Ignore:
Timestamp:
May 24, 2014, 11:35:47 PM (10 years ago)
Author:
chronos
Message:
  • Fixed: Do not log client proxy IP address as remote address because it can be faked and also there can be multiple client proxy addresses.
  • Modified: Do not use directly $_SERVER variables REMOTE_ADDR and REQUEST_URI as they are not initialized if script is executed from command line.
  • Fixed: Default configuration was not complete.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Modules/User/User.php

    r801 r805  
    137137      $this->Database->query('UPDATE `UserTrace` SET '.
    138138        '`LastLogin` = NOW(), '.
    139         '`LastIP` = "'.$_SERVER['REMOTE_ADDR'].'", '.
     139        '`LastIP` = "'.GetRemoteAddress().'", '.
    140140        '`UserAgent` = "'.$this->System->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'" '.
    141141        ' WHERE `User` = '.$this->Id);
     
    194194  function Licence($Licence)
    195195  {
    196     if(!isset($_SERVER['REMOTE_ADDR'])) return(true); // Execution from command line
    197     else return($this->Role >= $Licence);
     196    if(GetRemoteAddress() == '') return(true); // Execution from command line
     197      else return($this->Role >= $Licence);
    198198  }
    199199
     
    229229      // Refresh time of last access
    230230      $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
    231     } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
     231    } else {
     232        if(GetRemoteAddress() != '') $HostName = gethostbyaddr(GetRemoteAddress());
     233          else $HostName = '';
     234        $this->Database->insert('UserOnline', array('SessionId' => $SID,
    232235      'User' => null, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
    233       'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
    234       'ScriptName' => $_SERVER['REQUEST_URI']));
    235 
     236      'IpAddress' => GetRemoteAddress(), 'HostName' => $HostName,
     237      'ScriptName' => GetRequestURI()));
     238    }
     239       
    236240    // Logged permanently?
    237241          if(array_key_exists('LoginHash', $_COOKIE))
     
    281285    $UserId = $this->Database->insert_id;
    282286    $this->Database->query('INSERT INTO `UserTrace` (`User`, `LastIP`, `UserAgent`) '.
    283         'VALUES ('.$UserId.', "'.$_SERVER['REMOTE_ADDR'].'", '.
     287        'VALUES ('.$UserId.', "'.GetRemoteAddress().'", '.
    284288        '"'.$this->Database->real_escape_string($_SERVER['HTTP_USER_AGENT']).'")');
    285289  }
Note: See TracChangeset for help on using the changeset viewer.