Post by straightlight » Wed Oct 18, 2017 10:11 am

For Opencart v3.0.2.0 release, I have integrated a little addon which was originally found from WeChat in:

- system/storage/vendor/zoujingli/wechat-php-sdk/Wechat/Lib/Tools.php file in order to filter the IP address . The most relevant location to where these types of verifications should be made would be on the:

- catalog/controller/api/login.php file.

Find:

Code: Select all

if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
replace with:

Code: Select all

if (!in_array($this->getIpAddress(), $ip_data)) {
Then, find the last:

Code: Select all

}
at the end of the file. Then, add above - not below:

Code: Select all

protected function getIpAddress() {
        foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP', 'REMOTE_ADDR') as $header) {
            if (!isset($this->request->server[$header]) || ($spoof = $this->request->server[$header]) === NULL) {
                continue;
            }
			
            sscanf($spoof, '%[^,]', $spoof);
			
            if (!filter_var($spoof, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
                $spoof = NULL;
            } else {
                return $spoof;
            }
        }
		
        return '0.0.0.0';
    }

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by kslakhani » Thu Jul 27, 2023 1:26 am

straightlight wrote:
Wed Oct 18, 2017 10:11 am

Code: Select all

protected function getIpAddress() {
        foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP', 'REMOTE_ADDR') as $header) {
            if (!isset($this->request->server[$header]) || ($spoof = $this->request->server[$header]) === NULL) {
                continue;
            }
			
            sscanf($spoof, '%[^,]', $spoof);
			
            if (!filter_var($spoof, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
                $spoof = NULL;
            } else {
                return $spoof;
            }
        }
		
        return '0.0.0.0';
    }
Hi any update on this?

Newbie

Posts

Joined
Wed Apr 05, 2017 11:33 pm

Post by straightlight » Thu Jul 27, 2023 5:14 am

kslakhani wrote:
Thu Jul 27, 2023 1:26 am
straightlight wrote:
Wed Oct 18, 2017 10:11 am

Code: Select all

protected function getIpAddress() {
        foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP', 'REMOTE_ADDR') as $header) {
            if (!isset($this->request->server[$header]) || ($spoof = $this->request->server[$header]) === NULL) {
                continue;
            }
			
            sscanf($spoof, '%[^,]', $spoof);
			
            if (!filter_var($spoof, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
                $spoof = NULL;
            } else {
                return $spoof;
            }
        }
		
        return '0.0.0.0';
    }
Hi any update on this?
With such vague information, without following the forum rules, you may not get much about it. Besides, this topic is quite old. OC v4x releases already uses a new API structure, since.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 27 guests