mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated the use of REMOTE_ADDR to a function then replaced its use

Browse Source
This commit is contained in:
laf
2015-03-18 19:14:51 +00:00
parent c667363d54
commit 791fa19a88
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
html/bandwidth-graph.php
View File

@ -37,7 +37,7 @@ include("../includes/functions.php");
include("includes/functions.inc.php"); include("includes/functions.inc.php");
include("includes/authenticate.inc.php"); include("includes/authenticate.inc.php");
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } }
require_once("includes/jpgraph/src/jpgraph.php"); require_once("includes/jpgraph/src/jpgraph.php");
require_once("includes/jpgraph/src/jpgraph_line.php"); require_once("includes/jpgraph/src/jpgraph_line.php");
require_once("includes/jpgraph/src/jpgraph_bar.php"); require_once("includes/jpgraph/src/jpgraph_bar.php");
@ -46,7 +46,7 @@ require_once("includes/jpgraph/src/jpgraph_date.php");
if (is_numeric($_GET['bill_id'])) if (is_numeric($_GET['bill_id']))
{ {
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) if (get_client_ip() != $_SERVER['SERVER_ADDR'])
{ {
if (bill_permitted($_GET['bill_id'])) if (bill_permitted($_GET['bill_id']))
{ {

4
html/billing-graph.php
View File

@ -37,7 +37,7 @@ include("../includes/functions.php");
include("includes/functions.inc.php"); include("includes/functions.inc.php");
include("includes/authenticate.inc.php"); include("includes/authenticate.inc.php");
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } } if (get_client_ip() != $_SERVER['SERVER_ADDR']) { if (!$_SESSION['authenticated']) { echo("unauthenticated"); exit; } }
require("includes/jpgraph/src/jpgraph.php"); require("includes/jpgraph/src/jpgraph.php");
include("includes/jpgraph/src/jpgraph_line.php"); include("includes/jpgraph/src/jpgraph_line.php");
include("includes/jpgraph/src/jpgraph_utils.inc.php"); include("includes/jpgraph/src/jpgraph_utils.inc.php");
@ -45,7 +45,7 @@ include("includes/jpgraph/src/jpgraph_date.php");
if (is_numeric($_GET['bill_id'])) if (is_numeric($_GET['bill_id']))
{ {
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) if (get_client_ip() != $_SERVER['SERVER_ADDR'])
{ {
if (bill_permitted($_GET['bill_id'])) if (bill_permitted($_GET['bill_id']))
{ {

6
html/includes/authenticate.inc.php
View File

@ -28,7 +28,7 @@ dbDelete('session', "`session_expiry` < ?", array(time()));
if ($vars['page'] == "logout" && $_SESSION['authenticated']) if ($vars['page'] == "logout" && $_SESSION['authenticated'])
{ {
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog'); dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged Out'), 'authlog');
dbDelete('session', "`session_username` = ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id'])); dbDelete('session', "`session_username` = ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id']));
unset($_SESSION); unset($_SESSION);
unset($_COOKIE); unset($_COOKIE);
@ -81,7 +81,7 @@ if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token
} }
if( !$config['twofactor'] || $_SESSION['twofactor'] ) { if( !$config['twofactor'] || $_SESSION['twofactor'] ) {
$_SESSION['authenticated'] = true; $_SESSION['authenticated'] = true;
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged In'), 'authlog'); dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
} }
} }
if (isset($_POST['remember'])) if (isset($_POST['remember']))
@ -113,7 +113,7 @@ if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token
{ {
$auth_message = "Authentication Failed"; $auth_message = "Authentication Failed";
unset ($_SESSION['authenticated']); unset ($_SESSION['authenticated']);
dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog'); dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Authentication Failure'), 'authlog');
} }
} }
?> ?>

9
html/includes/functions.inc.php
View File

@ -728,4 +728,13 @@ function demo_account() {
print_error("You are logged in as a demo account, this page isn't accessible to you"); print_error("You are logged in as a demo account, this page isn't accessible to you");
} }
function get_client_ip() {
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
return $client_ip;
}
?> ?>