lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Gets the client IP from a central place

main
Yasen Pramatarov 2025-02-23 17:58:26 +02:00
parent b4b5a7ac8f
commit 0f6dda44b8
3 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/classes/user.php
View File

@ -90,8 +90,10 @@ class User {
* @return bool True if login is successful, false otherwise.
*/
public function login($username, $password) {
// get client IP address
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
try {
// Get user's IP address
require_once __DIR__ . '/../helpers/logs.php';
$ipAddress = getUserIP();
// Record attempt
$this->rateLimiter->attempt($username, $ipAddress);
@ -117,6 +119,9 @@ class User {
// Get remaining attempts AFTER this failed attempt
$remainingAttempts = $this->rateLimiter->getRemainingAttempts($username, $ipAddress);
throw new Exception("Invalid credentials. {$remainingAttempts} attempts remaining.");
} catch (Exception $e) {
return $e->getMessage();
}
}

4
app/includes/csrf_middleware.php
View File

@ -1,6 +1,7 @@
<?php
require_once __DIR__ . '/../helpers/security.php';
require_once __DIR__ . '/../helpers/logs.php';
function applyCsrfMiddleware() {
$security = SecurityHelper::getInstance();
@ -23,9 +24,10 @@ function applyCsrfMiddleware() {
$token = $_POST['csrf_token'] ?? '';
if (!$security->verifyCsrfToken($token)) {
// Log CSRF attempt
$ipAddress = getUserIP();
$logMessage = sprintf(
"CSRF attempt detected - IP: %s, Page: %s, User: %s",
$_SERVER['REMOTE_ADDR'],
$ipAddress,
$_GET['page'] ?? 'unknown',
$_SESSION['username'] ?? 'anonymous'
);

3
app/includes/rate_limit_middleware.php
View File

@ -1,6 +1,7 @@
<?php
require_once __DIR__ . '/../classes/ratelimiter.php';
require_once __DIR__ . '/../helpers/logs.php';
/**
* Rate limit middleware for page requests
@ -14,7 +15,7 @@ function checkRateLimit($database, $endpoint, $userId = null) {
global $app_root;
$isTest = defined('PHPUNIT_RUNNING');
$rateLimiter = new RateLimiter($database);
$ipAddress = $_SERVER['REMOTE_ADDR'];
$ipAddress = getUserIP();
// Check if request is allowed
if (!$rateLimiter->isPageRequestAllowed($ipAddress, $endpoint, $userId)) {