added get_client_ip for ips behind proxys for real ip

phpontrax · Oct 10, 2013 · 23e55e6 · 23e55e6
1 parent 988ac37
commit 23e55e6
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 13 deletions.
diff --git a/trax/vendor/trax/session.php b/trax/vendor/trax/session.php
@@ -184,13 +184,36 @@ function set($key, $value) {
      *          </ul>
      */
     function is_valid_host() {
-        if($_SERVER['REMOTE_ADDR'] == self::$ip &&
+        if(self::get_client_ip() == self::$ip &&
            $_SERVER['HTTP_USER_AGENT'] == self::$user_agent) {
             return true;
         }
         return false;
     }
 
+    /**
+     *  Get Client's Real IP
+     *
+     *  @return $ipaddress
+     */
+    function get_client_ip() {
+        $ipaddress = '';
+        if($_SERVER['HTTP_CLIENT_IP']) {
+            $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
+        } elseif($_SERVER['HTTP_X_FORWARDED_FOR']) {
+            $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        } elseif($_SERVER['HTTP_X_FORWARDED']) {
+            $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
+        } elseif($_SERVER['HTTP_FORWARDED_FOR']) {
+            $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
+        } elseif($_SERVER['HTTP_FORWARDED']) {
+            $ipaddress = $_SERVER['HTTP_FORWARDED'];
+        } elseif($_SERVER['REMOTE_ADDR']) {
+            $ipaddress = $_SERVER['REMOTE_ADDR'];
+        }
+        return $ipaddress;
+    }
+
     /**
      *  Get key that uniquely identifies this session
      *
@@ -200,7 +223,7 @@ function is_valid_host() {
      *  @uses session_id()
      */
     function get_hash() {
-        $key = session_id().$_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR'];
+        $key = session_id().$_SERVER['HTTP_USER_AGENT'].self::get_client_ip();
         // error_log('get_hash() returns '.md5($key));
         return md5($key);
     }
@@ -232,7 +255,7 @@ function start_session() {
 
             header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
 
-            self::$ip = $_SERVER['REMOTE_ADDR'];
+            self::$ip = self::get_client_ip();
             self::$user_agent = $_SERVER['HTTP_USER_AGENT'];
 
             if(self::is_valid_host() && array_key_exists('sess_id',$_REQUEST)) {
@@ -247,7 +270,7 @@ function start_session() {
         $hash = self::get_hash();
         if(!isset($_SESSION[$hash])) {
             $_SESSION[$hash] = array();
-        }        
+        }
 	}
 
 	/**

diff --git a/trax/vendor/trax/session/active_record_store.php b/trax/vendor/trax/session/active_record_store.php
@@ -33,7 +33,7 @@
  */
 
 /**
- * 
+ *
  * Session Table Schema:
  *
  * CREATE TABLE sessions (
@@ -45,14 +45,14 @@
  *   updated_at datetime default NULL,
  *   PRIMARY KEY (id)
  * )
- * 
+ *
  */
 class ActiveRecordStore extends ActiveRecord {
-	
+
 	public $table_name = 'sessions';
-	
+
     function open($save_path, $session_name) {
-        return true;   
+        return true;
     }
 
 	function close() {
@@ -64,18 +64,18 @@ function read($sess_id) {
 	    # Select the data belonging to session $sess_id from the session table
 		if(($session = $this->find($sess_id)) instanceof ActiveRecordStore) {
 			$data = $session->data;
-		}		
+		}
 	    return $data;
 	}
 
 	function write($sess_id, $data) {
-		
+
 		# Select the data belonging to session $sess_id from the session table
 		$session = $this->find($sess_id);
 		$session = ($session instanceof ActiveRecordStore) ? $session : $this;
 		$session->id = $sess_id;
 		$session->data = $data;
-		$session->client_ip = $this->escape($_SERVER['REMOTE_ADDR']);
+		$session->client_ip = $this->escape(Session::get_client_ip());
 		$session->http_user_agent = $this->escape($_SERVER['HTTP_USER_AGENT']);
 		# Write the serialized session data ($data) to the session table
 
@@ -94,5 +94,5 @@ function gc($max_lifetime) {
 		$this->delete_all("UNIX_TIMESTAMP(created_at) < {$old}");
 	    return true;
 	}
-		
+
 }