From 812d5a2f35381f42ae67f4880f32aafef2b4fb5d Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Mon, 18 Mar 2002 23:45:24 +0000
Subject: [PATCH] Allow global_var off for REMOTE_ADDR

git-svn-id: file:///svn/phpbb/trunk@2327 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/common.php | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/phpBB/common.php b/phpBB/common.php
index 2cb8ee9891..7075f759fd 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -20,6 +20,11 @@
  *
  ***************************************************************************/
 
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
 error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
 
@@ -144,29 +149,17 @@ $nav_links['author'] = array (
 //
 if( getenv('HTTP_X_FORWARDED_FOR') != '' )
 {
-	$private_ips = array('192.168', '172.16', '10', '224', '240');
+	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 
-	if ( preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+	if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
 	{
-		$private_ip = false;
-		for($i = 0; $i < count($private_ips); $i++)
-		{
-			if ( strpos(' ' . $ip_list[0], $private_ips[$i], 1) == 1 )
-			{
-				$private_ip = true;
-			}
-		}
-
-		$client_ip =  ( !$private_ip ) ? $ip_list[0] : $REMOTE_ADDR;
-	}
-	else
-	{
-		$client_ip = $REMOTE_ADDR;
+		$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
+		$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
 	}
 }
 else
 {
-	$client_ip = $REMOTE_ADDR;
+	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 }
 $user_ip = encode_ip($client_ip);