diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 0a0887f1..71f0d8a1 100644 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -114,6 +114,11 @@ class AdminController extends Controller $form->text('regs_per_ip'); + $form->select('ip_get_method') + ->option('0', trans('options.general.ip_get_method.HTTP_X_FORWARDED_FOR')) + ->option('1', trans('options.general.ip_get_method.REMOTE_ADDR')) + ->hint(); + $form->group('max_upload_file_size') ->text('max_upload_file_size')->addon('KB') ->hint(trans('options.general.max_upload_file_size.hint', ['size' => ini_get('upload_max_filesize')])); diff --git a/app/Services/Utils.php b/app/Services/Utils.php index d9d23a85..02777573 100644 --- a/app/Services/Utils.php +++ b/app/Services/Utils.php @@ -20,12 +20,14 @@ class Utils */ public static function getClientIp() { - if (!empty($_SERVER['HTTP_CLIENT_IP'])) { - $ip = $_SERVER['HTTP_CLIENT_IP']; - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + if (option('ip_get_method') == "0") { + // fallback to REMOTE_ADDR + $ip = array_get( + $_SERVER, 'HTTP_X_FORWARDED_FOR', + array_get($_SERVER, 'HTTP_CLIENT_IP', $_SERVER['REMOTE_ADDR']) + ); } else { - $ip = $_SERVER['REMOTE_ADDR']; + $ip = array_get($_SERVER, 'REMOTE_ADDR'); } return $ip; diff --git a/config/options.php b/config/options.php index 61e055bb..c1b637f2 100644 --- a/config/options.php +++ b/config/options.php @@ -12,6 +12,7 @@ return [ 'site_description' => 'Open-source PHP Minecraft Skin Hosting Service', 'user_can_register' => 'true', 'regs_per_ip' => '3', + 'ip_get_method' => '0', 'api_type' => 'false', 'announcement' => 'Welcome to Blessing Skin Server {version}!', 'color_scheme' => 'skin-blue', diff --git a/resources/lang/en/options.yml b/resources/lang/en/options.yml index cfb422a8..f6b65ff0 100644 --- a/resources/lang/en/options.yml +++ b/resources/lang/en/options.yml @@ -74,6 +74,11 @@ general: title: Open Registration label: Everyone is allowed to register. regs_per_ip: Max accounts of one IP + ip_get_method: + title: Get IP via + HTTP_X_FORWARDED_FOR: HTTP_X_FORWARDED_FOR (can be fabricated) + REMOTE_ADDR: REMOTE_ADDR (isn't suit for sites under load balancer) + hint: We have no method to get the real IP address of client with PHP. max_upload_file_size: title: Max Upload Size hint: "Limit of PHP in php.ini: :size" diff --git a/resources/lang/zh_CN/options.yml b/resources/lang/zh_CN/options.yml index d5120857..72b43abc 100644 --- a/resources/lang/zh_CN/options.yml +++ b/resources/lang/zh_CN/options.yml @@ -74,6 +74,11 @@ general: title: 开放注册 label: 任何人都可以注册 regs_per_ip: 每个 IP 限制注册数 + ip_get_method: + title: IP 获取方式 + HTTP_X_FORWARDED_FOR: HTTP_X_FORWARDED_FOR(可被伪造) + REMOTE_ADDR: REMOTE_ADDR(无法伪造,反代、负载均衡用户不要选) + hint: 皮肤站单靠 PHP 是无法获取客户端真实 IP 的,原因请自行搜索。 max_upload_file_size: title: 最大允许上传大小 hint: PHP 限制::size,定义在 php.ini 中。