From 7fd684f038c84bca9db57b4b2dce8ca1b1951d2a Mon Sep 17 00:00:00 2001
From: Olle Haerstedt <olle.haerstedt@limesurvey.org>
Date: Tue, 15 Jun 2021 12:10:59 +0200
Subject: [PATCH] Fixed issue #17368: Failed Login Attempt locks out all users
 when behind nginx proxy

Discussion: https://github.com/LimeSurvey/LimeSurvey/commit/55612ff40cac2a2b5da5cb0be67d829b34b750fa
---
 application/models/FailedLoginAttempt.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/models/FailedLoginAttempt.php b/application/models/FailedLoginAttempt.php
index f1abb190f7b..599c99f8ed5 100644
--- a/application/models/FailedLoginAttempt.php
+++ b/application/models/FailedLoginAttempt.php
@@ -58,7 +58,7 @@ public function tableName()
      */
     public function deleteAttempts()
     {
-        $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
         $this->deleteAllByAttributes(array('ip' => $ip));
     }
 
@@ -72,7 +72,7 @@ public function deleteAttempts()
     public function isLockedOut($attemptType = '')
     {
         $isLockedOut = false;
-        $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+        $ip = substr(getIPAddress(), 0, 40);
 
         // Return false if IP is whitelisted
         if (!empty($attemptType) && $this->isWhitelisted($ip, $attemptType)) {
@@ -117,7 +117,7 @@ public function addAttempt()
     {
         if (!$this->isLockedOut()) {
             $timestamp = date("Y-m-d H:i:s");
-            $ip = substr(App()->getRequest()->getUserHostAddress(), 0, 40);
+            $ip = substr(getIPAddress(), 0, 40);
             $row = $this->findByAttributes(array('ip' => $ip));
     
             if ($row !== null) {