saulteafarmer/castopod
1
0
Fork 0
mirror of https://code.castopod.org/adaures/castopod synced 2025-06-06 18:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(analytics): check the x_forwarded_for client header

Browse Source
This commit is contained in:
Aonrud 2023-02-24 15:28:17 +00:00 committed by Yassine Doghri
parent b794d3433c
commit 1111177eb7
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/Analytics/Helpers/analytics_helper.php
View File

@ -34,6 +34,20 @@ if (! function_exists('base64_url_decode')) {
} }
} }
if (! function_exists('client_ip')) {
/**
* Get the client IP, depending on available headers
*/
function client_ip(): string
{
if (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $_SERVER['REMOTE_ADDR'];
}
}
if (! function_exists('set_user_session_deny_list_ip')) { if (! function_exists('set_user_session_deny_list_ip')) {
/** /**
* Set user country in session variable, for analytic purposes * Set user country in session variable, for analytic purposes
@ -44,7 +58,7 @@ if (! function_exists('set_user_session_deny_list_ip')) {
$session->start(); $session->start();
if (! $session->has('denyListIp')) { if (! $session->has('denyListIp')) {
$session->set('denyListIp', IpDb::find($_SERVER['REMOTE_ADDR']) !== null); $session->set('denyListIp', IpDb::find(client_ip()) !== null);
} }
} }
} }
@ -69,7 +83,7 @@ if (! function_exists('set_user_session_location')) {
if (! $session->has('location')) { if (! $session->has('location')) {
try { try {
$cityReader = new Reader(WRITEPATH . 'uploads/GeoLite2-City/GeoLite2-City.mmdb'); $cityReader = new Reader(WRITEPATH . 'uploads/GeoLite2-City/GeoLite2-City.mmdb');
$city = $cityReader->city($_SERVER['REMOTE_ADDR']); $city = $cityReader->city(client_ip());
$location = [ $location = [
'countryCode' => $city->country->isoCode === null 'countryCode' => $city->country->isoCode === null
@ -232,6 +246,8 @@ if (! function_exists('podcast_hit')) {
$session = Services::session(); $session = Services::session();
$session->start(); $session->start();
$clientIp = client_ip();
// We try to count (but if things went wrong the show should go on and the user should be able to download the file): // We try to count (but if things went wrong the show should go on and the user should be able to download the file):
try { try {
// If the user IP is denied it's probably a bot: // If the user IP is denied it's probably a bot:
@ -252,7 +268,7 @@ if (! function_exists('podcast_hit')) {
sha1( sha1(
$salt . '_' . date( $salt . '_' . date(
'Y-m-d' 'Y-m-d'
) . '_' . $_SERVER['REMOTE_ADDR'] . '_' . $_SERVER['HTTP_USER_AGENT'] . '_' . $episodeId ) . '_' . $clientIp . '_' . $_SERVER['HTTP_USER_AGENT'] . '_' . $episodeId
); );
// The cache expires at midnight: // The cache expires at midnight:
$secondsToMidnight = strtotime('tomorrow') - time(); $secondsToMidnight = strtotime('tomorrow') - time();
@ -299,7 +315,7 @@ if (! function_exists('podcast_hit')) {
sha1( sha1(
$salt . '_' . date( $salt . '_' . date(
'Y-m-d' 'Y-m-d'
) . '_' . $_SERVER['REMOTE_ADDR'] . '_' . $_SERVER['HTTP_USER_AGENT'] . '_' . $podcastId ) . '_' . $clientIp . '_' . $_SERVER['HTTP_USER_AGENT'] . '_' . $podcastId
); );
$newListener = 1; $newListener = 1;
// Has this listener already downloaded an episode today: // Has this listener already downloaded an episode today: