From b85052ea37ca9b5a26ec044dc3e735737fc0ad77 Mon Sep 17 00:00:00 2001 From: TheCartpenter Date: Thu, 16 May 2024 10:38:23 -0400 Subject: [PATCH] Added oc_get_ip() function as per MB --- upload/admin/controller/common/login.php | 2 +- .../controller/extension/payment/squareup.php | 12 ++++++------ upload/admin/controller/mail/forgotten.php | 2 +- upload/admin/controller/sale/order.php | 8 ++++---- upload/admin/controller/user/api.php | 2 +- .../model/extension/payment/bluepay_hosted.php | 12 ++++++------ .../extension/payment/bluepay_redirect.php | 12 ++++++------ upload/catalog/controller/account/login.php | 2 +- upload/catalog/controller/api/login.php | 6 +++--- upload/catalog/controller/api/order.php | 2 +- upload/catalog/controller/checkout/confirm.php | 2 +- upload/catalog/controller/common/footer.php | 4 ++-- .../controller/extension/captcha/google.php | 2 +- .../extension/module/paypal_smart_button.php | 2 +- .../extension/payment/authorizenet_aim.php | 2 +- .../extension/payment/authorizenet_sim.php | 2 +- .../extension/payment/bluepay_redirect.php | 4 ++-- .../controller/extension/payment/eway.php | 2 +- .../controller/extension/payment/opayo.php | 10 +++++----- .../controller/extension/payment/paypal.php | 18 +++++++++--------- .../extension/payment/perpetual_payments.php | 2 +- .../controller/extension/payment/pilibaba.php | 2 +- .../extension/payment/sagepay_direct.php | 8 ++++---- .../extension/payment/sagepay_server.php | 8 ++++---- .../controller/extension/payment/squareup.php | 4 ++-- .../controller/extension/payment/worldpay.php | 4 ++-- upload/catalog/controller/mail/forgotten.php | 2 +- upload/catalog/controller/mail/gdpr.php | 2 +- upload/catalog/controller/product/search.php | 4 ++-- .../catalog/controller/startup/marketing.php | 4 ++-- upload/catalog/controller/startup/session.php | 2 +- upload/catalog/model/account/activity.php | 2 +- upload/catalog/model/account/customer.php | 6 +++--- .../extension/payment/amazon_login_pay.php | 2 +- upload/catalog/model/setting/api.php | 2 +- upload/system/helper/general.php | 13 +++++++++++++ upload/system/library/cart/customer.php | 4 ++-- upload/system/library/cart/user.php | 2 +- upload/system/startup.php | 5 +++++ 39 files changed, 102 insertions(+), 84 deletions(-) diff --git a/upload/admin/controller/common/login.php b/upload/admin/controller/common/login.php index 5c3569863..36d7ad774 100644 --- a/upload/admin/controller/common/login.php +++ b/upload/admin/controller/common/login.php @@ -128,7 +128,7 @@ protected function validate(): bool { $this->session->data['user_token'] = oc_token(32); $login_data = [ - 'ip' => $this->request->server['REMOTE_ADDR'], + 'ip' => oc_get_ip(), 'user_agent' => $this->request->server['HTTP_USER_AGENT'] ]; diff --git a/upload/admin/controller/extension/payment/squareup.php b/upload/admin/controller/extension/payment/squareup.php index 3094da0f7..0c1bb93a9 100644 --- a/upload/admin/controller/extension/payment/squareup.php +++ b/upload/admin/controller/extension/payment/squareup.php @@ -294,7 +294,7 @@ public function index(): void { $session->start(); $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -442,7 +442,7 @@ public function transaction_info(): void { $session->start(); $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -835,7 +835,7 @@ public function order(): string { $session->start(); $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -913,7 +913,7 @@ public function recurringButtons(): string { $session->start(); $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -993,8 +993,8 @@ public function addRecurringReport(): void { if (!$order_recurring_report_info) { $json['error'] = $this->language->get('error_recurring_report'); } else { - if (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/admin/controller/mail/forgotten.php b/upload/admin/controller/mail/forgotten.php index bcd271a7b..840ee9df2 100644 --- a/upload/admin/controller/mail/forgotten.php +++ b/upload/admin/controller/mail/forgotten.php @@ -25,7 +25,7 @@ public function deny(string &$route, array &$args, &$output): void { $data['text_greeting'] = sprintf($this->language->get('text_greeting'), $store_name); $data['reset'] = $this->url->link('common/reset', 'email=' . urlencode($args[0]) . '&code=' . $args[1], true); - $data['ip'] = $this->request->server['REMOTE_ADDR']; + $data['ip'] = oc_get_ip(); $data['store'] = $store_name; $data['store_url'] = $this->config->get('config_store_url'); diff --git a/upload/admin/controller/sale/order.php b/upload/admin/controller/sale/order.php index f060e5b62..3457d9b69 100644 --- a/upload/admin/controller/sale/order.php +++ b/upload/admin/controller/sale/order.php @@ -419,7 +419,7 @@ protected function getList(): void { $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -758,7 +758,7 @@ public function getForm(): void { $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; @@ -792,7 +792,7 @@ public function info(): void { $this->document->setTitle($this->language->get('heading_title')); - $data['text_ip_add'] = sprintf($this->language->get('text_ip_add'), $this->request->server['REMOTE_ADDR']); + $data['text_ip_add'] = sprintf($this->language->get('text_ip_add'), oc_get_ip()); $data['text_order'] = sprintf($this->language->get('text_order'), $this->request->get['order_id']); $url = ''; @@ -1344,7 +1344,7 @@ public function info(): void { $session->start(); $this->model_user_api->deleteSessionBySessionId($session->getId()); - $this->model_user_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_user_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; diff --git a/upload/admin/controller/user/api.php b/upload/admin/controller/user/api.php index 84fd732be..d1b51b5ec 100644 --- a/upload/admin/controller/user/api.php +++ b/upload/admin/controller/user/api.php @@ -292,7 +292,7 @@ protected function getList(): void { */ protected function getForm(): void { $data['text_form'] = !isset($this->request->get['api_id']) ? $this->language->get('text_add') : $this->language->get('text_edit'); - $data['text_ip'] = sprintf($this->language->get('text_ip'), $this->request->server['REMOTE_ADDR']); + $data['text_ip'] = sprintf($this->language->get('text_ip'), oc_get_ip()); $data['user_token'] = $this->session->data['user_token']; diff --git a/upload/admin/model/extension/payment/bluepay_hosted.php b/upload/admin/model/extension/payment/bluepay_hosted.php index 8c9fdc0a2..ddce947fe 100644 --- a/upload/admin/model/extension/payment/bluepay_hosted.php +++ b/upload/admin/model/extension/payment/bluepay_hosted.php @@ -96,8 +96,8 @@ public function void(int $order_id): array { $tamper_proof_data = $this->config->get('payment_bluepay_hosted_secret_key') . $void_data['MERCHANT'] . $void_data['TRANSACTION_TYPE'] . $void_data['RRNO'] . $void_data['MODE']; $void_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $void_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $void_data['REMOTE_IP'] = oc_get_ip(); } $this->logger('$void_data:\r\n' . print_r($void_data, 1)); @@ -150,8 +150,8 @@ public function release(int $order_id, float $amount): array { $release_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $release_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $release_data['REMOTE_IP'] = oc_get_ip(); } return $this->sendCurl('https://secure.bluepay.com/interfaces/bp10emu', $release_data); @@ -197,8 +197,8 @@ public function rebate(int $order_id, float $amount): array { $tamper_proof_data = $this->config->get('payment_bluepay_hosted_secret_key') . $rebate_data['MERCHANT'] . $rebate_data['TRANSACTION_TYPE'] . $rebate_data['AMOUNT'] . $rebate_data['RRNO'] . $rebate_data['MODE']; $rebate_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $rebate_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $rebate_data['REMOTE_IP'] = oc_get_ip(); } return $this->sendCurl('https://secure.bluepay.com/interfaces/bp10emu', $rebate_data); diff --git a/upload/admin/model/extension/payment/bluepay_redirect.php b/upload/admin/model/extension/payment/bluepay_redirect.php index 15033332b..6dabb4f43 100644 --- a/upload/admin/model/extension/payment/bluepay_redirect.php +++ b/upload/admin/model/extension/payment/bluepay_redirect.php @@ -83,8 +83,8 @@ public function void(int $order_id): array { $tamper_proof_data = $this->config->get('payment_bluepay_redirect_secret_key') . $void_data['MERCHANT'] . $void_data['TRANSACTION_TYPE'] . $void_data['RRNO'] . $void_data['MODE']; $void_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $void_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $void_data['REMOTE_IP'] = oc_get_ip(); } return $this->sendCurl('https://secure.bluepay.com/interfaces/bp10emu', $void_data); @@ -132,8 +132,8 @@ public function release(int $order_id, float $amount): array { $tamper_proof_data = $this->config->get('payment_bluepay_redirect_secret_key') . $release_data['MERCHANT'] . $release_data['TRANSACTION_TYPE'] . $release_data['AMOUNT'] . $release_data['RRNO'] . $release_data['MODE']; $release_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $release_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $release_data['REMOTE_IP'] = oc_get_ip(); } return $this->sendCurl('https://secure.bluepay.com/interfaces/bp10emu', $release_data); @@ -179,8 +179,8 @@ public function rebate(int $order_id, float $amount): array { $tamper_proof_data = $this->config->get('payment_bluepay_redirect_secret_key') . $rebate_data['MERCHANT'] . $rebate_data['TRANSACTION_TYPE'] . $rebate_data['AMOUNT'] . $rebate_data['RRNO'] . $rebate_data['MODE']; $rebate_data['TAMPER_PROOF_SEAL'] = md5($tamper_proof_data); - if (isset($this->request->server['REMOTE_ADDR'])) { - $rebate_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $rebate_data['REMOTE_IP'] = oc_get_ip(); } return $this->sendCurl('https://secure.bluepay.com/interfaces/bp10emu', $rebate_data); diff --git a/upload/catalog/controller/account/login.php b/upload/catalog/controller/account/login.php index 3b29ed4d1..36a0fd8ae 100644 --- a/upload/catalog/controller/account/login.php +++ b/upload/catalog/controller/account/login.php @@ -211,7 +211,7 @@ protected function validate(): bool { $this->model_account_customer->addLoginAttempt($this->request->post['email']); } else { - $this->model_account_customer->addLogin($this->customer->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_account_customer->addLogin($this->customer->getId(), oc_get_ip()); // Create customer token $this->session->data['customer_token'] = oc_token(26); diff --git a/upload/catalog/controller/api/login.php b/upload/catalog/controller/api/login.php index b42e3302c..76f0cac21 100644 --- a/upload/catalog/controller/api/login.php +++ b/upload/catalog/controller/api/login.php @@ -35,8 +35,8 @@ public function index(): void { $ip_data[] = trim($result['ip']); } - if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) { - $json['error']['ip'] = sprintf($this->language->get('error_ip'), $this->request->server['REMOTE_ADDR']); + if (!in_array(oc_get_ip(), $ip_data)) { + $json['error']['ip'] = sprintf($this->language->get('error_ip'), oc_get_ip()); } if (!$json) { @@ -46,7 +46,7 @@ public function index(): void { $session = new \Session($this->config->get('session_engine'), $this->registry); $session->start(); - $this->model_account_api->addSession($api_info['api_id'], $session->getId(), $this->request->server['REMOTE_ADDR']); + $this->model_account_api->addSession($api_info['api_id'], $session->getId(), oc_get_ip()); $session->data['api_id'] = $api_info['api_id']; diff --git a/upload/catalog/controller/api/order.php b/upload/catalog/controller/api/order.php index 369c71135..f97a39c4c 100644 --- a/upload/catalog/controller/api/order.php +++ b/upload/catalog/controller/api/order.php @@ -342,7 +342,7 @@ public function add(): void { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; diff --git a/upload/catalog/controller/checkout/confirm.php b/upload/catalog/controller/checkout/confirm.php index 58551e602..dba4f6d61 100644 --- a/upload/catalog/controller/checkout/confirm.php +++ b/upload/catalog/controller/checkout/confirm.php @@ -318,7 +318,7 @@ public function index(): void { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; diff --git a/upload/catalog/controller/common/footer.php b/upload/catalog/controller/common/footer.php index 4832f2c6f..60b2fe0f4 100644 --- a/upload/catalog/controller/common/footer.php +++ b/upload/catalog/controller/common/footer.php @@ -49,8 +49,8 @@ public function index(): string { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/captcha/google.php b/upload/catalog/controller/extension/captcha/google.php index 0c51bc7ee..f10611fbf 100644 --- a/upload/catalog/controller/extension/captcha/google.php +++ b/upload/catalog/controller/extension/captcha/google.php @@ -40,7 +40,7 @@ public function validate(): string { return $this->language->get('error_captcha'); } - $recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']); + $recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . oc_get_ip()); $recaptcha = json_decode($recaptcha, true); if ((!isset($recaptcha['success']) || !$recaptcha['success']) || (!isset($this->session->data['gcaptcha'])) || ($this->session->data['gcaptcha'] != $this->request->post['g-recaptcha-response'])) { diff --git a/upload/catalog/controller/extension/module/paypal_smart_button.php b/upload/catalog/controller/extension/module/paypal_smart_button.php index c61cbd3a2..c524c2222 100644 --- a/upload/catalog/controller/extension/module/paypal_smart_button.php +++ b/upload/catalog/controller/extension/module/paypal_smart_button.php @@ -1207,7 +1207,7 @@ public function completeOrder(): void { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; diff --git a/upload/catalog/controller/extension/payment/authorizenet_aim.php b/upload/catalog/controller/extension/payment/authorizenet_aim.php index aacc5592b..bff640e21 100644 --- a/upload/catalog/controller/extension/payment/authorizenet_aim.php +++ b/upload/catalog/controller/extension/payment/authorizenet_aim.php @@ -85,7 +85,7 @@ public function send(): void { $post_data['x_zip'] = $order_info['payment_postcode']; $post_data['x_country'] = $order_info['payment_country']; $post_data['x_phone'] = $order_info['telephone']; - $post_data['x_customer_ip'] = $this->request->server['REMOTE_ADDR']; + $post_data['x_customer_ip'] = oc_get_ip(); $post_data['x_email'] = $order_info['email']; $post_data['x_description'] = html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'); $post_data['x_amount'] = $this->currency->format($order_info['total'], $order_info['currency_code'], 1.00000, false); diff --git a/upload/catalog/controller/extension/payment/authorizenet_sim.php b/upload/catalog/controller/extension/payment/authorizenet_sim.php index 57045add6..af0486fea 100644 --- a/upload/catalog/controller/extension/payment/authorizenet_sim.php +++ b/upload/catalog/controller/extension/payment/authorizenet_sim.php @@ -46,7 +46,7 @@ public function index(): string { $data['x_ship_to_state'] = $order_info['shipping_zone']; $data['x_ship_to_zip'] = $order_info['shipping_postcode']; $data['x_ship_to_country'] = $order_info['shipping_country']; - $data['x_customer_ip'] = $this->request->server['REMOTE_ADDR']; + $data['x_customer_ip'] = oc_get_ip(); $data['x_email'] = $order_info['email']; $data['x_relay_response'] = 'true'; diff --git a/upload/catalog/controller/extension/payment/bluepay_redirect.php b/upload/catalog/controller/extension/payment/bluepay_redirect.php index 4e885dafb..a6b9eaa23 100644 --- a/upload/catalog/controller/extension/payment/bluepay_redirect.php +++ b/upload/catalog/controller/extension/payment/bluepay_redirect.php @@ -98,8 +98,8 @@ public function send(): void { $post_data['DECLINED_URL'] = $this->url->link('extension/payment/bluepay_redirect/callback', '', true); $post_data['MISSING_URL'] = $this->url->link('extension/payment/bluepay_redirect/callback', '', true); - if (isset($this->request->server['REMOTE_ADDR'])) { - $post_data['REMOTE_IP'] = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $post_data['REMOTE_IP'] = oc_get_ip(); } $tamper_proof_data = $this->config->get('payment_bluepay_redirect_secret_key') . $post_data['MERCHANT'] . $post_data['TRANSACTION_TYPE'] . $post_data['AMOUNT'] . $post_data['RRNO'] . $post_data['MODE']; diff --git a/upload/catalog/controller/extension/payment/eway.php b/upload/catalog/controller/extension/payment/eway.php index 272f8e87e..781099231 100644 --- a/upload/catalog/controller/extension/payment/eway.php +++ b/upload/catalog/controller/extension/payment/eway.php @@ -147,7 +147,7 @@ public function index(): string { $request->TransactionType = 'Purchase'; $request->DeviceID = 'opencart-' . VERSION . ' eway-trans-2.1.2'; - $request->CustomerIP = $this->request->server['REMOTE_ADDR']; + $request->CustomerIP = oc_get_ip(); $request->PartnerID = '0f1bec3642814f89a2ea06e7d2800b7f'; // Eway diff --git a/upload/catalog/controller/extension/payment/opayo.php b/upload/catalog/controller/extension/payment/opayo.php index f9e784386..a3de56b07 100644 --- a/upload/catalog/controller/extension/payment/opayo.php +++ b/upload/catalog/controller/extension/payment/opayo.php @@ -221,7 +221,7 @@ public function confirm(): void { $payment_data['Basket'] = $str_basket; $payment_data['CustomerEMail'] = substr($order_info['email'], 0, 255); - $payment_data['ClientIPAddress'] = $this->request->server['REMOTE_ADDR']; + $payment_data['ClientIPAddress'] = oc_get_ip(); $payment_data['ChallengeWindowSize'] = '01'; $payment_data['Apply3DSecure'] = '0'; $payment_data['ThreeDSNotificationURL'] = str_replace('&', '&', $this->url->link('extension/payment/opayo/threeDSnotify', 'order_id=' . $this->session->data['order_id'], true)); @@ -352,8 +352,8 @@ public function confirm(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -524,8 +524,8 @@ public function threeDSnotify(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/payment/paypal.php b/upload/catalog/controller/extension/payment/paypal.php index 0318c566c..2196d1289 100644 --- a/upload/catalog/controller/extension/payment/paypal.php +++ b/upload/catalog/controller/extension/payment/paypal.php @@ -1344,8 +1344,8 @@ public function approveOrder(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -1485,8 +1485,8 @@ public function approveOrder(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -2224,7 +2224,7 @@ public function completeOrder(): void { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; @@ -2575,8 +2575,8 @@ public function completeOrder(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -2720,8 +2720,8 @@ public function completeOrder(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/payment/perpetual_payments.php b/upload/catalog/controller/extension/payment/perpetual_payments.php index 9585ca516..4829dbec3 100644 --- a/upload/catalog/controller/extension/payment/perpetual_payments.php +++ b/upload/catalog/controller/extension/payment/perpetual_payments.php @@ -76,7 +76,7 @@ public function send(): void { 'cust_country' => $order_info['payment_iso_code_2'], 'cust_postcode' => $order_info['payment_postcode'], 'cust_tel' => $order_info['telephone'], - 'cust_ip' => $this->request->server['REMOTE_ADDR'], + 'cust_ip' => oc_get_ip(), 'cust_email' => $order_info['email'], 'tran_ref' => $order_info['order_id'], 'tran_amount' => $this->currency->format($order_info['total'], $order_info['currency_code'], 1.00000, false), diff --git a/upload/catalog/controller/extension/payment/pilibaba.php b/upload/catalog/controller/extension/payment/pilibaba.php index 8df06de71..fe8fe40ba 100644 --- a/upload/catalog/controller/extension/payment/pilibaba.php +++ b/upload/catalog/controller/extension/payment/pilibaba.php @@ -297,7 +297,7 @@ public function express(): void { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; diff --git a/upload/catalog/controller/extension/payment/sagepay_direct.php b/upload/catalog/controller/extension/payment/sagepay_direct.php index 0ce172f62..2669c854a 100644 --- a/upload/catalog/controller/extension/payment/sagepay_direct.php +++ b/upload/catalog/controller/extension/payment/sagepay_direct.php @@ -365,8 +365,8 @@ public function send(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -525,8 +525,8 @@ public function callback(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/payment/sagepay_server.php b/upload/catalog/controller/extension/payment/sagepay_server.php index af1c11b25..677f79e0e 100644 --- a/upload/catalog/controller/extension/payment/sagepay_server.php +++ b/upload/catalog/controller/extension/payment/sagepay_server.php @@ -187,8 +187,8 @@ public function send(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } @@ -517,8 +517,8 @@ public function success(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/payment/squareup.php b/upload/catalog/controller/extension/payment/squareup.php index 6e51264c9..28df13ff1 100644 --- a/upload/catalog/controller/extension/payment/squareup.php +++ b/upload/catalog/controller/extension/payment/squareup.php @@ -207,8 +207,8 @@ public function checkout(): void { $user_agent = ''; } - if (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/extension/payment/worldpay.php b/upload/catalog/controller/extension/payment/worldpay.php index bdbed6c72..ea71e29c1 100644 --- a/upload/catalog/controller/extension/payment/worldpay.php +++ b/upload/catalog/controller/extension/payment/worldpay.php @@ -137,8 +137,8 @@ public function send(): void { if (isset($this->request->server['HTTP_X_REAL_IP'])) { $ip = $this->request->server['HTTP_X_REAL_IP']; - } elseif (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + } elseif (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/mail/forgotten.php b/upload/catalog/controller/mail/forgotten.php index c1175e012..70c392d51 100644 --- a/upload/catalog/controller/mail/forgotten.php +++ b/upload/catalog/controller/mail/forgotten.php @@ -33,7 +33,7 @@ public function index(string &$route, array &$args, &$output): void { $data['text_greeting'] = sprintf($this->language->get('text_greeting'), $store_name); $data['reset'] = $this->url->link('account/reset', 'email=' . urlencode($args[0]) . '&code=' . $args[1], true); - $data['ip'] = $this->request->server['REMOTE_ADDR']; + $data['ip'] = oc_get_ip(); $data['store'] = $store_name; $data['store_url'] = $this->config->get('config_url'); diff --git a/upload/catalog/controller/mail/gdpr.php b/upload/catalog/controller/mail/gdpr.php index c1d448312..6ae158d04 100644 --- a/upload/catalog/controller/mail/gdpr.php +++ b/upload/catalog/controller/mail/gdpr.php @@ -34,7 +34,7 @@ public function index(string &$route, array &$args, &$output): void { $data['text_request'] = $this->language->get('text_' . $args[2]); $data['button_confirm'] = $this->language->get('button_' . $args[2]); $data['confirm'] = $this->url->link('information/gdpr/success', 'code=' . $args[0]); - $data['ip'] = $this->request->server['REMOTE_ADDR']; + $data['ip'] = oc_get_ip(); $store_name = html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'); $data['store_name'] = $store_name; diff --git a/upload/catalog/controller/product/search.php b/upload/catalog/controller/product/search.php index ba6e1b56b..3162561a9 100644 --- a/upload/catalog/controller/product/search.php +++ b/upload/catalog/controller/product/search.php @@ -430,8 +430,8 @@ public function index(): void { $customer_id = 0; } - if (isset($this->request->server['REMOTE_ADDR'])) { - $ip = $this->request->server['REMOTE_ADDR']; + if (oc_get_ip()) { + $ip = oc_get_ip(); } else { $ip = ''; } diff --git a/upload/catalog/controller/startup/marketing.php b/upload/catalog/controller/startup/marketing.php index 0c6569d93..5252b2fa8 100644 --- a/upload/catalog/controller/startup/marketing.php +++ b/upload/catalog/controller/startup/marketing.php @@ -29,7 +29,7 @@ public function index(): void { $marketing_info = $this->model_checkout_marketing->getMarketingByCode($tracking); if ($marketing_info) { - $this->model_checkout_marketing->addReport($marketing_info['marketing_id'], $this->request->server['REMOTE_ADDR']); + $this->model_checkout_marketing->addReport($marketing_info['marketing_id'], oc_get_ip()); } if ($this->config->get('config_affiliate_status')) { @@ -39,7 +39,7 @@ public function index(): void { $affiliate_info = $this->model_account_customer->getAffiliateByTracking($tracking); if ($affiliate_info && $affiliate_info['status']) { - $this->model_account_customer->addReport($affiliate_info['customer_id'], $this->request->server['REMOTE_ADDR']); + $this->model_account_customer->addReport($affiliate_info['customer_id'], oc_get_ip()); } if ($marketing_info || ($affiliate_info && $affiliate_info['status'])) { diff --git a/upload/catalog/controller/startup/session.php b/upload/catalog/controller/startup/session.php index 95a28218e..8dc0a7b49 100644 --- a/upload/catalog/controller/startup/session.php +++ b/upload/catalog/controller/startup/session.php @@ -19,7 +19,7 @@ public function index(): void { $this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, `date_modified`) < NOW()"); // Make sure the IP is allowed - $api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (`a`.`api_id` = `as`.`api_id`) LEFT JOIN `" . DB_PREFIX . "api_ip` `ai` ON (`a`.`api_id` = `ai`.`api_id`) WHERE `a`.`status` = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND `ai`.`ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'"); + $api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (`a`.`api_id` = `as`.`api_id`) LEFT JOIN `" . DB_PREFIX . "api_ip` `ai` ON (`a`.`api_id` = `ai`.`api_id`) WHERE `a`.`status` = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND `ai`.`ip` = '" . oc_get_ip() . "'"); if ($api_query->num_rows) { $this->session->start($this->request->get['api_token']); diff --git a/upload/catalog/model/account/activity.php b/upload/catalog/model/account/activity.php index 078b547ca..c9ca2ab51 100644 --- a/upload/catalog/model/account/activity.php +++ b/upload/catalog/model/account/activity.php @@ -20,6 +20,6 @@ public function addActivity(string $key, array $data): void { $customer_id = 0; } - $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_activity` SET `customer_id` = '" . (int)$customer_id . "', `key` = '" . $this->db->escape($key) . "', `data` = '" . $this->db->escape(json_encode($data)) . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', `date_added` = NOW()"); + $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_activity` SET `customer_id` = '" . (int)$customer_id . "', `key` = '" . $this->db->escape($key) . "', `data` = '" . $this->db->escape(json_encode($data)) . "', `ip` = '" . oc_get_ip() . "', `date_added` = NOW()"); } } diff --git a/upload/catalog/model/account/customer.php b/upload/catalog/model/account/customer.php index d8bdffb1a..d9fe41b9f 100644 --- a/upload/catalog/model/account/customer.php +++ b/upload/catalog/model/account/customer.php @@ -24,7 +24,7 @@ public function addCustomer(array $data): int { $customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id); - $this->db->query("INSERT INTO `" . DB_PREFIX . "customer` SET `customer_group_id` = '" . (int)$customer_group_id . "', `store_id` = '" . (int)$this->config->get('config_store_id') . "', `language_id` = '" . (int)$this->config->get('config_language_id') . "', `firstname` = '" . $this->db->escape($data['firstname']) . "', `lastname` = '" . $this->db->escape($data['lastname']) . "', `email` = '" . $this->db->escape($data['email']) . "', `telephone` = '" . $this->db->escape($data['telephone']) . "', `custom_field` = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "', `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `newsletter` = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', `status` = '" . (int)!$customer_group_info['approval'] . "', `date_added` = NOW()"); + $this->db->query("INSERT INTO `" . DB_PREFIX . "customer` SET `customer_group_id` = '" . (int)$customer_group_id . "', `store_id` = '" . (int)$this->config->get('config_store_id') . "', `language_id` = '" . (int)$this->config->get('config_language_id') . "', `firstname` = '" . $this->db->escape($data['firstname']) . "', `lastname` = '" . $this->db->escape($data['lastname']) . "', `email` = '" . $this->db->escape($data['email']) . "', `telephone` = '" . $this->db->escape($data['telephone']) . "', `custom_field` = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "', `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `newsletter` = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', `ip` = '" . oc_get_ip() . "', `status` = '" . (int)!$customer_group_info['approval'] . "', `date_added` = NOW()"); $customer_id = $this->db->getLastId(); @@ -276,10 +276,10 @@ public function addLogin(int $customer_id, string $ip, string $country = ''): vo * @return void */ public function addLoginAttempt(string $email): void { - $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_login` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower((string)$email)) . "' AND `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'"); + $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_login` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower((string)$email)) . "' AND `ip` = '" . oc_get_ip() . "'"); if (!$query->num_rows) { - $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_login` SET `email` = '" . $this->db->escape(oc_strtolower((string)$email)) . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', `total` = '1', `date_added` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "', `date_modified` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "'"); + $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_login` SET `email` = '" . $this->db->escape(oc_strtolower((string)$email)) . "', `ip` = '" . oc_get_ip() . "', `total` = '1', `date_added` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "', `date_modified` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "'"); } else { $this->db->query("UPDATE `" . DB_PREFIX . "customer_login` SET `total` = (`total` + 1), `date_modified` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "' WHERE `customer_login_id` = '" . (int)$query->row['customer_login_id'] . "'"); } diff --git a/upload/catalog/model/extension/payment/amazon_login_pay.php b/upload/catalog/model/extension/payment/amazon_login_pay.php index b22480fdb..f88312364 100644 --- a/upload/catalog/model/extension/payment/amazon_login_pay.php +++ b/upload/catalog/model/extension/payment/amazon_login_pay.php @@ -402,7 +402,7 @@ public function makeOrder(): array { $order_data['currency_id'] = $this->currency->getId($this->session->data['currency']); $order_data['currency_code'] = $this->session->data['currency']; $order_data['currency_value'] = $this->currency->getValue($this->session->data['currency']); - $order_data['ip'] = $this->request->server['REMOTE_ADDR']; + $order_data['ip'] = oc_get_ip(); if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $order_data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; diff --git a/upload/catalog/model/setting/api.php b/upload/catalog/model/setting/api.php index ece206ba3..95b49aa50 100644 --- a/upload/catalog/model/setting/api.php +++ b/upload/catalog/model/setting/api.php @@ -27,7 +27,7 @@ public function login(string $username, string $key): array { * @return array */ public function getApiByToken(string $token): array { - $query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (`a`.`api_id` = `as`.`api_id`) LEFT JOIN `" . DB_PREFIX . "api_ip` `ai` ON (`a`.`api_id` = `ai`.`api_id`) WHERE `a`.`status` = '1' AND `as`.`session_id` = '" . $this->db->escape($token) . "' AND `ai`.`ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'"); + $query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (`a`.`api_id` = `as`.`api_id`) LEFT JOIN `" . DB_PREFIX . "api_ip` `ai` ON (`a`.`api_id` = `ai`.`api_id`) WHERE `a`.`status` = '1' AND `as`.`session_id` = '" . $this->db->escape($token) . "' AND `ai`.`ip` = '" . oc_get_ip() . "'"); return $query->row; } diff --git a/upload/system/helper/general.php b/upload/system/helper/general.php index 095ca2dd0..5424bd37f 100644 --- a/upload/system/helper/general.php +++ b/upload/system/helper/general.php @@ -1,4 +1,17 @@ telephone = $customer_query->row['telephone']; $this->newsletter = $customer_query->row['newsletter']; - $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `language_id` = '" . (int)$this->config->get('config_language_id') . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE `customer_id` = '" . (int)$this->customer_id . "'"); + $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `language_id` = '" . (int)$this->config->get('config_language_id') . "', `ip` = '" . oc_get_ip() . "' WHERE `customer_id` = '" . (int)$this->customer_id . "'"); } else { $this->logout(); } @@ -115,7 +115,7 @@ public function login(string $email, string $password, bool $override = false): $this->telephone = $customer_query->row['telephone']; $this->newsletter = $customer_query->row['newsletter']; - $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `language_id` = '" . (int)$this->config->get('config_language_id') . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE `customer_id` = '" . (int)$this->customer_id . "'"); + $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `language_id` = '" . (int)$this->config->get('config_language_id') . "', `ip` = '" . oc_get_ip() . "' WHERE `customer_id` = '" . (int)$this->customer_id . "'"); return true; } else { diff --git a/upload/system/library/cart/user.php b/upload/system/library/cart/user.php index f6e82752a..c1099cf21 100644 --- a/upload/system/library/cart/user.php +++ b/upload/system/library/cart/user.php @@ -53,7 +53,7 @@ public function __construct(object $registry) { $this->user_group_id = $user_query->row['user_group_id']; $this->email = $user_query->row['email']; - $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE `user_id` = '" . (int)$this->session->data['user_id'] . "'"); + $this->db->query("UPDATE `" . DB_PREFIX . "user` SET `ip` = '" . oc_get_ip() . "' WHERE `user_id` = '" . (int)$this->session->data['user_id'] . "'"); $user_group_query = $this->db->query("SELECT `permission` FROM `" . DB_PREFIX . "user_group` WHERE `user_group_id` = '" . (int)$user_query->row['user_group_id'] . "'"); diff --git a/upload/system/startup.php b/upload/system/startup.php index 6c37d6635..e616ba843 100644 --- a/upload/system/startup.php +++ b/upload/system/startup.php @@ -45,6 +45,11 @@ $_SERVER['HTTPS'] = false; } +// Check IP +if (!empty($_SERVER['HTTP_CLIENT_IP'])) { + $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CLIENT_IP']; +} + // Modification Override function modification($filename) { if (defined('DIR_CATALOG')) {