diff --git a/web/inc/main.php b/web/inc/main.php index 9eccb1249..75482cd1b 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -11,7 +11,24 @@ require_once(dirname(__FILE__).'/i18n.php'); // Saving user IPs to the session for preventing session hijacking -$user_combined_ip = $_SERVER['REMOTE_ADDR'] .'|'. $_SERVER['HTTP_CLIENT_IP'] .'|'. $_SERVER['HTTP_X_FORWARDED_FOR'] .'|'. $_SERVER['HTTP_X_FORWARDED'] .'|'. $_SERVER['HTTP_FORWARDED_FOR'] .'|'. $_SERVER['HTTP_FORWARDED']; +$user_combined_ip = $_SERVER['REMOTE_ADDR']; + +if(isset($_SERVER['HTTP_CLIENT_IP'])){ + $user_combined_ip .= '|'. $_SERVER['HTTP_CLIENT_IP']; +} +if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){ + $user_combined_ip .= '|'. $_SERVER['HTTP_X_FORWARDED_FOR']; +} +if(isset($_SERVER['HTTP_FORWARDED_FOR'])){ + $user_combined_ip .= '|'. $_SERVER['HTTP_FORWARDED_FOR']; +} +if(isset($_SERVER['HTTP_X_FORWARDED'])){ + $user_combined_ip .= '|'. $_SERVER['HTTP_X_FORWARDED']; +} +if(isset($_SERVER['HTTP_FORWARDED'])){ + $user_combined_ip .= '|'. $_SERVER['HTTP_FORWARDED']; +} + if(!isset($_SESSION['user_combined_ip'])){ $_SESSION['user_combined_ip'] = $user_combined_ip;