Various changes to further combat the idiots and dickheads out there using daddy's computer

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4882 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-11 22:08:54 +00:00 · 2004-04-21 12:18:02 +00:00 · 2004-04-21 12:18:02 +00:00 · e8e0ef46ed
commit e8e0ef46ed
parent 4f034fdff2
1 changed files with 42 additions and 27 deletions
--- a/phpBB/common.php
+++ b/phpBB/common.php
@ -8,7 +8,6 @@
 *
 *   $Id$
 *
 *
 ***************************************************************************/
 /***************************************************************************
@ -25,9 +24,44 @@ if ( !defined('IN_PHPBB') )
 	die("Hacking attempt");
 }
 //
 function unset_vars(&$var)
 {
 	while (list($var_name, $null) = @each($var))
 	{
 		unset($GLOBALS[$var_name]);
 	}
 	return;
 }
 //
 error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
 $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
 // Unset globally registered vars - PHP5 ... hhmmm
 if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
 {
 	$var_prefix = (phpversion() >= '4.3.0') ? '' : 'HTTP';
 	$var_suffix = (phpversion() >= '4.3.0') ? '' : '_VARS';
 	if(is_array(${$var_prefix . '_GET' . $var_suffix}))
 	{
 		unset_vars(${$var_prefix . '_GET' . $var_suffix});
 	}
 	if(is_array(${$var_prefix . '_POST' . $var_suffix}))
 	{
 		unset_vars(${$var_prefix . '_POST' . $var_suffix});
 	}
 	if(is_array(${$var_prefix . '_COOKIE' . $var_suffix}))
 	{
 		unset_vars(${$var_prefix . '_COOKIE' . $var_suffix});
 	}
 }
 //
 // addslashes to vars if magic_quotes_gpc is off
 // this is a security precaution to prevent someone
@ -106,6 +140,7 @@ $userdata = array();
 $theme = array();
 $images = array();
 $lang = array();
 $nav_links = array();
 $gen_simple_header = FALSE;
 include($phpbb_root_path . 'config.'.$phpEx);
@ -126,32 +161,12 @@ include($phpbb_root_path . 'includes/db.'.$phpEx);
 //
 // Obtain and encode users IP
 //
-if( getenv('HTTP_X_FORWARDED_FOR') != '' )
+// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
-{
+// private range IP's appearing instead of the guilty routable IP, tough, don't
-	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
+// even bother complaining ... go scream and shout at the idiots out there who feel
-
+// "clever" is doing harm rather than good ... karma is a great thing ... :)
-	$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
+//
-	reset($entries);
+$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 	while (list(, $entry) = each($entries)) 
 	{
 		$entry = trim($entry);
 		if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
 		{
 			$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
 			$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
 			if ($client_ip != $found_ip)
 			{
 				$client_ip = $found_ip;
 				break;
 			}
 		}
 	}
 }
 else
 {
 	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 }
 $user_ip = encode_ip($client_ip);
 //