]> git.p6c8.net - jirafeau_project.git/blobdiff - script.php
manage visitor IP behind reverse proxies, refs #36
[jirafeau_project.git] / script.php
index 99c5ec0116a663661b5f8ee36ffe947d7f196a6f..1c154b104727504e62f579ccb498f7263cdae244 100644 (file)
@@ -218,6 +218,12 @@ if (has_error ())
 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
     && is_writable (VAR_LINKS))
 {
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
+    {
+        echo "Error";
+        exit;
+    }
+
     if (jirafeau_has_upload_password ($cfg) &&
          (!isset ($_POST['upload_password']) ||
           !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
@@ -272,7 +278,7 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES)
 
     $res = jirafeau_upload ($_FILES['file'],
                             isset ($_POST['one_time_download']),
-                            $key, $time, $_SERVER['REMOTE_ADDR'],
+                            $key, $time, get_ip_address($cfg),
                             $cfg['enable_crypt'], $cfg['link_name_length']);
     
     if (empty($res) || $res['error']['has_error'])
@@ -505,6 +511,12 @@ fi
 /* Initialize an asynchronous upload. */
 elseif (isset ($_GET['init_async']))
 {
+    if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
+    {
+        echo "Error";
+        exit;
+    }
+
     if (jirafeau_has_upload_password ($cfg) &&
          (!isset ($_POST['upload_password']) ||
           !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
@@ -563,7 +575,7 @@ elseif (isset ($_GET['init_async']))
                               isset ($_POST['one_time_download']),
                               $key,
                               $time,
-                              $_SERVER['REMOTE_ADDR']);
+                              get_ip_address($cfg));
 }
 /* Continue an asynchronous upload. */
 elseif (isset ($_GET['push_async']))

patrick-canterino.de