/**
* get client IP from the best source possible (even through a server proxy)
* based on: http://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php
* @return string ip address (ipv4 or ipv6)
*/
public static function getIpAddress($local=false) {
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip); // just to be safe
if ($local === true && filter_var($ip, FILTER_VALIDATE_IP) !== false
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false
){
return $ip;
}
}
}
}
}
security PHP
http://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php
<iframe width="100%" height="524" src="http://snip.yosko.net/index.php?embed=5200a7c96c133" type="text/html"></iframe>
Text only - Permalink - Snippet public post date 06/08/2013
<?php
date_default_timezone_set('Europe/Paris');
$GLOBALS['config']['DATADIR'] = 'data'; // Data subdirectory
$GLOBALS['config']['IPBANS_FILENAME'] = $GLOBALS['config']['DATADIR'].'/ipbans.php'; // File storage for failures and bans.
$GLOBALS['config']['BAN_AFTER'] = 5; // Ban IP after this many failures.
$GLOBALS['config']['BAN_DURATION'] = 1800; // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
if (!is_dir($GLOBALS['config']['DATADIR'])) { mkdir($GLOBALS['config']['DATADIR'],0705); chmod($GLOBALS['config']['DATADIR'],0705); }
if (!is_file($GLOBALS['config']['DATADIR'].'/.htaccess')) { file_put_contents($GLOBALS['config']['DATADIR'].'/.htaccess',"Allow from nonenDeny from alln"); } // Protect data files.
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."n";
file_put_contents($GLOBALS['config']['DATADIR'].'/log.txt',$t,FILE_APPEND);
}
// ------------------------------------------------------------------------------------------
// Brute force protection system
// Several consecutive failed logins will ban the IP address for 30 minutes.
if (!is_file($GLOBALS['config']['IPBANS_FILENAME'])) file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?phpn$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";n?>");
include $GLOBALS['config']['IPBANS_FILENAME'];
// Signal a failed login. Will ban the IP if too many failures:
function ban_loginFailed()
{
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
$gb['FAILURES'][$ip]++;
if ($gb['FAILURES'][$ip]>($GLOBALS['config']['BAN_AFTER']-1))
{
$gb['BANS'][$ip]=time()+$GLOBALS['config']['BAN_DURATION'];
logm('IP address banned from login');
}
$GLOBALS['IPBANS'] = $gb;
file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?phpn$GLOBALS['IPBANS']=".var_export($gb,true).";n?>");
}
// Signals a successful login. Resets failed login counter.
function ban_loginOk()
{
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
$GLOBALS['IPBANS'] = $gb;
file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?phpn$GLOBALS['IPBANS']=".var_export($gb,true).";n?>");
logm('Login ok.');
}
// Checks if the user CAN login. If 'true', the user can try to login.
function ban_canLogin()
{
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
if (isset($gb['BANS'][$ip]))
{
// User is banned. Check if the ban has expired:
if ($gb['BANS'][$ip]<=time())
{ // Ban expired, user can try to login again.
logm('Ban lifted.');
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
file_put_contents($GLOBALS['config']['IPBANS_FILENAME'], "<?phpn$GLOBALS['IPBANS']=".var_export($gb,true).";n?>");
return true; // Ban has expired, user can login.
}
return false; // User is banned.
}
return true; // User is not banned.
}
?>
PHP security
http://sebsauvage.net/links/?kO4Krg
<iframe width="100%" height="1388" src="http://snip.yosko.net/index.php?embed=5200a56022581" type="text/html"></iframe>
Text only - Permalink - Snippet public post date 06/08/2013