Detect ip6 with admin login #1084
Conversation
| @@ -301,6 +301,7 @@ function mb_strtolower($string) | |||
| if (!empty($GLOBALS['require_login'])) { | |||
| //bth 7.1.2015 to support x-forwarded-for | |||
| $remoteAddr = getClientIP(); | |||
| $isIP4 = preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $remoteAddr); | |||
There was a problem hiding this comment.
The regex is returning false positives. This doesn't impact the result in this case (since the IP is coming from the request} filter_var($remoteAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false is a more reliable option
There was a problem hiding this comment.
yeah, I was looking at that as well, but went the simple option. I think the regex will do, as it's a simple match, and as you say, we're not validating the IP address, just checking that it's IPv4 vs IPv6. Not sure how fast the filter_var option is in comparison.
|
I cannot see anywhere that needs to distinguish between v4 and v6 addresses. Is it valid for a session to change from a v4 address to a v6 address? But I don't think that is handled anyway. I think it would be clearer to use just one field on the admin_login table rather than two. The remote_ip6 is already large enough so use that field regardless and rename it. There is also a use of the admin_login table in upgrade.php that needs changing. |
|
I'd rather not unnecessarily change database tables. I made the choice at the time to have two columns and who knows, this may come in useful at some point. |
Description
on the admin remote IP login check, detect that it is an IPv6 address and use it like that.
Related Issue
Screenshots (if appropriate):