From 6c5a53f41136b12d3cf0dd8dd448aecb929d44d7 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Sat, 1 Nov 2014 11:30:26 +0100 Subject: [PATCH] Don't continue if the cookie has been set + ticket has created. 'unknown' was found as IP address. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- .gitattributes | 46 ------------------------------------------- libs/lib_detector.php | 16 ++------------- libs/lib_general.php | 15 ++++++++------ 3 files changed, 11 insertions(+), 66 deletions(-) delete mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index e8b6c64..0000000 --- a/.gitattributes +++ /dev/null @@ -1,46 +0,0 @@ -* text=auto !eol -config/.htaccess -text -config/db_config.php.dist -text -/ctracker.php svneol=native#text/plain -docs/COPYING -text -docs/Incompatible.txt -text -docs/NEWS -text -docs/README -text -docs/THANKS -text -docs/TODO -text -docs/TODOs.txt -text svneol=unset#text/plain -install/install.sql -text -libs/.htaccess -text -libs/language/.htaccess -text -libs/language/.php svneol=native#text/plain -libs/language/de.php svneol=native#text/plain -libs/language/en.php svneol=native#text/plain -libs/lib_ -text svneol=unset#text/plain -libs/lib_connect.php -text svneol=unset#text/plain -libs/lib_detector.php -text svneol=unset#text/plain -libs/lib_general.php -text svneol=unset#text/plain -libs/lib_updates.php svneol=native#text/plain -libs/mails/.htaccess -text -libs/mails/de/.htaccess -text -libs/mails/de/header.tpl svneol=native#text/plain -libs/mails/de/user_add_ticket.tpl svneol=native#text/plain -libs/mails/de/webmaster_add_ticket.tpl svneol=native#text/plain -libs/mails/en/.htaccess -text -libs/mails/en/header.tpl svneol=native#text/plain -libs/mails/en/user_add_ticket.tpl svneol=native#text/plain -libs/mails/en/webmaster_add_ticket.tpl svneol=native#text/plain -libs/templates/.htaccess -text -libs/templates/add_ticket.tpl.php svneol=native#text/plain -libs/templates/add_ticket_thanks.tpl.php svneol=native#text/plain -libs/templates/de/.htaccess -text -libs/templates/de/add_ticket_form.tpl.php svneol=native#text/plain -libs/templates/de/add_ticket_missing.tpl.php svneol=native#text/plain -libs/templates/de/add_ticket_success.tpl.php svneol=native#text/plain -libs/templates/de/body_header.tpl.php svneol=native#text/plain -libs/templates/en/.htaccess -text -libs/templates/en/add_ticket_form.tpl.php svneol=native#text/plain -libs/templates/en/add_ticket_missing.tpl.php svneol=native#text/plain -libs/templates/en/add_ticket_success.tpl.php svneol=native#text/plain -libs/templates/en/body_header.tpl.php svneol=native#text/plain -libs/templates/page_footer.tpl.php svneol=native#text/plain -libs/templates/page_header.tpl.php svneol=native#text/plain diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 3511de9..5c5a70b 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -348,20 +348,8 @@ function crackerTrackerAlertCurrentUser () { if (isset($GLOBALS['ctracker_last_suspicious_entry'])) { // Does the user have a ticket? if (ifCrackerTrackerIpHasTicket()) { - // Should we continue? - if (isset($_POST['ctracker_continue'])) { - // Set cookie - sendCrackerTrackerCookie(); - - // And redirect to same URL - crackerTrackerRedirectSameUrl(); - } elseif (ifCrackerTrackerCookieIsSet()) { - // Return here to normal program - return; - } else { - // Load "Thank you" template - crackerTrackerLoadTemplate('add_ticket_thanks'); - } + // Load "Thank you" template + crackerTrackerLoadTemplate('add_ticket_thanks'); } elseif ((isset($_POST['ctracker_add_ticket'])) && (!empty($_POST['name'])) && (!empty($_POST['email']))) { // Add the ticket addCrackerTrackerTicket($_POST); diff --git a/libs/lib_general.php b/libs/lib_general.php index 84dd1bf..62062d7 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -87,20 +87,23 @@ function determineCrackerTrackerRealRemoteAddress () { // Is a proxy in use? if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Proxy was used - $address = $_SERVER['HTTP_X_FORWARDED_FOR']; + $address = trim($_SERVER['HTTP_X_FORWARDED_FOR']); } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { // Yet, another proxy - $address = $_SERVER['HTTP_CLIENT_IP']; + $address = trim($_SERVER['HTTP_CLIENT_IP']); } elseif (isset($_SERVER['REMOTE_ADDR'])) { // The regular address when no proxy was used - $address = getenv('REMOTE_ADDR'); + $address = trim(getenv('REMOTE_ADDR')); } - // This strips out the real address from proxy output - if (strstr($address, ',')) { + if ($address == 'unknown') { + // Invalid IP somehow given + $address = '0.0.0.0'; + elseif (strstr($address, ',')) { + // This strips out the real address from proxy output $addressArray = explode(',', $address); $address = $addressArray[0]; - } // END - if + } // Return the result return $address; -- 2.39.5