Fixed issue #17368: Failed Login Attempt locks out all users when beh…

…ind nginx proxy Discussion: 55612ff
LimeSurvey · Jun 15, 2021 · 32ef048 · 32ef048
1 parent 21e5c96
commit 32ef048
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/application/models/FailedLoginAttempt.php b/application/models/FailedLoginAttempt.php
@@ -57,7 +57,7 @@ public function tableName()
      */
     public function deleteAttempts()
     {
-        $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
         $this->deleteAllByAttributes(array('ip' => $ip));
     }
 
@@ -71,7 +71,7 @@ public function deleteAttempts()
     public function isLockedOut($attemptType = '')
     {
         $isLockedOut = false;
-        $ip = substr($_SERVER['REMOTE_ADDR'], 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
 
         // Return false if IP is whitelisted
         if (!empty($attemptType) && $this->isWhitelisted($ip, $attemptType)) {
@@ -116,7 +116,7 @@ public function addAttempt()
     {
         if (!$this->isLockedOut()) {
             $timestamp = date("Y-m-d H:i:s");
-            $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+            $ip = substr(getIPAddress(), 0, 40);
             $row = $this->findByAttributes(array('ip' => $ip));
 
             if ($row !== null) {