Revision [20880]

This is an old revision of XForwardedFor made by FannoJ on 2009-10-03 06:49:29.

 

I have code ready that works.

however a few of the variables in the file need to come from the wikka config not sure how to do that...

anyway i was toled to post it on a wikka page on wikkawiki.org but i can't register. i get message saying it is a private wiki.

In GetUserName instead of $ip = $_SERVER['REMOTE_ADDR']; i would use $ip = $this->GetUserIP();

note: the code / function below, is rough and should propearly be finetuned and note much of this code come direct from mediawiki. but its just to get the idea


added: to wakka.class.php
   function GetUserIP()
	{
		static $ip;
		if(isset($ip)) return $ip;

		$aprovedip = array('212.97.132.138'); // need to be pulled from the config
		$useXFF = true; // need to be pulled from the config

		if (!$useXFF) {
			$ip = $_SERVER['REMOTE_ADDR'];
			return $ip;
		}

		/* collect the originating ips */
		# Client connecting to this webserver
		if ( isset( $_SERVER['REMOTE_ADDR'] ) ) {
			$ipchain = array( $_SERVER['REMOTE_ADDR'] );
		} else {
			# Running on CLI?
			$ipchain = array( '127.0.0.1' );
		}
		$ip = $ipchain[0];

		# Append XFF on to $ipchain
		if( function_exists( 'apache_request_headers' ) ) {
			// More reliable than $_SERVER due to case and -/_ folding
			$set = array ();
			foreach ( apache_request_headers() as $tempName => $tempValue ) {
				$set[ strtoupper( $tempName ) ] = $tempValue;
			}
			$index = strtoupper ( 'X-Forwarded-For' );
			$index2 = strtoupper ( 'Client-ip' );
		} else {
			// Subject to spoofing with headers like X_Forwarded_For
			$set = $_SERVER;
			$index = 'HTTP_X_FORWARDED_FOR';
			$index2 = 'CLIENT-IP';
		}

		#Try a couple of headers
		if( isset( $set[$index] ) ) {
			$forwardedFor = $set[$index];
		} else if( isset( $set[$index2] ) ) {
			$forwardedFor = $set[$index2];
		} else {
			$forwardedFor = null;
		}

		if ( isset( $forwardedFor ) ) {
			$xff = array_map( 'trim', explode( ',', $forwardedFor ) );
			$xff = array_reverse( $xff );
			$ipchain = array_merge( $ipchain, $xff );
		}

		# Step through XFF list and find the last address in the list which is a trusted server
		# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
		foreach ( $ipchain as $i => $curIP ) {
			if ( in_array( $curIP, $aprovedip ) ) {
				if ( isset( $ipchain[$i + 1] ) ) {
					if( $useXFF ) {
						$ip = $ipchain[$i + 1];
					}
				}
			} else {
				break;
			}
		}
		return $ip;
	}


There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki