$_SERVER['REMOTE_ADDR'] not populated

[kickstart]

Hi

 

I have an old web site which uses pbpBB. It has been logging people out randomly (including me).

 

I have had a bit of a play and identified the problem(*) but putting out some debug info when people are kicked off. The various variables storing the IP address are being returned as blank or as a couple of colons. This is not for any specific users, and it has happened to me as well (so not individuals trying to spoof the IP address).

 

For example:-

 

$_SERVER['REMOTE_ADDR'])  = *::*

$HTTP_SERVER_VARS['REMOTE_ADDR'])  = *::*

$HTTP_ENV_VARS['REMOTE_ADDR'])  = **

getenv('REMOTE_ADDR')  = *::*

 

Any ideas what could cause this?

 

All the best

 

Keith

 

(*) Software checks if the IP address is similar to the one last used by the passed session id, and if not it issues a new session id and forces the user to log on again. The session ids are still there, and the actual ip addresses haven't changed, and checking the sessions table saw one person who had a 14 second gap between one session id being used and their next one after they were bounced and logged on, and the ip address hadn't changed, and if you take the old session id and edit the cookie in your browser back to this then miraculously you appears logged in again.

[fantomel]

first of all what is your php version secondly  how old is this phpbb version third did you check the functions on php.net/manual?

$_SERVER['REMOTE_ADDR'])  = *::*

i`m kinda of new to php i don't know everything about it but i've never meet before that type of coding.

 

i think should be

$user_ip = $_SEVER['REMOTE_ADDR'];
echo $user_ip;

 

$HTTP_SERVER_VARS['REMOTE_ADDR'])  = *::*

$HTTP_ENV_VARS['REMOTE_ADDR'])  = **

this ones you should not really on them since they are deprecated

click

click

use instead $_SERVER and for the second one $_ENV

as for your problem i don't quite understand what you want to say. sorry.

 

 

P.S if the above text it is incorrect or has mistakes please someone correct me or delete this post. thank you

[roopurt18]

@fantomel, kickstart isn't trying to type PHP code above.  He's saying that users are being kicked out of the application because it uses those PHP variables and those are examples of weird data being put into them.

 

@kickstart, Sorry but I got nothing for you.

 

(edit) I changed my mind.  kickstart you might try doing a full text search on all of the source files for those patterns and seeing what comes up.  It could be that phpBB, under some circumstances, is replacing the actual values with those values.

[kickstart]

Hi

 

I have been searching :'( .

 

The code lines are:-

 

$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
$user_ip = encode_ip($client_ip);

 

Basically tries to get a useable IP address. $_SERVER is containing the same as $_HTTP_SERVER_VARS (yet nothing in the code even referred to $_SERVER, except the code I just added to echo it out as I wondered if it was an issue with deprecated code).

 

I have just added some code to print_r the $_SERVER array when the problem occurs, but as it is fairly random it might be hours before I see the results.

 

I am searching for "::" now, but don't hold out much hope. This is one of the fairly early statements in the code, so not much chance for anything to corrupt it beforehand.

 

This code is pretty old, from phpBB2. Just not got around to trying to customise phpBB3 to match.

 

All the best

 

Keith

[fantomel]

i apologise for posting something wrong i understand now thank you for correcting me. but still i have no idea about his problem. sorry again

[kickstart]

Hi

 

No problems. Thanks anyway

 

but still i have no idea about his problem. sorry again

 

Nor me .

 

I have done a real bodge solution for now which I HOPE will stop it logging people out randomly. But not certain it will work and it will be a pain for the users (just not as bad as being logged out).

 

All the best

 

Keith

[roopurt18]

You say this site is old.  Has it always done this or is this a new development?

 

If it's a new development, has there been any upgrades or modifications in server software?

 

I would perform searches on the following:

REMOTE_ADDR

REMOTE_

client_ip

ip

_SERVER

HTTP_

 

If you're sure that $_SERVER is always populated correctly, then you could also attempt changing the offending line:

$client_ip = $_SERVER['REMOTE_ADDR'];

[PFMaBiSmAd]

I'll guess (I did a quick search of the php4/5 change log and the bug reports and did not see anything relevant) one of the following -

 

1) There in a prepended script file (cheap hosting) that is changing the values under certain conditions.

2) Register_globals are ON (which is about the only time I have seen unexpected values in variables when there was no actual code changing the values.)

3) A bad/corrupted build of php or extensions from the wrong version or a patched/hacked php (the Hardened PHP Project.) Are there any other unexplained problems or errors?

4) There is a server module (such as a proxy) that is not supplying an actual IP address to php under some conditions.

[kickstart]

Hi

 

roopurt18 - Seems to be a fairly new issue (but the board has been running on the server for about 7 years). I am waiting for a reply back from the web space provider, as it could well be due to a change at there end. Unfortunatly $_SERVER seems to suffer at the same time as $HTTP_SERVER_VARS. I will have a scan for your suggestions.

 

PFMaBiSmAd :-

 

Not sure about any hidden scripts. Hopefully will get some info back soon

Register globals is on unfortunatly, but code prior to the problem should "fix" this  (very similar to the code here

Hardened PHP project patch is installed according to phpinfo..

Not sure about any server module failure under certain conditions. Again hopefulyl will get some info back soon.

 

All the best

 

Keith

[PFMaBiSmAd]

Hardened PHP project patch is installed according to phpinfo..

 

Ok, new guess, since the symptom just showed up after a number of years of the site working correctly. Something was changed/upgraded and the versions of php and the Hardened php patch are not the same, resulting in the values being overwritten. The Hardened php patch can USE the remote_addr for generating session id's... It's remotely possible that a version mismatch between the patch code and the php code is causing the values to be overwritten.

[kickstart]

Hi

 

Cheers. Interesting. Hopefully my web space provider can come up with something, and I will investigate that idea.

 

It is running php 5.2.9 . And lists "This server is protected with the Suhosin Patch 0.9.7"

 

All the best

 

Keith

[iankent]

Not sure if you're still looking for an answer but you might want to take a look at phpBB's common.php file. There's a function called deregister_globals which may be affecting the values you find in $_SERVER. Not sure which version of phpBB introduced that function, but as you don't say which version you're using it might be worth a look.