There was a problem. Previously, the code worked fine through REMOTE_ADDR. We decided to install DDOS Protect. From this moment we get the real IP following the example of the getUserIP() script, since returns proxy IP. But why does my code return false, although in the example of the code a little lower the string is 100% identical. What am I doing wrong?

<?php
    function getUserIP()
    {
        if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
                  $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
                  $_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
        }
        $client  = @$_SERVER['HTTP_CLIENT_IP'];
        $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
        $remote  = $_SERVER['REMOTE_ADDR'];

        if(filter_var($client, FILTER_VALIDATE_IP))
        {
            $ip = $client;
        }
        elseif(filter_var($forward, FILTER_VALIDATE_IP))
        {
            $ip = $forward;
        }
        else
        {
            $ip = $remote;
        }

        return $ip;
    }

    $real_ip = getUserIP();
    echo $real_ip."<br>"; //my real IP from DDOS Protect == 109.237.13.17

    function isAllowed($ip) {
        global $link;
        $whitelist = array('111.111.111.111', '109.237.13.*', '68.71.44.*');
        if(in_array($ip, $whitelist)) {
            return true;
        }
        else {
            foreach($whitelist as $i){
                $wildcardPos = strpos($i, "*");
                if($wildcardPos !== false && substr($real_ip, 0, $wildcardPos) . "*" == $i)
                    return true;
            }
        }
        return false;
    }
    echo isAllowed($real_ip) ? 'true' : 'false'."<br>"; // HERE IS FALSE

    //FOR TEST ECHO
    $whitelist = array('111.111.111.111', '109.237.13.*', '68.71.44.*');
    if(in_array($ip, $whitelist)) {
        echo "IP IN ARRAY == TRUE";
    }
    else {
        foreach($whitelist as $i){
            $wildcardPos = strpos($i, "*");
            if($wildcardPos !== false && substr($real_ip, 0, $wildcardPos) . "*" == $i)
                echo substr($real_ip, 0, $wildcardPos) . "*"."   ==   ".$i."<br>"; // BUT HERE ALL IS TRUE
        }
    }    
?>

At the exit:

109.237.13.17 false 109.237.13.* == 109.237.13.*

1 Answers

0
Community On

FIXED: I add

global $real_ip;

inside isAllowed function