secure login use ip instead of REMOTE_ADDR

2026-04-14 12:30:49 +08:00 · 2022-08-25 22:38:06 +08:00
parent e34a11d70c
commit 414aaf9bf5
3 changed files with 10 additions and 9 deletions
--- a/app/Http/Controllers/AuthenticateController.php
+++ b/app/Http/Controllers/AuthenticateController.php
@@ -50,9 +50,10 @@ class AuthenticateController extends Controller
        if ($deadline && $deadline > now()->toDateTimeString()) {
            $user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']);
            if ($user) {
-                $passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]);
-                do_log(sprintf('passhash: %s, remote_addr: %s, md5: %s', $user->passhash, $_SERVER["REMOTE_ADDR"], $passhash));
-                logincookie($user->id, $passhash,false, 86400 * 30, true, true, true);
+                $ip = getip();
+                $passhash = md5($user->passhash . $ip);
+                do_log(sprintf('passhash: %s, ip: %s, md5: %s', $user->passhash, $ip, $passhash));
+                logincookie($user->id, $passhash,false, 0x7fffffff, true, true, true);
                $user->last_login = now();
                $user->save();
            }