Extracting real visitor IP

[Logic]

Hello,

So as most of you know, when using a reverse HTTP proxy, you need your provider to set its headers to send the visitors real IP address instead of your proxy IP address to prevent everyone's IP being your proxy's IP address. That being said, the typical code placed in global.php to extract the visitors real IP address would be:

if(isset($_SERVER['HTTP_X_REAL_IP'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];}

However, doing this doesn't allow anyone to login. So, I took it a bit further and created a file called ip.php with the following code:

<?php
echo $_SERVER['REMOTE_ADDR'];

Upon visiting that page, it outputs my proxy IP address which is where the problem is. My proxy provider mentioned to use HTTP_X_FORWARDED_TO, so I gave it a shot with the following code:

if(isset($_SERVER['HTTP_X_FORWARDED_TO'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_TO'];}

But by doing so, it lists the IP's as such:

69.136.xxx.xxx,104.197.xxx.xx,104.192.xxx.xxx

With the first IP address listed, my IP address (real visitor IP address).

So he mentioned with that then to grab the first word in the string (assuming the real IP address), explode string with " " delimiter, and grab the first element. I'm not really familiar with PHP but I happened to find something that would hopefully work in this case:

if (!isset($_SERVER[”REMOTE_ADDR”]) && isset($_SERVER[”HTTP_X_FORWARDED_FOR”]))
{
$IP = array_pop(explode(”,”,$_SERVER[”HTTP_X_FORWARDED_FOR”]));
}

But then again, it only extracts it down to just my proxy IP address. Ultimately, I've not found something that has successfully worked and would like some help. Sorry for the explaining but I want everyone to know the step-by-steps I took in attempts to resolve this. Yes, I'm currently using RevCMS as well.

Thank you!

 

[Joe]

Go into class.core.php and remove

if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
{
    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
}

 

[Logic]

Go into class.core.php and remove

if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
{
    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
}

I removed it. Is it necessary now to implement one of the above codes into global.php?

 

[Joe]

It's been a while so try with or without. I think the previous ones I tried were:-

Spoiler: global.php

Change "HTTP_CF_CONNECTING_IP" to "HTTP_X_FORWARDED_FOR"

Spoiler: class.users.php

Change "REMOTE_ADDR" to "HTTP_X_FORWARDED_FOR"

Removing the above code disables the check that happens when you load up a page it checks to see if the users IP address matches the one in the database. (I think)

 

[Logic]

It's been a while so try with or without. I think the previous ones I tried were:-

Spoiler: global.php

Change "HTTP_CF_CONNECTING_IP" to "HTTP_X_FORWARDED_FOR"

Spoiler: class.users.php

Change "REMOTE_ADDR" to "HTTP_X_FORWARDED_FOR"

Removing the above code disables the check that happens when you load up a page it checks to see if the users IP address matches the one in the database. (I think)

Your method outputs this:

69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx

The first IP being my IP.

 

[Joe]

It should just update the ip_reg to your real IP address (when logging out and back in) isn't that what you wanted?

 

[Logic]

It should just update the ip_reg to your real IP address (when logging out and back in) isn't that what you wanted?

I'll give it a test run.
 
EDIT: When checking my users table with ip_last along with when I go to edit my user, it displays my IP address as:

69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx

 

[Joe]

I'm confused. It should display one IP per column?

 

[FastHabbo]

I'm confused. It should display one IP per column?

I'll give it a test run.
 
EDIT: When checking my users table with ip_last along with when I go to edit my user, it displays my IP address as:

69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx

Sorry I know this is off topic,
Do any of you know how to make it so a 1 bronze coin (1 Credit)
Can be redeemed as 1 diamond
i've tried changing the name to [DF_BronzeCoin_1]

 

[Logic]

I'm confused. It should display one IP per column?

 

Sorry I know this is off topic,
Do any of you know how to make it so a 1 bronze coin (1 Credit)
Can be redeemed as 1 diamond
i've tried changing the name to [DF_BronzeCoin_1]

Go make your own thread.

 

[Quackster]

Add this where it will be included the most (this is for CloudFlare).

/*
|--------------------------------------------------------------------------
| Fix IP addresses.
|--------------------------------------------------------------------------
*/
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
	$_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
	$_SERVER['HTTP_CLIENT_IP'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}

/*
|--------------------------------------------------------------------------
| Fix SSL detection.
|--------------------------------------------------------------------------
*/
if (isset($_SERVER['HTTP_CF_VISITOR'])) {
	if (preg_match('/https/i', $_SERVER['HTTP_CF_VISITOR'])) {
		$_SERVER['HTTPS'] = 'On';
		$_SERVER['HTTP_X_FORWARDED_PORT'] = 443;
		$_SERVER['SERVER_PORT'] = 443;
	}
}

 

[FastHabbo]

 


Go make your own thread.

I have, no one replies lol
If you could help i'll pay i've been trying to fix this for ages now

 

[FastHabbo]

Spoiler: CreditFurniRedeemEvent.cs

if (!Exchange.GetBaseItem().ItemName.StartsWith("CF_") && !Exchange.GetBaseItem().ItemName.StartsWith("CFC_") && !Exchange.GetBaseItem().ItemName.StartsWith("DF_") && !Exchange.GetBaseItem().ItemName.StartsWith("DFD_"))
               return;
        
            string[] Split = Exchange.GetBaseItem().ItemName.Split('_');
            int Value = int.Parse(Split[1]);

            if (Value > 0)
            {
                if (Exchange.GetBaseItem().ItemName.StartsWith("CF_") || Exchange.GetBaseItem().ItemName.StartsWith("CFC_"))
                {
                    Session.GetHabbo().Credits += Value;
                    Session.SendMessage(new CreditBalanceComposer(Session.GetHabbo().Credits));
                }
                else if(Exchange.GetBaseItem().ItemName.StartsWith("DF_") || Exchange.GetBaseItem().ItemName.StartsWith("DFD_"))
                {
                    Session.GetHabbo().Diamonds += Value;
                    Session.SendMessage(new HabboActivityPointNotificationComposer(Session.GetHabbo().Diamonds, Value, 5));
                }
            }

Then in your furniture table, for that item, name it "DF_AMOUNT_anynamehere"

I've tried that, i've tried everything pm me if you can and ill give you TV details

 

[Joe]

@Logic I've never seen that. Does it happen every time you create a new account?

 

[FastHabbo]

Already added that to the file, done it in database also & still no luck

 

[Logic]

@Logic I've never seen that. Does it happen every time you create a new account?

This isn't when creating a new account but I'd imagine it will happen. This is when anyone logs in, their ip_last is my proxy IP and depending on the forwarding header, it can be multiple IP's in one column or a single proxy IP.

 

[Joe]

This isn't when creating a new account but I'd imagine it will happen. This is when anyone logs in, their ip_last is my proxy IP and depending on the forwarding header, it can be multiple IP's in one column or a single proxy IP.

It looks like you've modified a lot of the Rev core. Try taking the default files and applying the fixes I mentioned above. Register and see what happens.

 

[Logic]

It looks like you've modified a lot of the Rev core. Try taking the default files and applying the fixes I mentioned above. Register and see what happens.

I've not modified any of the core files. It works fine when using HTTP_CF_CONNECTING_IP with the use of Cloudflare. But because I don't use Cloudflare, that becomes useless.

 

[Joe]

What HTTP proxy are you using?

 

[Logic]

What HTTP proxy are you using?

You must be registered for see links