Ok, I have resolved the issue. Please check your link and try to login.
The problem
For some reason, your $_SERVER
variables that contain the client IP (like $_SERVER['REMOTE_ADDR']
) are returning multiple IP addresses instead of just one. This in turn caused the filter_var($ip, FILTER_VALIDATE_IP)
to fail. Below is the output I got from $_SERVER['HTTP_X_FORWARDED_FOR']
and $_SERVER['REMOTE_ADDR']
:
171.XX.77.44, 127.0.0.1
171.XX.77.44, 1
I did some research, and apparently some servers may include IP's from "proxy" servers, returning a comma-separated list of IP's instead of a single IP value. See related topics on Stackoverflow:
get-the-client-ip-address-using-php
what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php
Solution
So the solution is quite simple. We need to make sure to only use the first IP in the array. Below is the fix in index.php
function get_client_hash()
:
function get_client_hash(){
foreach(array('HTTP_CLIENT_IP','HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED','HTTP_FORWARDED_FOR','HTTP_FORWARDED','REMOTE_ADDR') as $key){
$ip = isset($_SERVER[$key]) && !empty($_SERVER[$key]) ? explode(',', $_SERVER[$key])[0] : false;
if($ip && filter_var($ip, FILTER_VALIDATE_IP)) return md5($ip . $_SERVER['HTTP_USER_AGENT'] . __FILE__ . $_SERVER['HTTP_HOST']);
}
error('Invalid IP', 401);
}
* This fix will be included in next release 0.6.0 coming soon.