/** * Hook function for RecentChange_save * Saves user data into the cu_changes table */ function efUpdateCheckUserData($rc) { global $wgUser; // Extract params extract($rc->mAttribs); // Get IP $ip = wfGetIP(); // Get XFF header $xff = wfGetForwardedFor(); list($xff_ip, $trusted) = efGetClientIPfromXFF($xff); // Our squid XFFs can flood this up sometimes $isSquidOnly = efXFFChainIsSquid($xff); // Get agent $agent = wfGetAgent(); // Store the log action text for log events // $rc_comment should just be the log_comment // BC: check if log_type and log_action exists // If not, then $rc_comment is the actiontext and comment if (isset($rc_log_type) && $rc_type == RC_LOG) { $target = Title::makeTitle($rc_namespace, $rc_title); $actionText = LogPage::actionText($rc_log_type, $rc_log_action, $target, NULL, explode('\\n', $rc_params)); } else { $actionText = ''; } $dbw = wfGetDB(DB_MASTER); $cuc_id = $dbw->nextSequenceValue('cu_changes_cu_id_seq'); $rcRow = array('cuc_id' => $cuc_id, 'cuc_namespace' => $rc_namespace, 'cuc_title' => $rc_title, 'cuc_minor' => $rc_minor, 'cuc_user' => $rc_user, 'cuc_user_text' => $rc_user_text, 'cuc_actiontext' => $actionText, 'cuc_comment' => $rc_comment, 'cuc_this_oldid' => $rc_this_oldid, 'cuc_last_oldid' => $rc_last_oldid, 'cuc_type' => $rc_type, 'cuc_timestamp' => $rc_timestamp, 'cuc_ip' => IP::sanitizeIP($ip), 'cuc_ip_hex' => $ip ? IP::toHex($ip) : null, 'cuc_xff' => !$isSquidOnly ? $xff : '', 'cuc_xff_hex' => $xff_ip && !$isSquidOnly ? IP::toHex($xff_ip) : null, 'cuc_agent' => $agent); ## On PG, MW unsets cur_id due to schema incompatibilites. So it may not be set! if (isset($rc_cur_id)) { $rcRow['cuc_page_id'] = $rc_cur_id; } $dbw->insert('cu_changes', $rcRow, __METHOD__); # Every 100th edit, prune the checkuser changes table. wfSeedRandom(); if (0 == mt_rand(0, 99)) { # Periodically flush old entries from the recentchanges table. global $wgCUDMaxAge; $cutoff = $dbw->timestamp(time() - $wgCUDMaxAge); $recentchanges = $dbw->tableName('cu_changes'); $sql = "DELETE FROM {$recentchanges} WHERE cuc_timestamp < '{$cutoff}'"; $dbw->query($sql); } return true; }
/** Work out the IP address based on various globals */ function wfGetIP() { global $wgSquidServers, $wgSquidServersNoPurge, $wgIP; # Return cached result if (!empty($wgIP)) { return $wgIP; } /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array($_SERVER['REMOTE_ADDR']); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Get list of trusted proxies # Flipped for quicker access $trustedProxies = array_flip(array_merge($wgSquidServers, $wgSquidServersNoPurge)); if (count($trustedProxies)) { # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { if (array_key_exists($curIP, $trustedProxies)) { if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } else { break; } } } wfDebug("IP: {$ip}\n"); $wgIP = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * @return string */ function wfGetIP() { global $wgIP; # Return cached result if (!empty($wgIP)) { return $wgIP; } /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } else { break; } } if (strpos($ip, "192.168.100") !== false) { $msg = "wfGetIP: Bad IP {$ip} " . print_r($_SERVER, true) . print_r($wgUser, true) . wfBacktrace() . "\n"; wfDebug($msg); } wfDebug("IP: {$ip}\n"); $wgIP = $ip; return $ip; }
/** * Work out the IP address based on various globals * For trusted proxies, use the XFF client IP (first of the chain) * @return string */ function wfGetIP() { global $wgUsePrivateIPs, $wgCommandLineMode; static $ip = false; # Return cached result if (!empty($ip)) { return $ip; } $ipchain = array(); /* collect the originating ips */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ip = IP::canonicalize($_SERVER['REMOTE_ADDR']); } elseif ($wgCommandLineMode) { $ip = '127.0.0.1'; } if ($ip) { $ipchain[] = $ip; } # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } # Step through XFF list and find the last address in the list which is a trusted server # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) foreach ($ipchain as $i => $curIP) { $curIP = IP::canonicalize($curIP); if (wfIsTrustedProxy($curIP)) { if (isset($ipchain[$i + 1])) { if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) { $ip = $ipchain[$i + 1]; } } } else { break; } } # Allow extensions to improve our guess wfRunHooks('GetIP', array(&$ip)); if (!$ip) { throw new MWException("Unable to determine IP"); } wfDebug("IP: {$ip}\n"); return $ip; }
static function getCurrUserName() { global $wgUser, $wgSquidServers; global $wgUsePrivateIPs; if (self::$anon_forwarded_for === true && $wgUser->isAnon()) { /* collect the originating IPs borrowed from ProxyTools::wfGetIP bypass trusted proxies list check */ # Client connecting to this webserver if (isset($_SERVER['REMOTE_ADDR'])) { $ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR'])); } else { # Running on CLI? $ipchain = array('127.0.0.1'); } $ip = $ipchain[0]; # Append XFF on to $ipchain $forwardedFor = wfGetForwardedFor(); if (isset($forwardedFor)) { $xff = array_map('trim', explode(',', $forwardedFor)); $xff = array_reverse($xff); $ipchain = array_merge($ipchain, $xff); } $username = ""; foreach ($ipchain as $i => $curIP) { if ($wgUsePrivateIPs || IP::isPublic($curIP)) { $username .= IP::canonicalize($curIP) . '/'; } } if ($username != "") { # remove trailing slash $username = substr($username, 0, strlen($username) - 1); } else { $username .= IP::canonicalize($ipchain[0]); } } else { $username = $wgUser->getName(); } return $username; }