From c7ff6326eeb01ae3c595966d6264e2e919ddd5a6 Mon Sep 17 00:00:00 2001
From: Maurice Meyer <maurice@meyer.direct>
Date: Tue, 19 Apr 2016 18:19:37 +0200
Subject: [PATCH 1/2] Changed the GetIP command of the API so that it returns
 the X-Forwarded-For header if it is set

---
 api/remote.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/api/remote.php b/api/remote.php
index bb9db0c..a891563 100644
--- a/api/remote.php
+++ b/api/remote.php
@@ -59,7 +59,13 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
         echo json_encode($return);
         exit();
     } else if(filter_input(INPUT_GET, "action") == "getIp") {
-        $return['ip'] = filter_input(INPUT_SERVER, "REMOTE_ADDR");
+		// If we are behind a proxy, return the proxies IP address
+		if(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR") != null){
+			$return['ip'] = filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR");
+		}
+		else {
+			$return['ip'] = filter_input(INPUT_SERVER, "REMOTE_ADDR");
+		}
         echo json_encode($return);
         exit();
     }
@@ -150,4 +156,4 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
         echo json_encode($return);
         exit();
     }
-}
\ No newline at end of file
+}

From ab84439c1ac38727a1b59c6b0a789a1786ca05b7 Mon Sep 17 00:00:00 2001
From: Maurice Meyer <maurice@meyer.direct>
Date: Wed, 20 Apr 2016 14:59:06 +0200
Subject: [PATCH 2/2] Fixed the getIP command so that the clients IP is always
 returned, even behind multiple proxies. Fixed indentation.

---
 api/remote.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/api/remote.php b/api/remote.php
index a891563..6c3a198 100644
--- a/api/remote.php
+++ b/api/remote.php
@@ -59,13 +59,14 @@ if(filter_input(INPUT_SERVER, "REQUEST_METHOD") == "GET") {
         echo json_encode($return);
         exit();
     } else if(filter_input(INPUT_GET, "action") == "getIp") {
-		// If we are behind a proxy, return the proxies IP address
-		if(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR") != null){
-			$return['ip'] = filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR");
-		}
-		else {
-			$return['ip'] = filter_input(INPUT_SERVER, "REMOTE_ADDR");
-		}
+        // If we are behind a proxy, return the first IP the request was forwarded for.
+        if(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR") != null){
+            $return['ip'] = explode(",", filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR"))[0];
+
+        } else {
+            $return['ip'] = filter_input(INPUT_SERVER, "REMOTE_ADDR");
+        }
+
         echo json_encode($return);
         exit();
     }