Commit 6e2ef9bc authored by Michael Stucki's avatar Michael Stucki
Browse files

t3a-members.php: Check REMOTE_ADDR instead of proxy header

parent 0a2600a1
Pipeline #8988 passed with stages
in 6 minutes and 39 seconds
......@@ -16,12 +16,12 @@ if (empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && empty($_SERVER['HTTPS'])) {
header('HTTP/1.0 403 Forbidden');
die('Not using HTTPS');
}
if (isset($apiKeys[$_SERVER['HTTP_X_FORWARDED_FOR']]) && $apiKeys[$_SERVER['HTTP_X_FORWARDED_FOR']] === $_GET['apiKey']) {
if (isset($apiKeys[$_SERVER['REMOTE_ADDR']]) && $apiKeys[$_SERVER['REMOTE_ADDR']] === $_GET['apiKey']) {
echo printAssociationMembers();
} else {
syslog(
LOG_NOTICE,
't3a-members.php: API key for remote address ' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ' not found or invalid.'
't3a-members.php: API key for remote address ' . $_SERVER['REMOTE_ADDR'] . ' not found or invalid.'
);
header('HTTP/1.0 403 Forbidden');
die('Invalid token');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment