Changeset 805 for trunk/Modules

Timestamp:

May 24, 2014, 11:35:47 PM (11 years ago)

Author:

chronos

Message:

• Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
• Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
• Fixed: Default configuration was not complete.

Location:

trunk/Modules

Files:

• Export/ProcessAoWoWExport.php (modified) (2 diffs)
• Export/ProcessTask.php (modified) (1 diff)
• Export/cmdmpqexport.php (modified) (1 diff)
• Forum/Forum.php (modified) (1 diff)
• Import/cmd.php (modified) (2 diffs)
• Log/Log.php (modified) (2 diffs)
• Referrer/Referrer.php (modified) (1 diff)
• ShoutBox/ShoutBox.php (modified) (1 diff)
• User/User.php (modified) (4 diffs)

trunk/Modules/Export/ProcessAoWoWExport.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once('../../includes/global.php');
@@ -14 +11 @@
   $System->DoNotShowPage = true;
         $System->Run();
-
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 $Output = '';

trunk/Modules/Export/ProcessTask.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once(dirname(__FILE__).'/../../includes/global.php');

trunk/Modules/Export/cmdmpqexport.php

@@ -2 +2 @@
 
 ini_set('memory_limit', '100M');
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 include_once(dirname(__FILE__).'/../../includes/global.php');

trunk/Modules/Forum/Forum.php

@@ -261 +261 @@
                 $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP` , `Thread` ) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'","'.$_GET['Thread'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'","'.$_GET['Thread'].'")');
               } else $Output .= ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
              } else
             $this->System->Database->query('INSERT INTO `'.$Table.'` ( `User`, `UserName` , `Text` , `Date` , `IP`) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
                                                 $Output .= ShowMessage(T('Added.'));
                                         }

trunk/Modules/Import/cmd.php

@@ -1 +1 @@
 <?php
-
-$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-$_SERVER['REQUEST_URI'] = __FILE__;
-
 
 include_once('../../includes/global.php');
@@ -13 +9 @@
         $System->Run();
 $Import = new Import($System);
-$_SERVER['REQUEST_URI'] = __FILE__;
 
 $Output = '';

trunk/Modules/Log/Log.php

@@ -33 +33 @@
   function WriteLog($Text, $Type)
   {
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-        
-        if(isset($this->System->User) and !is_null($this->System->User->Id)) $UserId = $this->System->User->Id;
+        if(isset($this->System->User) and !is_null($this->System->User->Id)) 
+          $UserId = $this->System->User->Id;
           else $UserId = 'NULL';
         $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
-                'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
+          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
+          GetRemoteAddress().'", "'.GetRequestURI().'")';
         $this->System->Database->query($Query);
   }
@@ -60 +59 @@
 {
         global $System, $User;
-
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-
+        
         if(isset($User) and !is_null($User->Id)) $UserId = $User->Id;
           else $UserId = 'NULL';
         $Query = 'INSERT INTO `Log` ( `User` , `Type` , `Text` , `Date` , `IP`, `URL` ) '.
-          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.$IP.'", "'.$_SERVER['REQUEST_URI'].'")';
+          'VALUES ('.$UserId.', '.$Type.', "'.addslashes($Text).'", NOW(), "'.
+      GetRemoteAddress().'", "'.GetRequestURI().'")';
         $System->Database->query($Query);
 }

trunk/Modules/Referrer/Referrer.php

@@ -40 +40 @@
       if(!in_array($HostName, $this->Excludes))
       {
-        if(!isset($_SERVER['REMOTE_ADDR'])) $IP = 'Konzole';
-          else $IP = addslashes($_SERVER['REMOTE_ADDR']);
-
+        $IP = GetRemoteAddress();
+        
         // Check if client IP is not blocked as spam source
         $DbResult = $this->System->Database->query('SELECT COUNT(*) FROM `Referrer` WHERE `LastIP` = "'.$IP.'" AND (`Visible` = 0)');

trunk/Modules/ShoutBox/ShoutBox.php

@@ -125 +125 @@
                                                 $this->System->Database->query('INSERT INTO `ShoutBox` ( `User`, `UserName` , `Text` , `Date` , `IP` ) '.
                                                                 ' VALUES ('.$this->System->User->Id.', "'.$this->System->User->Name.
-                                                                '", "'.$Text.'", NOW(), "'.$_SERVER['REMOTE_ADDR'].'")');
+                                                                '", "'.$Text.'", NOW(), "'.GetRemoteAddress().'")');
                                                 $Output .= ShowMessage('Zpráva vložena.');
                                         }

trunk/Modules/User/User.php

@@ -137 +137 @@
       $this->Database->query('UPDATE `UserTrace` SET '.
         '`LastLogin` = NOW(), '.
-        '`LastIP` = "'.$_SERVER['REMOTE_ADDR'].'", '.
+        '`LastIP` = "'.GetRemoteAddress().'", '.
         '`UserAgent` = "'.$this->System->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'" '.
         ' WHERE `User` = '.$this->Id);
@@ -194 +194 @@
   function Licence($Licence)
   {
-    if(!isset($_SERVER['REMOTE_ADDR'])) return(true); // Execution from command line
-    else return($this->Role >= $Licence);
+    if(GetRemoteAddress() == '') return(true); // Execution from command line
+      else return($this->Role >= $Licence);
   }
 
@@ -229 +229 @@
       // Refresh time of last access
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
-    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
+    } else {
+        if(GetRemoteAddress() != '') $HostName = gethostbyaddr(GetRemoteAddress());
+          else $HostName = '';
+        $this->Database->insert('UserOnline', array('SessionId' => $SID,
       'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
-      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
-      'ScriptName' => $_SERVER['REQUEST_URI']));
-
+      'IpAddress' => GetRemoteAddress(), 'HostName' => $HostName,
+      'ScriptName' => GetRequestURI()));
+    }
+        
     // Logged permanently?
           if(array_key_exists('LoginHash', $_COOKIE))
@@ -281 +285 @@
     $UserId = $this->Database->insert_id;
     $this->Database->query('INSERT INTO `UserTrace` (`User`, `LastIP`, `UserAgent`) '.
-        'VALUES ('.$UserId.', "'.$_SERVER['REMOTE_ADDR'].'", '.
+        'VALUES ('.$UserId.', "'.GetRemoteAddress().'", '.
         '"'.$this->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'")');
   }