From e387d7d770de2b3362a59e18788a2331db1186d5 Mon Sep 17 00:00:00 2001
From: to3k <2579689+to3k@users.noreply.github.com>
Date: Wed, 21 Dec 2022 21:18:23 +0100
Subject: [PATCH] by tymoteuszjozwiak with small edit

fix: prevent IP address from being taken from input #4
---
 contact.php | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/contact.php b/contact.php
index b506796..1724688 100644
--- a/contact.php
+++ b/contact.php
@@ -23,6 +23,19 @@
 				{ 
 					if($_POST['consent'] == "agree")
 					{
+						if($_SERVER['HTTP_CLIENT_IP'])
+						{
+							$ip = $_SERVER['HTTP_CLIENT_IP'];
+						}
+						elseif($_SERVER['HTTP_X_FORWARDED_FOR'])
+						{
+							$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+						}
+						else
+						{
+							$ip = $_SERVER['REMOTE_ADDR'];
+						}
+						
 						$message = "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
 							<head>
 								<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
@@ -30,7 +43,7 @@
 							<body>
 								<b>Submitter's address:</b> ".$email."<br>
 								<b>Submitter's name:</b> ".addslashes(strip_tags($_POST['form_name']))."<br>
-								<b>IP:</b> ".addslashes(strip_tags($ip))."<br>
+								<b>IP:</b> ".$ip."<br>
 								<b>Message:</b><br>
 								".addslashes(strip_tags($_POST['form_message']))."
 							</body>
@@ -54,19 +67,6 @@
 		else { $alert = 4; }
 	}
 
-	if($_SERVER['HTTP_CLIENT_IP'])
-	{
-	 $ip = $_SERVER['HTTP_CLIENT_IP'];
-	}
-	elseif($_SERVER['HTTP_X_FORWARDED_FOR'])
-	{
-	 $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
-	}
-	else
-	{
-	 $ip = $_SERVER['REMOTE_ADDR'];
-	}
-
 	mysqli_close($mysqli);
 	
 	//Change language