Extracting real visitor IP

Logic

Bobby Billionaire
Feb 8, 2012
748
207
Hello,

So as most of you know, when using a reverse HTTP proxy, you need your provider to set its headers to send the visitors real IP address instead of your proxy IP address to prevent everyone's IP being your proxy's IP address. That being said, the typical code placed in global.php to extract the visitors real IP address would be:

Code:
if(isset($_SERVER['HTTP_X_REAL_IP'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];}

However, doing this doesn't allow anyone to login. So, I took it a bit further and created a file called ip.php with the following code:
Code:
<?php
echo $_SERVER['REMOTE_ADDR'];

Upon visiting that page, it outputs my proxy IP address which is where the problem is. My proxy provider mentioned to use
HTTP_X_FORWARDED_TO, so I gave it a shot with the following code:
Code:
if(isset($_SERVER['HTTP_X_FORWARDED_TO'])){ $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_TO'];}

But by doing so, it lists the IP's as such:
Code:
69.136.xxx.xxx,104.197.xxx.xx,104.192.xxx.xxx
With the first IP address listed, my IP address (real visitor IP address).

So he mentioned with that then to grab the first word in the string (assuming the real IP address), explode string with " " delimiter, and grab the first element. I'm not really familiar with PHP but I happened to find something that would hopefully work in this case:

Code:
if (!isset($_SERVER[”REMOTE_ADDR”]) && isset($_SERVER[”HTTP_X_FORWARDED_FOR”]))
{
$IP = array_pop(explode(”,”,$_SERVER[”HTTP_X_FORWARDED_FOR”]));
}

But then again, it only extracts it down to just my proxy IP address. Ultimately, I've not found something that has successfully worked and would like some help. Sorry for the explaining but I want everyone to know the step-by-steps I took in attempts to resolve this. Yes, I'm currently using RevCMS as well.

Thank you!
 

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
Go into class.core.php and remove
Code:
if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
{
    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
}
 

Logic

Bobby Billionaire
Feb 8, 2012
748
207
Go into class.core.php and remove
Code:
if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
{
    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
}

I removed it. Is it necessary now to implement one of the above codes into global.php?
 

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
It's been a while so try with or without. I think the previous ones I tried were:-
Change "HTTP_CF_CONNECTING_IP" to "HTTP_X_FORWARDED_FOR"
Change "REMOTE_ADDR" to "HTTP_X_FORWARDED_FOR"
Removing the above code disables the check that happens when you load up a page it checks to see if the users IP address matches the one in the database. (I think)
 

Logic

Bobby Billionaire
Feb 8, 2012
748
207
It's been a while so try with or without. I think the previous ones I tried were:-
Change "HTTP_CF_CONNECTING_IP" to "HTTP_X_FORWARDED_FOR"
Change "REMOTE_ADDR" to "HTTP_X_FORWARDED_FOR"
Removing the above code disables the check that happens when you load up a page it checks to see if the users IP address matches the one in the database. (I think)

Your method outputs this:
Code:
69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx
The first IP being my IP.
 

Logic

Bobby Billionaire
Feb 8, 2012
748
207
It should just update the ip_reg to your real IP address (when logging out and back in) isn't that what you wanted?

I'll give it a test run.
 
EDIT: When checking my users table with ip_last along with when I go to edit my user, it displays my IP address as:
Code:
69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx
 

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
I'm confused. It should display one IP per column?
2f8382e983e848279fc519e5579a8054.png
 

FastHabbo

Member
Aug 23, 2011
160
8
I'm confused. It should display one IP per column?
2f8382e983e848279fc519e5579a8054.png
I'll give it a test run.
 
EDIT: When checking my users table with ip_last along with when I go to edit my user, it displays my IP address as:
Code:
69.136.xxx.xxx, 130.211.xx.xx, 130.211.x.xxx
Sorry I know this is off topic,
Do any of you know how to make it so a 1 bronze coin (1 Credit)
Can be redeemed as 1 diamond
i've tried changing the name to [DF_BronzeCoin_1]
 

Quackster

a devbest user says what
Aug 22, 2010
1,765
1,245
Add this where it will be included the most (this is for CloudFlare).

Code:
/*
|--------------------------------------------------------------------------
| Fix IP addresses.
|--------------------------------------------------------------------------
*/
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
	$_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
	$_SERVER['HTTP_CLIENT_IP'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}

/*
|--------------------------------------------------------------------------
| Fix SSL detection.
|--------------------------------------------------------------------------
*/
if (isset($_SERVER['HTTP_CF_VISITOR'])) {
	if (preg_match('/https/i', $_SERVER['HTTP_CF_VISITOR'])) {
		$_SERVER['HTTPS'] = 'On';
		$_SERVER['HTTP_X_FORWARDED_PORT'] = 443;
		$_SERVER['SERVER_PORT'] = 443;
	}
}
 

FastHabbo

Member
Aug 23, 2011
160
8
Code:
if (!Exchange.GetBaseItem().ItemName.StartsWith("CF_") && !Exchange.GetBaseItem().ItemName.StartsWith("CFC_") && !Exchange.GetBaseItem().ItemName.StartsWith("DF_") && !Exchange.GetBaseItem().ItemName.StartsWith("DFD_"))
               return;
        
            string[] Split = Exchange.GetBaseItem().ItemName.Split('_');
            int Value = int.Parse(Split[1]);

            if (Value > 0)
            {
                if (Exchange.GetBaseItem().ItemName.StartsWith("CF_") || Exchange.GetBaseItem().ItemName.StartsWith("CFC_"))
                {
                    Session.GetHabbo().Credits += Value;
                    Session.SendMessage(new CreditBalanceComposer(Session.GetHabbo().Credits));
                }
                else if(Exchange.GetBaseItem().ItemName.StartsWith("DF_") || Exchange.GetBaseItem().ItemName.StartsWith("DFD_"))
                {
                    Session.GetHabbo().Diamonds += Value;
                    Session.SendMessage(new HabboActivityPointNotificationComposer(Session.GetHabbo().Diamonds, Value, 5));
                }
            }
Then in your furniture table, for that item, name it "DF_AMOUNT_anynamehere"
I've tried that, i've tried everything pm me if you can and ill give you TV details
 

Logic

Bobby Billionaire
Feb 8, 2012
748
207
@Logic I've never seen that. Does it happen every time you create a new account?

This isn't when creating a new account but I'd imagine it will happen. This is when anyone logs in, their ip_last is my proxy IP and depending on the forwarding header, it can be multiple IP's in one column or a single proxy IP.
 

Joe

Well-Known Member
Jun 10, 2012
4,172
1,955
This isn't when creating a new account but I'd imagine it will happen. This is when anyone logs in, their ip_last is my proxy IP and depending on the forwarding header, it can be multiple IP's in one column or a single proxy IP.
It looks like you've modified a lot of the Rev core. Try taking the default files and applying the fixes I mentioned above. Register and see what happens.
 

Logic

Bobby Billionaire
Feb 8, 2012
748
207
It looks like you've modified a lot of the Rev core. Try taking the default files and applying the fixes I mentioned above. Register and see what happens.

I've not modified any of the core files. It works fine when using HTTP_CF_CONNECTING_IP with the use of Cloudflare. But because I don't use Cloudflare, that becomes useless.
 

Users who are viewing this thread

Top