/** * @covers ::get_remote_addr */ function test_get_remote_addr() { $this->assertEmpty(get_remote_addr()); $_SERVER = ['REMOTE_ADDR' => '10.0.0.2']; $this->assertEquals('10.0.0.2', get_remote_addr()); $_SERVER += ['HTTP_X_FORWARDED_FOR' => '10.0.0.3', 'HTTP_CLIENT_IP' => '10.0.0.4']; $this->assertEquals('10.0.0.3', get_remote_addr(), "HTTP_X_FORWARDED_FOR must be prioritized."); }
require_once Config::ABS_PATH . '/lib/misc.php'; require_once Config::ABS_PATH . '/lib/db.php'; require_once Config::ABS_PATH . '/lib/errors.php'; require_once Config::ABS_PATH . '/lib/logging.php'; require_once Config::ABS_PATH . '/lib/exceptions.php'; try { // Initialization. kotoba_session_start(); if (Config::LANGUAGE != $_SESSION['language']) { require Config::ABS_PATH . "/locale/{$_SESSION['language']}/messages.php"; require Config::ABS_PATH . "/locale/{$_SESSION['language']}/logging.php"; } locale_setup(); $smarty = new SmartyKotobaSetup(); // Check if client banned. if (($ban = bans_check(get_remote_addr())) !== FALSE) { // Cleanup. DataExchange::releaseResources(); $smarty->assign('ip', $_SERVER['REMOTE_ADDR']); $smarty->assign('reason', $ban['reason']); $smarty->display('banned.tpl'); session_destroy(); exit(1); } // Check permission and write message to log file. if (!is_admin()) { // Cleanup. DataExchange::releaseResources(); display_error_page($smarty, new NotAdminError()); exit(1); }
ini_set('session.gc_probability', 1); // Garbage Collection ini_set('session.gc_maxlifetime', 3600); // max session time ini_set('session.cookie_lifetime', 0); // cookie last browser session ini_set('session.auto_start', 0); // don't auto start sessions // how long a session can be inactive define('SESS_MAXLIFE', 3600); // {nocache|private|publuc|private_no_cache} session_cache_limiter('none'); // if we should check IPADDR along with SESSID for enhanced security? define('SESS_IPCHECK', true); // get the remote IPADDR define('SESS_REMOTE_ADDR', get_remote_addr()); // database link needs to be initialized $MY_DBH = null; // make use of persistent database connections? define('DB_PCONNECT', false); // user call-back functions for session events session_set_save_handler('_sess_mysql_open', '_sess_mysql_close', '_sess_mysql_read', '_sess_mysql_write', '_sess_mysql_destroy', '_sess_mysql_gc'); // Kick it, lets get this party started session_start(); // load request data class require_once $base_dir . 'includes/initrequests.php'; require_once $base_dir . 'includes/request.class.php'; // load theme layout class require_once $base_dir . 'themes/' . THEME . '/block.class.php'; // register globals work around, I don't like this and am working // to get rid of it...