Re: Important Security Issue For All McCode Owners !
Fair enough..
Why not use this:
function validip($IP)
{
if (!empty($IP) && ip2long($IP)!=-1)
{
$ReservedIps = array (
array('0.0.0.0','2.255.255.255'),
array('10.0.0.0','10.255.255.255'),
array('127.0.0.0','127.255.255.255'),
array('169.254.0.0','169.254.255.255'),
array('172.16.0.0','172.31.255.255'),
array('192.0.2.0','192.0.2.255'),
array('192.168.0.0','192.168.255.255'),
array('255.255.255.0','255.255.255.255')
);
foreach ($ReservedIps as $R)
{
$Min = ip2long($R[0]);
$Max = ip2long($R[1]);
if ((ip2long($IP) >= $Min) && (ip2long($IP) <= $Max)) return false;
}
return true;
}
else
{
return false;
}
}
function getip()
{
if (validip(isset($_SERVER['HTTP_CLIENT_IP'])))
{
return $_SERVER['HTTP_CLIENT_IP'];
}
foreach (explode(",", isset($_SERVER['HTTP_X_FORWARDED_FOR'])) as $IP)
{
if (validip(trim($IP)))
{
return $IP;
}
}
if (validip(isset($_SERVER['HTTP_X_FORWARDED'])))
{
return $_SERVER['HTTP_X_FORWARDED'];
}
else if (validip(isset($_SERVER['HTTP_FORWARDED_FOR'])))
{
return $_SERVER['HTTP_FORWARDED_FOR'];
}
else if (validip(isset($_SERVER['HTTP_FORWARDED'])))
{
return $_SERVER['HTTP_FORWARDED'];
}
else if (validip(isset($_SERVER['HTTP_X_FORWARDED'])))
{
return $_SERVER['HTTP_X_FORWARDED'];
}
else
{
return $_SERVER['REMOTE_ADDR'];
}
}