= 0) {
global $user;
$userValues = $trklib->get_filtered_item_values($allFields["data"][$iUser]['fieldId'], $user, $allFields["data"][$i]['fieldId']);
} else if ($iIp >= 0 && isset($_SERVER['REMOTE_ADDR'])) {
$userValues = $trklib->get_filtered_item_values($allFields["data"][$iIp]['fieldId'], $_SERVER['REMOTE_ADDR'], $allFields["data"][$i]['fieldId']);
} else if ($iIp >= 0) {
$userValues = $trklib->get_filtered_item_values($allFields["data"][$iIp]['fieldId'], $tikilib->get_ip_address(), $allFields["data"][$i]['fieldId']);
}
$allValues = $trklib->get_all_items($trackerId, $fieldId, $status);
......
......@@ -24,7 +24,7 @@ function lograw($file,$line) {
}
function logit($file,$txt,$user,$code,$from) {
$line = $_SERVER['REMOTE_ADDR']." - $user - ". date('[m/d/Y:H:i:s]')." \"$txt\" $code \"$from\"";
$line = $tikilib->get_ip_address()." - $user - ". date('[m/d/Y:H:i:s]')." \"$txt\" $code \"$from\"";
lograw($file,$line);
}
......@@ -51,7 +51,7 @@ function validate($params) {
$slave = $params->getParam(3); $slave = $slave->scalarval();
$hashkey = $params->getParam(4); $hashkey = $hashkey->scalarval();
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $_SERVER['REMOTE_ADDR']) {
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
$msg = tra('Invalid server key');
if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
......@@ -96,7 +96,7 @@ function set_user_info($params) {
return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
}
$key = $params->getParam(0); $key = $key->scalarval();
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $_SERVER['REMOTE_ADDR']) {
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
$msg = tra('Invalid server key');
if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
......@@ -111,7 +111,7 @@ function logout($params) {
global $userlib,$logslib,$prefs;
$key = $params->getParam(0); $key = $key->scalarval();
$login = $params->getParam(1); $login = $login->scalarval();
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $_SERVER['REMOTE_ADDR']) {
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
$msg = tra('Invalid server key');
if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
......@@ -128,7 +128,7 @@ function cookie_check($params) {
global $userlib,$prefs;
$key = $params->getParam(0); $key = $key->scalarval();
$hash = $params->getParam(1); $hash = $hash->scalarval();
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $_SERVER['REMOTE_ADDR']) {
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
$msg = tra('Invalid server key');
if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
......@@ -151,7 +151,7 @@ function get_version($params) {
function get_user_info($params) {
global $prefs, $userlib;
$key = $params->getParam(0); $key = $key->scalarval();
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $_SERVER['REMOTE_ADDR']) {
if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
$msg = tra('Invalid server key');
if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
......
......@@ -992,7 +992,7 @@ if (isset($_REQUEST["save"]) && (strtolower($_REQUEST['page']) != 'sandbox' || $
$cachedlinks = array_diff($links, $notcachedlinks);
$tikilib->cache_links($cachedlinks);
*/
$tikilib->create_page($_REQUEST["page"], 0, $edit, $tikilib->now, $_REQUEST["comment"],$user,$_SERVER["REMOTE_ADDR"],$description, $pageLang, $is_html, $hash, $_REQUEST['wysiwyg'], $wiki_authors_style);
$tikilib->create_page($_REQUEST["page"], 0, $edit, $tikilib->now, $_REQUEST["comment"],$user,$tikilib->get_ip_address(),$description, $pageLang, $is_html, $hash, $_REQUEST['wysiwyg'], $wiki_authors_style);
$info_new = $tikilib->get_page_info($page);
if ($prefs['wiki_watch_author'] == 'y') {
......@@ -1070,7 +1070,7 @@ if (isset($_REQUEST["save"]) && (strtolower($_REQUEST['page']) != 'sandbox' || $
if (isset($_REQUEST['wysiwyg']) && $_REQUEST['wysiwyg'] == 'y' && $prefs['wysiwyg_wiki_parsed'] == 'y') {//take away the <p> that fck introduces around wiki heading ! to have maketoc/edit section working
$edit = preg_replace('/<p>!(.*)<\/p>/u', "!$1\n", $edit);
}
$tikilib->update_page($_REQUEST["page"],$edit,$_REQUEST["comment"],$user,$_SERVER["REMOTE_ADDR"],$description,$minor,$pageLang, $is_html, $hash, null, $_REQUEST['wysiwyg'], $wiki_authors_style);
$tikilib->update_page($_REQUEST["page"],$edit,$_REQUEST["comment"],$user,$tikilib->get_ip_address(),$description,$minor,$pageLang, $is_html, $hash, null, $_REQUEST['wysiwyg'], $wiki_authors_style);
$info_new = $tikilib->get_page_info($page);
// Handle translation bits
......
......@@ -51,7 +51,7 @@ $smarty->assign('req_info', $lslib->get_request($_REQUEST['reqId']));
$smarty->assign('reqId', $_REQUEST['reqId']);
$smarty->assign('IP',$_SERVER['REMOTE_ADDR']);
$smarty->assign('IP',$tikilib->get_ip_address());
if (!isset($user)) {
$smarty->assign('username', 'anonymous');
......
......@@ -91,7 +91,7 @@ if (isset($_REQUEST["create"]) && ($tiki_p_map_create == 'y')) {
fwrite ($fp,"#\n");
fwrite ($fp,"#Modified by: ".$user."\n");
fwrite ($fp,"#GMT Date: ".gmdate("Ymd His")."\n");
fwrite ($fp,"#IP: ".$_REQUEST["REMOTE_ADDR"]."\n");
fwrite ($fp,"#IP: ".$tikilib->get_ip_address()."\n");
fwrite ($fp,"#\n");
fwrite ($fp,"##TIKIMAPS HEADER: END##\n");
fwrite ($fp,"\n");
......@@ -167,7 +167,7 @@ if ($tiki_p_map_edit != 'y') {
fwrite ($fp,"#\n");
fwrite ($fp,"#Modified by: ".$user."\n");
fwrite ($fp,"#GMT Date: ".gmdate("Ymd His")."\n");
fwrite ($fp,"#IP: ".$_REQUEST["REMOTE_ADDR"]."\n");
fwrite ($fp,"#IP: ".$tikilib->get_ip_address()."\n");
fwrite ($fp,"#\n");
$mapfiledata=strstr($_REQUEST["pagedata"],"##TIKIMAPS HEADER: END##");
// if the header is not found
......
......@@ -84,7 +84,7 @@ if (isset($_REQUEST["remind"])) {
$smarty->assign('mail_same', $prefs['feature_clear_passwords']);
$smarty->assign('mail_pass', $pass);
$smarty->assign('mail_apass', md5($pass));
$smarty->assign('mail_ip', $_SERVER['REMOTE_ADDR']);
$smarty->assign('mail_ip', $tikilib->get_ip_address());
$mail_data = sprintf($smarty->fetchLang($languageEmail, 'mail/password_reminder_subject.tpl'),$_SERVER["SERVER_NAME"]);
$mail = new TikiMail($name);
$mail->setSubject(sprintf($mail_data, $_SERVER["SERVER_NAME"]));
......
......@@ -316,8 +316,8 @@ for ($i = 0; $i < $temp_max; $i++) {
if (isset($_REQUEST["$ins_id"]) and $_REQUEST["$ins_id"] and (!$fields["data"][$i]['options_array'][0] or $tiki_p_admin_trackers == 'y')) {
$ins_fields["data"][$i]["value"] = $_REQUEST["$ins_id"];
} else {
if ($fields["data"][$i]['options_array'][0] == 1 and $_SERVER['REMOTE_ADDR']) {
$ins_fields["data"][$i]["value"] = $_SERVER['REMOTE_ADDR'];
if ($fields["data"][$i]['options_array'][0] == 1 and $tikilib->get_ip_address()) {
$ins_fields["data"][$i]["value"] = $tikilib->get_ip_address();
} else {
$ins_fields["data"][$i]["value"] = '';
}
......
......@@ -131,7 +131,7 @@ while( true )
else
$content = $before . $content . $after;
$tikilib->update_page( $page, $content, $_POST['message'], $user, $_SERVER['REMOTE_ADDR'] );
$tikilib->update_page( $page, $content, $_POST['message'], $user, $tikilib->get_ip_address() );
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment