Skip to content

Commit 1ac116f

Browse files
sergejeysergejey
authored
Merge pull request #1114 from layet/alpha
Authorization does not work with a non-local HTTP proxy
2 parents 5ee1da2 + eacaacd commit 1ac116f

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

lib/general.class.php

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,24 +28,23 @@
2828
$local_ip = '127.0.0.1';
2929
}
3030

31-
if ((($_SERVER["REMOTE_ADDR"] == $local_ip) || (trim($_SERVER["REMOTE_ADDR"]) == '::1')) && (getenv('HTTP_X_FORWARDED_FOR') != '')) {
31+
if (getenv('HTTP_X_FORWARDED_FOR') != '') {
3232
$remoteAddr = getenv('HTTP_X_FORWARDED_FOR');
3333
}
3434

35-
3635
if (!preg_match('/' . $p . '/is', $remoteAddr) && $remoteAddr != $local_ip && trim($remoteAddr) != '::1') {
3736
if (defined('EXT_ACCESS_USERNAME') && defined('EXT_ACCESS_PASSWORD') && $_SERVER['PHP_AUTH_USER'] == EXT_ACCESS_USERNAME && $_SERVER['PHP_AUTH_PW'] == EXT_ACCESS_PASSWORD) {
38-
$data = $_SERVER['REMOTE_ADDR'] . " " . date("[d/m/Y:H:i:s]") . " Username and/or password valid. Login: " . $_SERVER['PHP_AUTH_USER'] . " Password: " . $_SERVER['PHP_AUTH_PW'] . "\n";
37+
$data = $remoteAddr . " " . date("[d/m/Y:H:i:s]") . " Username and/or password valid. Login: " . $_SERVER['PHP_AUTH_USER'] . " Password: " . $_SERVER['PHP_AUTH_PW'] . "\n";
3938
DebMes($data, 'auth');
4039
} elseif (!defined('EXT_ACCESS_USERNAME') && !defined('EXT_ACCESS_PASSWORD')) {
41-
$data = $_SERVER['REMOTE_ADDR'] . " " . date("[d/m/Y:H:i:s]") . " Username and/or password dont defined and dont needed" . "\n";
40+
$data = $remoteAddr . " " . date("[d/m/Y:H:i:s]") . " Username and/or password dont defined and dont needed" . "\n";
4241
DebMes($data, 'auth');
4342
} else {
4443
// header("Location:$PHP_SELF\n\n");
4544
header("WWW-Authenticate: Basic realm=\"" . PROJECT_TITLE . "\"");
4645
header("HTTP/1.0 401 Unauthorized");
4746
echo "Authorization required\n";
48-
$data = $_SERVER['REMOTE_ADDR'] . " " . date("[d/m/Y:H:i:s]") . " Username and/or password invalid. Login: " . $_SERVER['PHP_AUTH_USER'] . " Password: " . $_SERVER['PHP_AUTH_PW'] . "\n";
47+
$data = $remoteAddr . " " . date("[d/m/Y:H:i:s]") . " Username and/or password invalid. Login: " . $_SERVER['PHP_AUTH_USER'] . " Password: " . $_SERVER['PHP_AUTH_PW'] . "\n";
4948
DebMes($data, 'auth');
5049
exit;
5150
}

0 commit comments

Comments
 (0)