LBRYFoundation/pool
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/pool.git synced 2025-09-30 15:20:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

admin: prevent ip spoofing for admin url

Browse source
This commit is contained in:
Tanguy Pruvot 2017-08-05 02:36:34 +02:00
parent 91fdf629b4
commit 44aa14ddf7
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
web/yaamp/modules/site/SiteController.php
View file

@ -5,12 +5,19 @@ class SiteController extends CommonController
public $defaultAction='index'; public $defaultAction='index';
/////////////////////////////////////////////////// ///////////////////////////////////////////////////
// Security Note: You can rename this action as you
// want, to customize the admin entrance url...
//
public function actionAdminRights() public function actionAdminRights()
{ {
$client_ip = $_SERVER['REMOTE_ADDR']; $client_ip = arraySafeVal($_SERVER,'REMOTE_ADDR');
$valid = isAdminIP($client_ip); $valid = isAdminIP($client_ip);
if (arraySafeVal($_SERVER,'HTTP_X_FORWARDED_FOR','') != '') {
debuglog("admin access attempt via IP spoofing!");
$valid = false;
}
if ($valid) if ($valid)
debuglog("admin connect from $client_ip"); debuglog("admin connect from $client_ip");
else else