diff --git a/inc/filters.php b/inc/filters.php
index 22843f10..41ef3787 100644
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -38,7 +38,7 @@ class Filter {
foreach ($match as $flood_match_arg) {
switch ($flood_match_arg) {
case 'ip':
- if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
+ if ($flood_post['ip'] != $_SERVER['HTTP_X_REAL_IP'])
continue 3;
break;
case 'body':
@@ -117,7 +117,7 @@ class Filter {
}
return false;
case 'ip':
- return preg_match($match, $_SERVER['REMOTE_ADDR']);
+ return preg_match($match, $_SERVER['HTTP_X_REAL_IP']);
case 'op':
return $post['op'] == $match;
case 'has_file':
@@ -137,7 +137,7 @@ class Filter {
$this->add_note = isset($this->add_note) ? $this->add_note : false;
if ($this->add_note) {
$query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)');
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':mod', -1);
$query->bindValue(':time', time());
$query->bindValue(':body', "Autoban message: ".$this->post['body']);
@@ -154,7 +154,7 @@ class Filter {
$this->reject = isset($this->reject) ? $this->reject : true;
$this->all_boards = isset($this->all_boards) ? $this->all_boards : false;
- Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
+ Bans::new_ban($_SERVER['HTTP_X_REAL_IP'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
if ($this->reject) {
if (isset($this->message))
@@ -223,12 +223,12 @@ function do_filters(array $post) {
if (isset($has_flood)) {
if ($post['has_file']) {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash OR `filehash` = :filehash");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
$query->bindValue(':filehash', $post['filehash']);
} else {
$query = prepare("SELECT * FROM ``flood`` WHERE `ip` = :ip OR `posthash` = :posthash");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
}
$query->execute() or error(db_error($query));
diff --git a/inc/functions.php b/inc/functions.php
index 7cf9c5dc..9f09cf64 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -46,8 +46,8 @@ function loadConfig() {
$boardsuffix = isset($board['uri']) ? $board['uri'] : '';
- if (!isset($_SERVER['REMOTE_ADDR']))
- $_SERVER['REMOTE_ADDR'] = '0.0.0.0';
+ if (!isset($_SERVER['HTTP_X_REAL_IP']))
+ $_SERVER['HTTP_X_REAL_IP'] = '0.0.0.0';
if (file_exists('tmp/cache/cache_config.php')) {
require_once('tmp/cache/cache_config.php');
@@ -257,11 +257,11 @@ function loadConfig() {
// Keep the original address to properly comply with other board configurations
if (!isset($__ip))
- $__ip = $_SERVER['REMOTE_ADDR'];
+ $__ip = $_SERVER['HTTP_X_REAL_IP'];
// ::ffff:0.0.0.0
if (preg_match('/^\:\:(ffff\:)?(\d+\.\d+\.\d+\.\d+)$/', $__ip, $m))
- $_SERVER['REMOTE_ADDR'] = $m[2];
+ $_SERVER['HTTP_X_REAL_IP'] = $m[2];
if ($config['verbose_errors']) {
set_error_handler('verbose_error_handler');
@@ -354,9 +354,9 @@ function fatal_error_handler() {
}
function _syslog($priority, $message) {
- if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
+ if (isset($_SERVER['HTTP_X_REAL_IP'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
// CGI
- syslog($priority, $message . ' - client: ' . $_SERVER['REMOTE_ADDR'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"');
+ syslog($priority, $message . ' - client: ' . $_SERVER['HTTP_X_REAL_IP'] . ', request: "' . $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . '"');
} else {
syslog($priority, $message);
}
@@ -844,7 +844,7 @@ function displayBan($ban) {
Bans::seen($ban['id']);
}
- $ban['ip'] = $_SERVER['REMOTE_ADDR'];
+ $ban['ip'] = $_SERVER['HTTP_X_REAL_IP'];
if ($ban['post'] && isset($ban['post']['board'], $ban['post']['id'])) {
if (openBoard($ban['post']['board'])) {
@@ -896,7 +896,7 @@ function displayBan($ban) {
function checkBan($board = false) {
global $config;
- if (!isset($_SERVER['REMOTE_ADDR'])) {
+ if (!isset($_SERVER['HTTP_X_REAL_IP'])) {
// Server misconfiguration
return;
}
@@ -906,7 +906,7 @@ function checkBan($board = false) {
$ips = array();
- $ips[] = $_SERVER['REMOTE_ADDR'];
+ $ips[] = $_SERVER['HTTP_X_REAL_IP'];
if ($config['proxy_check'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = array_merge($ips, explode(", ", $_SERVER['HTTP_X_FORWARDED_FOR']));
@@ -1004,7 +1004,7 @@ function insertFloodPost(array $post) {
global $board;
$query = prepare("INSERT INTO ``flood`` VALUES (NULL, :ip, :board, :time, :posthash, :filehash, :isreply)");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':board', $board['uri']);
$query->bindValue(':time', time());
$query->bindValue(':posthash', make_comment_hex($post['body_nomarkup']));
@@ -1044,7 +1044,7 @@ function post(array $post) {
$query->bindValue(':body_nomarkup', $post['body_nomarkup']);
$query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT);
$query->bindValue(':password', $post['password']);
- $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['HTTP_X_REAL_IP']);
if ($post['op'] && $post['mod'] && isset($post['sticky']) && $post['sticky']) {
$query->bindValue(':sticky', true, PDO::PARAM_INT);
@@ -1595,7 +1595,7 @@ function muteTime() {
// Find number of mutes in the past X hours
$query = prepare("SELECT COUNT(*) FROM ``mutes`` WHERE `time` >= :time AND `ip` = :ip");
$query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT);
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->execute() or error(db_error($query));
if (!$result = $query->fetchColumn())
@@ -1607,7 +1607,7 @@ function mute() {
// Insert mute
$query = prepare("INSERT INTO ``mutes`` VALUES (:ip, :time)");
$query->bindValue(':time', time(), PDO::PARAM_INT);
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->execute() or error(db_error($query));
return muteTime();
@@ -1618,7 +1618,7 @@ function checkMute() {
if ($config['cache']['enabled']) {
// Cached mute?
- if (($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) {
+ if (($mute = cache::get("mute_${_SERVER['HTTP_X_REAL_IP']}")) && ($mutetime = cache::get("mutetime_${_SERVER['HTTP_X_REAL_IP']}"))) {
error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
}
}
@@ -1627,7 +1627,7 @@ function checkMute() {
if ($mutetime > 0) {
// Find last mute time
$query = prepare("SELECT `time` FROM ``mutes`` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->execute() or error(db_error($query));
if (!$mute = $query->fetch(PDO::FETCH_ASSOC)) {
@@ -1637,8 +1637,8 @@ function checkMute() {
if ($mute['time'] + $mutetime > time()) {
if ($config['cache']['enabled']) {
- cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time());
- cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time());
+ cache::set("mute_${_SERVER['HTTP_X_REAL_IP']}", $mute, $mute['time'] + $mutetime - time());
+ cache::set("mutetime_${_SERVER['HTTP_X_REAL_IP']}", $mutetime, $mute['time'] + $mutetime - time());
}
// Not expired yet
error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
@@ -1879,16 +1879,16 @@ function checkDNSBL() {
if (isIPv6())
return; // No IPv6 support yet.
- if (!isset($_SERVER['REMOTE_ADDR']))
+ if (!isset($_SERVER['HTTP_X_REAL_IP']))
return; // Fix your web server configuration
- if (preg_match("/^(::(ffff:)?)?(127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|0\.|255\.)/", $_SERVER['REMOTE_ADDR']))
+ if (preg_match("/^(::(ffff:)?)?(127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|0\.|255\.)/", $_SERVER['HTTP_X_REAL_IP']))
return; // It's pointless to check for local IP addresses in dnsbls, isn't it?
- if (in_array($_SERVER['REMOTE_ADDR'], $config['dnsbl_exceptions']))
+ if (in_array($_SERVER['HTTP_X_REAL_IP'], $config['dnsbl_exceptions']))
return;
- $ipaddr = ReverseIPOctets($_SERVER['REMOTE_ADDR']);
+ $ipaddr = ReverseIPOctets($_SERVER['HTTP_X_REAL_IP']);
foreach ($config['dnsbl'] as $blacklist) {
if (!is_array($blacklist))
@@ -1921,7 +1921,7 @@ function checkDNSBL() {
}
function isIPv6() {
- return strstr($_SERVER['REMOTE_ADDR'], ':') !== false;
+ return strstr($_SERVER['HTTP_X_REAL_IP'], ':') !== false;
}
function ReverseIPOctets($ip) {
diff --git a/post.php b/post.php
index 01a4d80c..30563884 100644
--- a/post.php
+++ b/post.php
@@ -9,8 +9,8 @@ $dropped_post = false;
// Is it a post coming from NNTP? Let's extract it and pretend it's a normal post.
if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
- if ($_SERVER['REMOTE_ADDR'] != $config['nntpchan']['trusted_peer']) {
- error("NNTPChan: Forbidden. $_SERVER[REMOTE_ADDR] is not a trusted peer");
+ if ($_SERVER['HTTP_X_REAL_IP'] != $config['nntpchan']['trusted_peer']) {
+ error("NNTPChan: Forbidden. $_SERVER[HTTP_X_REAL_IP] is not a trusted peer");
}
$_POST = array();
@@ -327,7 +327,7 @@ if (isset($_POST['delete'])) {
$post = $query->fetch(PDO::FETCH_ASSOC);
- $error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
+ $error = event('report', array('ip' => $_SERVER['HTTP_X_REAL_IP'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
if ($error) {
error($error);
@@ -340,7 +340,7 @@ if (isset($_POST['delete'])) {
);
$query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)");
$query->bindValue(':time', time(), PDO::PARAM_INT);
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP'], PDO::PARAM_STR);
$query->bindValue(':board', $board['uri'], PDO::PARAM_STR);
$query->bindValue(':post', $id, PDO::PARAM_INT);
$query->bindValue(':reason', $reason, PDO::PARAM_STR);
@@ -404,7 +404,7 @@ if (isset($_POST['delete'])) {
$resp = json_decode(file_get_contents(sprintf('https://www.recaptcha.net/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s',
$config['recaptcha_private'],
urlencode($_POST['g-recaptcha-response']),
- $_SERVER['REMOTE_ADDR'])), true);
+ $_SERVER['HTTP_X_REAL_IP'])), true);
if (!$resp['success']) {
error($config['error']['captcha']);
@@ -743,7 +743,7 @@ if (isset($_POST['delete'])) {
if (!$dropped_post)
if (($config['country_flags'] && !$config['allow_no_country']) || ($config['country_flags'] && $config['allow_no_country'] && !isset($_POST['no_country']))) {
- $gi=geoip_open('inc/lib/geoip/GeoIPv6.dat', GEOIP_STANDARD);
+ $gi=geoip_open('inc/lib/geoip/GeoIPv6.dat', GEOIP_STANDARD);
function ipv4to6($ip) {
if (strpos($ip, ':') !== false) {
@@ -755,12 +755,11 @@ if (isset($_POST['delete'])) {
$part7 = base_convert(($iparr[0] * 256) + $iparr[1], 10, 16);
$part8 = base_convert(($iparr[2] * 256) + $iparr[3], 10, 16);
return '::ffff:'.$part7.':'.$part8;
- }
-
- if ($country_code = geoip_country_code_by_addr_v6($gi, ipv4to6($_SERVER['REMOTE_ADDR']))) {
+ }
+ if ($country_code = geoip_country_code_by_addr_v6($gi, ipv4to6($_SERVER['HTTP_X_REAL_IP']))) {
if (!in_array(strtolower($country_code), array('eu', 'ap', 'o1', 'a1', 'a2')))
$post['body'] .= "\n".strtolower($country_code)."".
- "\n".geoip_country_name_by_addr_v6($gi, ipv4to6($_SERVER['REMOTE_ADDR']))."";
+ "\n".geoip_country_name_by_addr_v6($gi, ipv4to6($_SERVER['HTTP_X_REAL_IP']))."";
}
}
@@ -783,8 +782,8 @@ if (isset($_POST['delete'])) {
}
if (!$dropped_post)
- if ($config['proxy_save'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $proxy = preg_replace("/[^0-9a-fA-F.,: ]/", '', $_SERVER['HTTP_X_FORWARDED_FOR']);
+ if ($config['proxy_save'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $proxy = preg_replace("/[^0-9a-fA-F.,: ]/", '', $_SERVER['HTTP_X_FORWARDED_FOR']);
$post['body'] .= "\n".$proxy."";
}
@@ -1215,8 +1214,8 @@ if (isset($_POST['delete'])) {
if (!$post['mod']) header('X-Associated-Content: "' . $redirect . '"');
// Any telegrams to show?
- $query = prepare('SELECT * FROM ``telegrams`` WHERE ``ip`` = :ip AND ``seen`` = 0');
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query = prepare('SELECT * FROM ``telegrams`` WHERE ``ip`` = :ip AND ``seen`` = 0');
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->execute() or error(db_error($query));
$telegrams = $query->fetchAll(PDO::FETCH_ASSOC);
@@ -1275,7 +1274,7 @@ if (isset($_POST['delete'])) {
$ban_id = (int)$_POST['ban_id'];
- $bans = Bans::find($_SERVER['REMOTE_ADDR']);
+ $bans = Bans::find($_SERVER['HTTP_X_REAL_IP']);
foreach ($bans as $_ban) {
if ($_ban['id'] == $ban_id) {
$ban = $_ban;
diff --git a/search.php b/search.php
index fe5f2850..32945b54 100644
--- a/search.php
+++ b/search.php
@@ -22,7 +22,7 @@
$_body = '';
$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `ip` = :ip AND `time` > :time");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':time', time() - ($queries_per_minutes[1] * 60));
$query->execute() or error(db_error($query));
if($query->fetchColumn() > $queries_per_minutes[0])
@@ -36,7 +36,7 @@
$query = prepare("INSERT INTO ``search_queries`` VALUES (:ip, :time, :query)");
- $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+ $query->bindValue(':ip', $_SERVER['HTTP_X_REAL_IP']);
$query->bindValue(':time', time());
$query->bindValue(':query', $phrase);
$query->execute() or error(db_error($query));