Improved (trusted) client IP retrieval

editor.php

@@ -114,7 +114,7 @@ h2 {color: rgba(0,198,255,0.7)}
 		<span class="heading"><?php echo $t['Browser'];?></span><br>
 		<?php echo xssClean($_SERVER['HTTP_USER_AGENT'],"html");?><br><br>
 		<span class="heading"><?php echo $t['Your IP'];?></span><br>
-		<?php echo $_SERVER['REMOTE_ADDR'];?><br><br>
+		<?php echo getUserIP();?><br><br>
 	</div>
 
 	<div style="float: left">

lib/settings-common.php

@@ -75,6 +75,17 @@ if (!file_exists(dirname(__FILE__)."/../data/backups")) {
     mkdir(dirname(__FILE__)."/../data/backups");
 }
 
+// Walk through possibilities in the order we'd like to determine an user IP
+function getUserIP() {
+    return $_SERVER['HTTP_CLIENT_IP']
+        ?: $_SERVER['HTTP_X_FORWARDED_FOR']
+        ?: $_SERVER['HTTP_X_FORWARDED']
+        ?: $_SERVER['HTTP_FORWARDED_FOR']
+        ?: $_SERVER['HTTP_FORWARDED']
+        ?: $_SERVER['REMOTE_ADDR']
+        ?: 'Unknown';
+}
+
 // Get data from a fopen or CURL connection
 function getData($url,$type='fopen',$dieMessage=false,$timeout=60) {
 	global $context;

lib/settings.php

@@ -154,7 +154,7 @@ for ($i=0;$i<count($settingsArray);$i++) {
 }
 
 // Check IP permissions
-if (!in_array($_SERVER["REMOTE_ADDR"], $_SESSION['allowedIPs']) && !in_array("*", $_SESSION['allowedIPs'])) {
+if (!in_array(getUserIP(), $_SESSION['allowedIPs']) && !in_array("*", $_SESSION['allowedIPs'])) {
 	header('Location: /');
 	$reqsPassed = false;
 	$reqsFailures = ["systemIPRestriction"];