<!-- $Header: d:\cvs/3.8/Proxy-to-real-ip/Proxy-to-real-ip.txt,v 1.1 2008/10/04 19:57:57 pem Exp $ -->

Paul Marsden Proxy IP Hack Modification for vBulletin 3.8
=========================================================

* This makes your forum aways use the real ip when a proxy server is detected, the proxy ip is recorded in an extra field but then ignored.

* This allows all vBulletin ip based functions, such as ip searching, who's online and ip banning to work correctly.


vB uses two global variables IPADDRESS and ALT_IP, this hack also adds a third - PROXYIP.

If no proxy is detected then IPADDRESS is set to the real ip, ALT_IP is set to the real ip and PROXYIP is set to blank.
If a proxy server is detected then IPADDRESS is set to the real ip, ALT_IP is set to the proxy ip and PROXYIP is set to the proxy ip.



Step 1.

In class_core.php ;

Find ;

	function fetch_ip()
	{
		return $_SERVER['REMOTE_ADDR'];
	}


Add below it ;

	/*
	Paul M - Try to detect real ip when proxy is in use.
	*/
	function fetch_real_ip()
	{
		$real_ip = ''; 
		$ignoreprivate = false;	
		if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
		{
			$real_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; 
		}
		else if (isset($_SERVER['HTTP_CLIENT_IP'])) 
		{
			$real_ip = $_SERVER['HTTP_CLIENT_IP']; 
		}
		else if (isset($_SERVER['HTTP_FROM'])) 
		{
			$real_ip = $_SERVER['HTTP_FROM']; 
		}
		if (preg_match("#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#", $real_ip, $iplist))
		{
			$real_ip = $iplist[0]; 
			if ($ignoreprivate AND preg_match("#^(127|10|172\.(1[6-9]|2[0-9]|3[0-1])|192\.168|169\.254)\.#", $real_ip))
			{ 
				$real_ip = ''; 
			} 
		}
		else  
		{
			$real_ip = ''; 
		}
		return $real_ip;
	}



Step 2.

In class_core.php ;

Find ;

		// fetch client IP address
		$registry->ipaddress = $this->fetch_ip();
		define('IPADDRESS', $registry->ipaddress);

		// attempt to fetch IP address from behind proxies - useful, but don't rely on it...
		$registry->alt_ip = $this->fetch_alt_ip();
		define('ALT_IP', $registry->alt_ip);


Replace with ;

		// Paul M - Set Real, Alt & Proxy IP addresses
		$registry->ipaddress = $this->fetch_ip();
		$registry->alt_ip = $this->fetch_alt_ip();
		$registry->real_ip = $this->fetch_real_ip();
		define('ALT_IP', $registry->alt_ip);
		if ($registry->real_ip)
		{
			define('PROXYIP', $registry->ipaddress);
			define('IPADDRESS', $registry->real_ip); 
		}
		else
		{
			define('PROXYIP', ''); 
			define('IPADDRESS', $registry->ipaddress);
		}




Step 3.

In class_core.php ;

Find ;

		// define session constants
		define('SESSION_HOST',   substr($registry->ipaddress, 0, 15));


Replace with ;

		// Paul M - Define session host
		define('SESSION_HOST',   substr(IPADDRESS, 0, 15));



Step 4.

In class_core.php ;

Find ;

		if (!defined('SESSION_IDHASH'))
		{
			define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . $this->fetch_substr_ip($registry->alt_ip))); // this should *never* change during a session
		}


Replace with ;

		if (!defined('SESSION_IDHASH'))
		{
			// Paul M - Define session id
			define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . vB_Session::fetch_substr_ip(IPADDRESS)));
		}



Step 5.

Upload px.gif to your /images/buttons folder.



Step 6.

Upload the hack as a product using the supplied XML file - make sure that 'Allow Overwrite' is set to yes before importing.


