#==== Start 2-7-06 Changes ================================
Since i forgot to change it before i released it, here is a fix. This will stop letting users fake an IP, assuming they know how, which the average person doesn't.
OPEN
includes/phpbb_security.php
FIND
Code:
function phpBBSecurity_IP()
{
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown'))
return getenv('HTTP_CLIENT_IP');
elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown'))
return getenv('HTTP_X_FORWARDED_FOR');
elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown'))
return getenv('REMOTE_ADDR');
elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown'))
return $_SERVER['REMOTE_ADDR'];
else
return 'unknown';
}
REPLACE WITH
Code:
function phpBBSecurity_IP()
{
if (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown'))
return getenv('REMOTE_ADDR');
elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown'))
return $_SERVER['REMOTE_ADDR'];
else
return 'unknown';
}
CLOSE & SAVE
#==== End 2-7-06 Changes =================================
YOUR USERS MUST HAVE COOKIES ENABLED OR THEY WILL NOT BE ABLE
TO SET THEIR SQ & ANSWER!
That is mainly an issue with Firefox users, simple way out is tell
them to load your site with IE & fill in their SQ & Answer, then they
can return to Firefox browsing.
Bu forumu görüntüleyenler: Kayıtlı kullanıcı yok ve 0 misafir