From 32ef0480edd0455a99a301c4cbefe7d829e05948 Mon Sep 17 00:00:00 2001
From: Olle Haerstedt <olle.haerstedt@limesurvey.org>
Date: Tue, 15 Jun 2021 12:10:59 +0200
Subject: [PATCH] Fixed issue #17368: Failed Login Attempt locks out all users
 when behind nginx proxy

Discussion: https://github.com/LimeSurvey/LimeSurvey/commit/55612ff40cac2a2b5da5cb0be67d829b34b750fa
---
 application/models/FailedLoginAttempt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/models/FailedLoginAttempt.php b/application/models/FailedLoginAttempt.php
index 7667e06f267..b0902b12d5e 100644
--- a/application/models/FailedLoginAttempt.php
+++ b/application/models/FailedLoginAttempt.php
@@ -57,7 +57,7 @@ public function tableName()
      */
     public function deleteAttempts()
     {
-        $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
         $this->deleteAllByAttributes(array('ip' => $ip));
     }
 
@@ -71,7 +71,7 @@ public function deleteAttempts()
     public function isLockedOut($attemptType = '')
     {
         $isLockedOut = false;
-        $ip = substr($_SERVER['REMOTE_ADDR'], 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
 
         // Return false if IP is whitelisted
         if (!empty($attemptType) && $this->isWhitelisted($ip, $attemptType)) {
@@ -116,7 +116,7 @@ public function addAttempt()
     {
         if (!$this->isLockedOut()) {
             $timestamp = date("Y-m-d H:i:s");
-            $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+            $ip = substr(getIPAddress(), 0, 40);
             $row = $this->findByAttributes(array('ip' => $ip));
     
             if ($row !== null) {