Answer the question
In order to leave comments, you need to log in
S
S
sasmoney2021-12-23 19:30:33
sasmoney, 2021-12-23 19:30:33
Not working $_SERVER['HTTP_X_REAL_IP']; $_SERVER['HTTP_X_REAL_IP']; $_SERVER['REMOTE_ADDR'];?
What is wrong in this script? it just doesn't work if you log in from the selected ip and gives a hacking attempt!
If you remove getIP and everything connected with it, then it goes further and everything works, but all the same, access should be given only to certain ip and not to everyone.
function getIP() {
if(isset($_SERVER['HTTP_X_REAL_IP'])) return $_SERVER['HTTP_X_REAL_IP'];
return $_SERVER['REMOTE_ADDR'];
}
if (!in_array(getIP(), array('168.111.150.150', '168.111.150.151', '168.111.150.152', '168.111.150.153', '168.111.150.154'))) die("hacking attempt!");
$fk_id = '1000';
$fk_secret_1 = '123';
$sign = md5($fk_id.':'.$_REQUEST['AMOUNT'].':'.$fk_secret_1.':'.$_REQUEST['MERCHANT_ORDER_ID']);
if ($sign != $_REQUEST['SIGN']) die('wrong sign'); 2 answer(s)
@sasmoney
@FanatPHP
S
sasmoney, 2021-12-24 @sasmoney
The problem turned out to be cloudflare proxying, turned it off and it worked
F
FanatPHP, 2021-12-23 @FanatPHP
Dedicated to all unfortunates: https://habr.com/en/post/158417/
Since there are a lot of incomprehensible letters, I will write shorter here.
By adding any tripe like X-RILI-IP-MOM-KLYANUS to the IP address check! you just open access to any attacker, starting from the level of a non-lazy pioneer.
You should always check only REMOTE_ADDR
If the site is behind a proxy, then you need to slander the turnip admin of this proxy so that it proxies the IP address too, it's not so difficult.
Similar questions
R
D
A
N
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question