From 70cf4cba064abe1796ed353b600136b1a98b7d11 Mon Sep 17 00:00:00 2001
From: Connor Nee <connoratvirgin@gmail.com>
Date: Wed, 4 Jul 2018 16:24:37 +0100
Subject: [PATCH 1/3] Update functions.php

function for accurate client IP address.
---
 functions.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/functions.php b/functions.php
index b34cb05..f5de95f 100644
--- a/functions.php
+++ b/functions.php
@@ -125,3 +125,23 @@ function logs($perms, $column, $pid, $user, $dbcon, $player, $val)
         }
     }
 }
+
+function get_client_ip_server() {
+
+    if ($_SERVER['HTTP_CLIENT_IP'])
+        $Address = $_SERVER['HTTP_CLIENT_IP'];
+    else if($_SERVER['HTTP_X_FORWARDED_FOR'])
+        $Address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    else if($_SERVER['HTTP_X_FORWARDED'])
+        $Address = $_SERVER['HTTP_X_FORWARDED'];
+    else if($_SERVER['HTTP_FORWARDED_FOR'])
+        $Address = $_SERVER['HTTP_FORWARDED_FOR'];
+    else if($_SERVER['HTTP_FORWARDED'])
+        $Address = $_SERVER['HTTP_FORWARDED'];
+    else if($_SERVER['REMOTE_ADDR'])
+        $Address = $_SERVER['REMOTE_ADDR'];
+    else
+        $Address = 'UNKNOWN';
+
+    return $Address;
+}

From c3bc3a4a2d02fb66fc34ce323d16db220d2f1b61 Mon Sep 17 00:00:00 2001
From: Connor Nee <connoratvirgin@gmail.com>
Date: Wed, 4 Jul 2018 16:26:55 +0100
Subject: [PATCH 2/3] Update login.php

implemented the get_client_ip_server() function for accurate client IP address.
---
 login.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/login.php b/login.php
index 426c9f1..7e62552 100755
--- a/login.php
+++ b/login.php
@@ -11,6 +11,7 @@
 
 include 'verifyPanel.php';
 loginconnect();
+function get_client_ip_server()
 
 if (!$dbconL) {
     echo 'Database connection error';
@@ -34,14 +35,14 @@
 
 if ($username && $password) {
     if (!isset($_SESSION['failedLogin'])) {
-        $sql = "SELECT * FROM access WHERE address = '$_SERVER[REMOTE_ADDR]'";
+        $sql = "SELECT * FROM access WHERE address = '$Address'";
         $sqldata = mysqli_query($dbconL, $sql) or die('Connection could not be established - LOG');
 
         if (mysqli_num_rows($sqldata) == 0) {
-            $sqli = "INSERT INTO access (address,failed) VALUES ('$_SERVER[REMOTE_ADDR]',0)";
+            $sqli = "INSERT INTO access (address,failed) VALUES ('$Address',0)";
             $sqlinput = mysqli_query($dbconL, $sqli) or die('Connection could not be established - LOG');
 
-            $sql = "SELECT * FROM access WHERE address = '$_SERVER[REMOTE_ADDR]'";
+            $sql = "SELECT * FROM access WHERE address = '$Address'";
             $sqldata = mysqli_query($dbconL, $sql) or die('Connection could not be established - LOG');
         }
         $user = $sqldata->fetch_object();
@@ -97,7 +98,7 @@
             $_SESSION['perms'] = $perms;
             $_SESSION['failedLogin'] = 0;
 
-            $sqlget = "UPDATE access SET failed = 0 WHERE address = '$_SERVER[REMOTE_ADDR]'";
+            $sqlget = "UPDATE access SET failed = 0 WHERE address = '$Address'";
             $res = mysqli_query($dbconL, $sqlget);
 
             if ($_SESSION['failedLogin'] >= 5) {

From b762449af7e1b90b86eea7cb6e760d32e486ed99 Mon Sep 17 00:00:00 2001
From: Connor Nee <connoratvirgin@gmail.com>
Date: Wed, 4 Jul 2018 16:35:06 +0100
Subject: [PATCH 3/3] Update login.php

---
 login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login.php b/login.php
index 7e62552..3ae9457 100755
--- a/login.php
+++ b/login.php
@@ -11,7 +11,7 @@
 
 include 'verifyPanel.php';
 loginconnect();
-function get_client_ip_server()
+get_client_ip_server()
 
 if (!$dbconL) {
     echo 'Database connection error';