feat: add isPrivateIP helper, fix getUserIP and addToLog

2026-04-20 21:44:32 +02:00
parent 15720489ba
commit 75ead2f5ad
1 changed files with 34 additions and 20 deletions
--- a/src/helpers.php
+++ b/src/helpers.php
@@ -11,25 +11,39 @@ function renderTemplate($templatename,$variables=[],$basepath=ROOT.'/src')
        include($basepath . DS . 'templates' . DS . $templatename);
    $rendered = ob_get_contents();
    ob_end_clean();
    return $rendered;
 }
-function addToLog($data)
+function addToLog(string $data): void
 {
    $data = str_replace(["\n", "\r", "\t"], ' ', $data);
    $fp = fopen(ROOT . DS . 'logs' . DS . 'app.log', 'a');
    fwrite($fp, date("d.m.y H:i") . "\t" . $data . "\n");
    fclose($fp);
 }
-function getUserIP()
+function getUserIP(): string
 {
-    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
-        $ip = $_SERVER['HTTP_CLIENT_IP'];
+        return trim(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0]);
-    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    return $_SERVER['REMOTE_ADDR'];
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
 }
-    return $ip;
+
 function isPrivateIP(string $ip): bool
 {
    if (filter_var($ip, FILTER_VALIDATE_IP) === false) return true;
    $long = ip2long($ip);
    if ($long === false) return true;
    foreach ([
        [ip2long('127.0.0.0'),   0xFF000000], // 127.0.0.0/8  loopback
        [ip2long('10.0.0.0'),    0xFF000000], // 10.0.0.0/8   RFC1918
        [ip2long('172.16.0.0'),  0xFFF00000], // 172.16.0.0/12 RFC1918
        [ip2long('192.168.0.0'), 0xFFFF0000], // 192.168.0.0/16 RFC1918
        [ip2long('169.254.0.0'), 0xFFFF0000], // 169.254.0.0/16 link-local/metadata
    ] as [$base, $mask]) {
        if (($long & $mask) === ($base & $mask)) return true;
    }
    return false;
 }