Access control system description.

[fa-stable.git] / admin / db / users_db.inc

diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc
index d7ac2e64acd35348acc078b2f566c29dbc362274..3f484639e442843993559a8a2b28e053cf0f7e96 100644 (file)
--- a/admin/db/users_db.inc
+++ b/admin/db/users_db.inc
@@ -171,16 +171,32 @@ function show_users_online()
 
        $timestamp=time();
        $timeout=$timestamp-$timeoutseconds;
-       $ip = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'],"."));
-
-       // Add user to database
-       $loopcap = 0;
-       while($loopcap<3 && db_query("INSERT INTO ".TB_PREF."useronline VALUES('". $timestamp ."','". $ip ."','". $_SERVER['PHP_SELF'] ."')"))
-       {     // In geval van error
-           $timestamp = $timestamp+$ip{0}; 
-           $loopcap++;
+       /*
+       This will find out if user is from behind proxy server. 
+       In that case, the script would count them all as 1 user.
+       This function tryes to get real IP address.
+       */
+       if (isset($_SERVER['HTTP_CLIENT_IP'])) {
+               $ip = $_SERVER['HTTP_CLIENT_IP'];
+       }
+       elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+               $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+       }
+       elseif (isset($_SERVER['HTTP_X_FORWARDED'])) {
+               $ip = $_SERVER['HTTP_X_FORWARDED'];
+       }
+       elseif (isset($_SERVER['HTTP_FORWARDED_FOR'])) {
+               $ip = $_SERVER['HTTP_FORWARDED_FOR'];
+       }
+       elseif (isset($_SERVER['HTTP_FORWARDED'])) {
+               $ip = $_SERVER['HTTP_FORWARDED'];
+       }
+       else {
+               $ip = $_SERVER['REMOTE_ADDR'];
        }
 
+       // Add user to database
+       db_query("INSERT INTO ".TB_PREF."useronline (timestamp, ip, file) VALUES ('". $timestamp ."','". $ip ."','". $_SERVER['PHP_SELF'] ."')");
        //Remove users that were not online within $timeoutseconds.
        db_query("DELETE FROM ".TB_PREF."useronline WHERE timestamp<". $timeout);