use X-Real-IP headers if possible while authenticating
This commit is contained in:
parent
8764662138
commit
a8302fb253
|
@ -81,7 +81,7 @@ class API extends Handler {
|
||||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||||
"api_level" => self::API_LEVEL));
|
"api_level" => self::API_LEVEL));
|
||||||
} else { // else we are not logged in
|
} else { // else we are not logged in
|
||||||
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
|
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
|
||||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -714,7 +714,7 @@ class Handler_Public extends Handler {
|
||||||
if (!isset($_SESSION["login_error_msg"]))
|
if (!isset($_SESSION["login_error_msg"]))
|
||||||
$_SESSION["login_error_msg"] = __("Incorrect username or password");
|
$_SESSION["login_error_msg"] = __("Incorrect username or password");
|
||||||
|
|
||||||
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
|
user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING);
|
||||||
}
|
}
|
||||||
|
|
||||||
$return = clean($_REQUEST['return']);
|
$return = clean($_REQUEST['return']);
|
||||||
|
|
|
@ -16,7 +16,10 @@ class Logger_SQL {
|
||||||
$context = mb_substr($context, 0, 8192);
|
$context = mb_substr($context, 0, 8192);
|
||||||
|
|
||||||
$server_params = [
|
$server_params = [
|
||||||
"IP" => "REMOTE_ADDR",
|
"Real IP" => "HTTP_X_REAL_IP",
|
||||||
|
"Forwarded For" => "HTTP_X_FORWARDED_FOR",
|
||||||
|
"Forwarded Protocol" => "HTTP_X_FORWARDED_PROTO",
|
||||||
|
"Remote IP" => "REMOTE_ADDR",
|
||||||
"Request URI" => "REQUEST_URI",
|
"Request URI" => "REQUEST_URI",
|
||||||
"User agent" => "HTTP_USER_AGENT",
|
"User agent" => "HTTP_USER_AGENT",
|
||||||
];
|
];
|
||||||
|
|
|
@ -38,7 +38,7 @@ class UserHelper {
|
||||||
$usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
|
$usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
|
||||||
$usth->execute([$user_id]);
|
$usth->execute([$user_id]);
|
||||||
|
|
||||||
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
|
$_SESSION["ip_address"] = UserHelper::get_user_ip();
|
||||||
$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
|
$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
|
||||||
$_SESSION["pwd_hash"] = $row["pwd_hash"];
|
$_SESSION["pwd_hash"] = $row["pwd_hash"];
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ class UserHelper {
|
||||||
if (!$_SESSION["csrf_token"])
|
if (!$_SESSION["csrf_token"])
|
||||||
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
|
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
|
||||||
|
|
||||||
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
|
$_SESSION["ip_address"] = UserHelper::get_user_ip();
|
||||||
|
|
||||||
Pref_Prefs::initialize_user_prefs($_SESSION["uid"]);
|
Pref_Prefs::initialize_user_prefs($_SESSION["uid"]);
|
||||||
|
|
||||||
|
@ -138,4 +138,11 @@ class UserHelper {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static function get_user_ip() {
|
||||||
|
foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR", "REMOTEADDR"] as $hdr) {
|
||||||
|
if (isset($_SERVER[$hdr]))
|
||||||
|
return $_SERVER[$hdr];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue