Extracting real visitor IP

[Logic]

Hello,

So as most of you know, when using a reverse HTTP proxy, you need your provider to set its headers to send the visitors real IP address instead of your proxy IP address to prevent everyone's IP being your proxy's IP address. That being said, the typical code placed in global.php to extract the visitors real IP address would be:

if(isset($_SERVER['HTTP_X_REAL_IP'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];}

However, doing this doesn't allow anyone to login. So, I took it a bit further and created a file called ip.php with the following code:

<?php
echo $_SERVER['REMOTE_ADDR'];

Upon visiting that page, it outputs my proxy IP address which is where the problem is. My proxy provider mentioned to use HTTP_X_FORWARDED_TO, so I gave it a shot with the following code:

if(isset($_SERVER['HTTP_X_FORWARDED_TO'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_TO'];}

But by doing so, it lists the IP's as such:

69.136.xxx.xxx,104.197.xxx.xx,104.192.xxx.xxx

With the first IP address listed, my IP address (real visitor IP address).

So he mentioned with that then to grab the first word in the string (assuming the real IP address), explode string with " " delimiter, and grab the first element. I'm not really familiar with PHP but I happened to find something that would hopefully work in this case:

if (!isset($_SERVER[”REMOTE_ADDR”]) && isset($_SERVER[”HTTP_X_FORWARDED_FOR”]))
{
$IP = array_pop(explode(”,”,$_SERVER[”HTTP_X_FORWARDED_FOR”]));
}

But then again, it only extracts it down to just my proxy IP address. Ultimately, I've not found something that has successfully worked and would like some help. Sorry for the explaining but I want everyone to know the step-by-steps I took in attempts to resolve this. Yes, I'm currently using RevCMS as well.

Thank you!

 

[Joe]

You must be registered for see links

The HTTP proxy is only used to redirect your domain, instead of pointing it to Cloudflare you would point it to the HTTP IP. I don't see how this could effect your RevCMS at all.
If you're using a TCP proxy however then I've used tons, the code above fixed it for me. I've never had multiple IP's in my users table, which is why I assumed you edited the core files.

 

[Brought]

You must be registered for see links

The problem is that the 15 year old, Nick, who owns AthenaLayer is incompetent. I suggest going with another host regardless, especially if you don't want to be taken down lol. CF "I'm under attack mode" works better than Athena's paid services. I'll additionally point out that I've previously used their service, before I realized it was shit. If you want to solve this easily, just go back to CloudFlare and avoid troubles with being easily DDoS'd as well.

 

[Logic]

The problem is that the 15 year old, Nick, who owns AthenaLayer is incompetent. I suggest going with another host regardless, especially if you don't want to be taken down lol. CF "I'm under attack mode" works better than Athena's paid services. I'll additionally point out that I've previously used their service, before I realized it was shit. If you want to solve this easily, just go back to CloudFlare and avoid troubles with being easily DDoS'd as well.

Ended up switching back to CF. I have another HTTP proxy in which runs off OVH Game Servers but I've not implemented it as it was doing the same thing.

 

[MayoMayn]

Mate, I quote, DO NOT, try to get the real IP from a visitor, INSTEAD you should run a script that detects whether or not, an user is using a proxy/vpn.
In your Index.php file, wipe the file clean, and add this:

<?php
if(isset($_GET['url'])) {
   $_GET['url'] = strtolower($_GET['url']);
}

define('IN_INDEX', 1);

require_once 'global.php';

if($core->validIP() == false) {
   $core->handleCall($db->secure('error'));
   $template->html->get($db->secure('error'));
} else {
   $core->handleCall($db->secure($_GET['url']));
   $template->html->get($db->secure($_GET['url']));
}

$template->outputTPL();
?>

And now in your class.core.php file add this:

final public function validIP() {
       global $_CONFIG;
       $url = 'https://check.getipintel.net/check.php?ip='.$_SERVER['REMOTE_ADDR].'&flags=f&format=json&oflags=bc&contact='.$_CONFIG['hotel']['mail'];

       $get = file_get_contents($url);
       $json = json_decode($get, true);

       if($json['status'] == 'success') {
           if($json['BadIP'] == '0') {
               if(in_array($json['Country'], array('SE','DK','NO'))) {
                   if($json['result'] >= '0.987654321') {
                       return false;
                   } else {
                       return true;
                   }
               }
               return false;
           }
           return false;
       }
       return false;
   }

Now the in_array() functions detects, whether or not a user is from the allowed countries (determined by country codes)
Now go to interface.core.php and add this:

   public function validIP();

You welcome, hope it was useful, and for DDoS Protection I recommend Bitninja.io

 

[Joe]

By real IP he means whether it's his proxy IP or their genuine IP. It's useful for banning as you don't end up banning your own proxy.
Every hotel logs real IP addresses from users when they register and login.

 

[MayoMayn]

JMG, if you only allow 2 users to be registered at an IP address, and it's impossible to use a vpn/proxy on the hotel, it won't matter with banning, since in the first place, people would only could use their genuine IP address. Trust me, it works
I don't get the idea, of which people want to setup a hotel, without having just a minimal experience at the used coding language.
If you want a demo, just try mine out:

You must be registered for see links

 

The problem is that the 15 year old, Nick, who owns AthenaLayer is incompetent. I suggest going with another host regardless, especially if you don't want to be taken down lol. CF "I'm under attack mode" works better than Athena's paid services. I'll additionally point out that I've previously used their service, before I realized it was shit. If you want to solve this easily, just go back to CloudFlare and avoid troubles with being easily DDoS'd as well.

CloudFlare shit as fuck mate, same as Sucuri, Incapsula etc.

You must be registered for see links

is the real deal, which offer honeypots and a lot more, and without DNS Protection (see

You must be registered for see links

), DDoS Protection wouldn't matter, since they could just DoS your DNS Records, and your site would be down.

 

[Logic]

Mate, I quote, DO NOT, try to get the real IP from a visitor, INSTEAD you should run a script that detects whether or not, an user is using a proxy/vpn.
In your Index.php file, wipe the file clean, and add this:

<?php
if(isset($_GET['url'])) {
   $_GET['url'] = strtolower($_GET['url']);
}

define('IN_INDEX', 1);

require_once 'global.php';

if($core->validIP() == false) {
   $core->handleCall($db->secure('error'));
   $template->html->get($db->secure('error'));
} else {
   $core->handleCall($db->secure($_GET['url']));
   $template->html->get($db->secure($_GET['url']));
}

$template->outputTPL();
?>

And now in your class.core.php file add this:

final public function validIP() {
       global $_CONFIG;
       $url = 'https://check.getipintel.net/check.php?ip='.$_SERVER['REMOTE_ADDR].'&flags=f&format=json&oflags=bc&contact='.$_CONFIG['hotel']['mail'];

       $get = file_get_contents($url);
       $json = json_decode($get, true);

       if($json['status'] == 'success') {
           if($json['BadIP'] == '0') {
               if(in_array($json['Country'], array('SE','DK','NO'))) {
                   if($json['result'] >= '0.987654321') {
                       return false;
                   } else {
                       return true;
                   }
               }
               return false;
           }
           return false;
       }
       return false;
   }

Now the in_array() functions detects, whether or not a user is from the allowed countries (determined by country codes)
Now go to interface.core.php and add this:

   public function validIP();

You welcome, hope it was useful, and for DDoS Protection I recommend Bitninja.io

Thanks for the attempt but this did nothing aside from return a white page.

 

[Brought]

 

CloudFlare shit as fuck mate, same as Sucuri, Incapsula etc.

You must be registered for see links

is the real deal, which offer honeypots and a lot more, and without DNS Protection (see

You must be registered for see links

), DDoS Protection wouldn't matter, since they could just DoS your DNS Records, and your site would be down.

I'll repost what I said so it's more clear.

CF "I'm under attack mode" works better than Athena's paid services.

Why does everyone always try to make everything into an argument?

 

[MayoMayn]

Thanks for the attempt but this did nothing aside from return a white page.

Mate, I got a custom made CMS, so I totally forgot it didn't work with others, but you'd have to replace

 $db->secure($_GET['URL']);

with just

 $_GET['URL']

and the following

 $core->handleCall($db->secure('error')); $template->html->get($db->secure('error'));

to

$core->handleCall('PAGE'); $template->html->get('PAGE');

where "PAGE" is the .php proxy error page.
As you can see below on my CMS, it returns a proxy error, because I'm using a VPN
If this did not work, just feel the pleasure to message me, and I will help you out ^^
Btw. I'm soon going to release my edit of a Shock/RevCMS with pure pdo and ajax

 

I'll repost what I said so it's more clear.


Why does everyone always try to make everything into an argument?

Sorry man, my bad, I just misunderstood what you meant, no hate ^^