diff --git a/html/bandwidth-graph.php b/html/bandwidth-graph.php index fa4c29685..031a03fd5 100644 --- a/html/bandwidth-graph.php +++ b/html/bandwidth-graph.php @@ -37,7 +37,7 @@ include("../includes/functions.php"); include("includes/functions.inc.php"); include("includes/authenticate.inc.php"); -if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } +if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } require_once("includes/jpgraph/src/jpgraph.php"); require_once("includes/jpgraph/src/jpgraph_line.php"); require_once("includes/jpgraph/src/jpgraph_bar.php"); @@ -46,7 +46,7 @@ require_once("includes/jpgraph/src/jpgraph_date.php"); if (is_numeric($_GET['bill_id'])) { - if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) + if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (bill_permitted($_GET['bill_id'])) { diff --git a/html/billing-graph.php b/html/billing-graph.php index 82549d8e2..7bc995daf 100755 --- a/html/billing-graph.php +++ b/html/billing-graph.php @@ -37,7 +37,7 @@ include("../includes/functions.php"); include("includes/functions.inc.php"); include("includes/authenticate.inc.php"); -if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } +if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } require("includes/jpgraph/src/jpgraph.php"); include("includes/jpgraph/src/jpgraph_line.php"); include("includes/jpgraph/src/jpgraph_utils.inc.php"); @@ -45,7 +45,7 @@ include("includes/jpgraph/src/jpgraph_date.php"); if (is_numeric($_GET['bill_id'])) { - if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) + if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (bill_permitted($_GET['bill_id'])) { diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index 412ae9017..13f9646da 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -28,7 +28,7 @@ dbDelete('session', "`session_expiry` < ?", array(time())); if ($vars['page'] == "logout" && $_SESSION['authenticated']) { - dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog'); + dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged Out'), 'authlog'); dbDelete('session', "`session_username` = ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id'])); unset($_SESSION); unset($_COOKIE); @@ -81,7 +81,7 @@ if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token } if( !$config['twofactor'] || $_SESSION['twofactor'] ) { $_SESSION['authenticated'] = true; - dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged In'), 'authlog'); + dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog'); } } if (isset($_POST['remember'])) @@ -113,7 +113,7 @@ if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token { $auth_message = "Authentication Failed"; unset ($_SESSION['authenticated']); - dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog'); + dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Authentication Failure'), 'authlog'); } } ?> diff --git a/html/includes/functions.inc.php b/html/includes/functions.inc.php index a8708e7fa..c1f282fc6 100644 --- a/html/includes/functions.inc.php +++ b/html/includes/functions.inc.php @@ -728,4 +728,13 @@ function demo_account() { print_error("You are logged in as a demo account, this page isn't accessible to you"); } +function get_client_ip() { + if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $client_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } else { + $client_ip = $_SERVER['REMOTE_ADDR']; + } + return $client_ip; +} + ?>