Add option for detecting IP address via which header

2017-06-28 19:50:34 +08:00 · 2017-06-28 19:50:34 +08:00 · 1957f97807
commit 1957f97807
parent 88ed00660a
5 changed files with 23 additions and 5 deletions
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@ -114,6 +114,11 @@ class AdminController extends Controller

            $form->text('regs_per_ip');

+            $form->select('ip_get_method')
+                    ->option('0', trans('options.general.ip_get_method.HTTP_X_FORWARDED_FOR'))
+                    ->option('1', trans('options.general.ip_get_method.REMOTE_ADDR'))
+                    ->hint();
+
            $form->group('max_upload_file_size')
                    ->text('max_upload_file_size')->addon('KB')
                    ->hint(trans('options.general.max_upload_file_size.hint', ['size' => ini_get('upload_max_filesize')]));
--- a/app/Services/Utils.php
+++ b/app/Services/Utils.php
@ -20,12 +20,14 @@ class Utils
     */
    public static function getClientIp()
    {
-        if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
-            $ip = $_SERVER['HTTP_CLIENT_IP'];
-        } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        if (option('ip_get_method') == "0") {
+            // fallback to REMOTE_ADDR
+            $ip = array_get(
+                $_SERVER, 'HTTP_X_FORWARDED_FOR',
+                array_get($_SERVER, 'HTTP_CLIENT_IP', $_SERVER['REMOTE_ADDR'])
+            );
        } else {
-            $ip = $_SERVER['REMOTE_ADDR'];
+            $ip = array_get($_SERVER, 'REMOTE_ADDR');
        }

        return $ip;
--- a/config/options.php
+++ b/config/options.php
@ -12,6 +12,7 @@ return [
    'site_description'          => 'Open-source PHP Minecraft Skin Hosting Service',
    'user_can_register'         => 'true',
    'regs_per_ip'               => '3',
+    'ip_get_method'             => '0',
    'api_type'                  => 'false',
    'announcement'              => 'Welcome to Blessing Skin Server {version}!',
    'color_scheme'              => 'skin-blue',
--- a/resources/lang/en/options.yml
+++ b/resources/lang/en/options.yml
@ -74,6 +74,11 @@ general:
    title: Open Registration
    label: Everyone is allowed to register.
  regs_per_ip: Max accounts of one IP
+  ip_get_method:
+    title: Get IP via
+    HTTP_X_FORWARDED_FOR: HTTP_X_FORWARDED_FOR (can be fabricated)
+    REMOTE_ADDR: REMOTE_ADDR (isn't suit for sites under load balancer)
+    hint: We have no method to get the real IP address of client with PHP.
  max_upload_file_size:
    title: Max Upload Size
    hint: "Limit of PHP in php.ini: :size"
--- a/resources/lang/zh_CN/options.yml
+++ b/resources/lang/zh_CN/options.yml
@ -74,6 +74,11 @@ general:
    title: 开放注册
    label: 任何人都可以注册
  regs_per_ip: 每个 IP 限制注册数
+  ip_get_method:
+    title: IP 获取方式
+    HTTP_X_FORWARDED_FOR: HTTP_X_FORWARDED_FOR（可被伪造）
+    REMOTE_ADDR: REMOTE_ADDR（无法伪造，反代、负载均衡用户不要选）
+    hint: 皮肤站单靠 PHP 是无法获取客户端真实 IP 的，原因请自行搜索。
  max_upload_file_size:
    title: 最大允许上传大小
    hint: PHP 限制：:size，定义在 php.ini 中。