lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Gets the client IP from a central place

main
Yasen Pramatarov 2025-02-23 17:58:26 +02:00
parent b4b5a7ac8f
commit 0f6dda44b8
3 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/classes/user.php
View File

@ -90,8 +90,10 @@ class User {
* @return bool True if login is successful, false otherwise. * @return bool True if login is successful, false otherwise.
*/ */
public function login($username, $password) { public function login($username, $password) {
// get client IP address try {
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; // Get user's IP address
require_once __DIR__ . '/../helpers/logs.php';
$ipAddress = getUserIP();
// Record attempt // Record attempt
$this->rateLimiter->attempt($username, $ipAddress); $this->rateLimiter->attempt($username, $ipAddress);
@ -117,6 +119,9 @@ class User {
// Get remaining attempts AFTER this failed attempt // Get remaining attempts AFTER this failed attempt
$remainingAttempts = $this->rateLimiter->getRemainingAttempts($username, $ipAddress); $remainingAttempts = $this->rateLimiter->getRemainingAttempts($username, $ipAddress);
throw new Exception("Invalid credentials. {$remainingAttempts} attempts remaining."); throw new Exception("Invalid credentials. {$remainingAttempts} attempts remaining.");
} catch (Exception $e) {
return $e->getMessage();
}
} }

4
app/includes/csrf_middleware.php
View File

@ -1,6 +1,7 @@
<?php <?php
require_once __DIR__ . '/../helpers/security.php'; require_once __DIR__ . '/../helpers/security.php';
require_once __DIR__ . '/../helpers/logs.php';
function applyCsrfMiddleware() { function applyCsrfMiddleware() {
$security = SecurityHelper::getInstance(); $security = SecurityHelper::getInstance();
@ -23,9 +24,10 @@ function applyCsrfMiddleware() {
$token = $_POST['csrf_token'] ?? ''; $token = $_POST['csrf_token'] ?? '';
if (!$security->verifyCsrfToken($token)) { if (!$security->verifyCsrfToken($token)) {
// Log CSRF attempt // Log CSRF attempt
$ipAddress = getUserIP();
$logMessage = sprintf( $logMessage = sprintf(
"CSRF attempt detected - IP: %s, Page: %s, User: %s", "CSRF attempt detected - IP: %s, Page: %s, User: %s",
$_SERVER['REMOTE_ADDR'], $ipAddress,
$_GET['page'] ?? 'unknown', $_GET['page'] ?? 'unknown',
$_SESSION['username'] ?? 'anonymous' $_SESSION['username'] ?? 'anonymous'
); );

3
app/includes/rate_limit_middleware.php
View File

@ -1,6 +1,7 @@
<?php <?php
require_once __DIR__ . '/../classes/ratelimiter.php'; require_once __DIR__ . '/../classes/ratelimiter.php';
require_once __DIR__ . '/../helpers/logs.php';
/** /**
* Rate limit middleware for page requests * Rate limit middleware for page requests
@ -14,7 +15,7 @@ function checkRateLimit($database, $endpoint, $userId = null) {
global $app_root; global $app_root;
$isTest = defined('PHPUNIT_RUNNING'); $isTest = defined('PHPUNIT_RUNNING');
$rateLimiter = new RateLimiter($database); $rateLimiter = new RateLimiter($database);
$ipAddress = $_SERVER['REMOTE_ADDR']; $ipAddress = getUserIP();
// Check if request is allowed // Check if request is allowed
if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) { if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) {