manage visitor IP behind reverse proxies, refs #36

Signed-off-by: Jerome Jutteau <mojo@couak.net>

diff --git a/index.php b/index.php
index 4802e33a9dc99efed5de21a3ec92b6ed090f824d..5a2c9263637a21c06a045a94915eb75e8a597815 100644 (file)
--- a/index.php
+++ b/index.php
@@ -35,7 +35,7 @@ if (has_error ())
 }
 
 /* Check if user is allowed to upload. */
-if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
 {
     echo '<div class="error"><p>' . t('Access denied') . '</p></div>';
     require (JIRAFEAU_ROOT.'lib/template/footer.php');

diff --git a/lib/config.original.php b/lib/config.original.php
index 755b762aea1912f2d97507c3a74016f7a764f0f2..d7c52e28c04bff96dcaef543551f37f5b540eb26 100644 (file)
--- a/lib/config.original.php
+++ b/lib/config.original.php
@@ -89,6 +89,13 @@ $cfg['availabilities'] = array ('minute' => true,
  * 0 mean unlimited upload size.
  */
 $cfg['maximal_upload_size'] = 0;
+/* If your Jirafeau is behind some reverse proxies, you can set there IPs
+ * so Jirafeau get visitor's IP from HTTP_X_FORWARDED_FOR instead of
+ * REMOTE_ADDR.
+ * for example:
+ * $cfg['proxy_ip'] = array('12.34.56.78');
+ */
+$cfg['proxy_ip'] = array();
 /* Installation is done ? */
 $cfg['installation_done'] = false;
 

diff --git a/lib/functions.php b/lib/functions.php
index 27e4fc3862ad0c299980801ff79e94d905ee2e46..77acae1bd973f281586111e295bf096eef3234bd 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1108,3 +1108,29 @@ function jirafeau_challenge_upload_ip ($cfg, $ip)
     return false;
 }
 
+/**
+ * Get the ip address of the client from REMOTE_ADDR
+ * or from HTTP_X_FORWARDED_FOR if behind a proxy
+ * @returns an the client ip address
+ */
+function get_ip_address($cfg) {
+    if (count ($cfg['proxy_ip']) == 0 ||
+        empty ($_SERVER['HTTP_X_FORWARDED_FOR']))
+        return $_SERVER['REMOTE_ADDR'];
+
+    $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+    if (count ($iplist) == 0)
+        return $_SERVER['REMOTE_ADDR'];
+
+    foreach ($cfg['proxy_ip'] as $proxy_ip)
+    {
+        if ($_SERVER['REMOTE_ADDR'] != $proxy_ip)
+            continue;
+
+        // Take the last IP (the one which has been set by our proxy).
+        $ip = end($iplist);
+        $ip = preg_replace ('/\s+/', '', $ip);
+        return $ip;
+    }
+    return $_SERVER['REMOTE_ADDR'];
+}

diff --git a/script.php b/script.php
index 93599c9763855bde705862aaec3c004270c12bea..1c154b104727504e62f579ccb498f7263cdae244 100644 (file)
--- a/script.php
+++ b/script.php
@@ -218,7 +218,7 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     && is_writable (VAR_LINKS))
 {
-    if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
     {
         echo "Error";
         exit;
@@ -278,7 +278,7 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)
 
     $res = jirafeau_upload ($_FILES['file'],
                             isset ($_POST['one_time_download']),
-                            $key, $time, $_SERVER['REMOTE_ADDR'],
+                            $key, $time, get_ip_address($cfg),
                             $cfg['enable_crypt'], $cfg['link_name_length']);
     
     if (empty($res) || $res['error']['has_error'])
@@ -511,7 +511,7 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
-    if (!jirafeau_challenge_upload_ip ($cfg, $_SERVER['REMOTE_ADDR']))
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
     {
         echo "Error";
         exit;
@@ -575,7 +575,7 @@ elseif (isset ($_GET['init_async']))
                               isset ($_POST['one_time_download']),
                               $key,
                               $time,
-                              $_SERVER['REMOTE_ADDR']);
+                              get_ip_address($cfg));
 }
 /* Continue an asynchronous upload. */
 elseif (isset ($_GET['push_async']))