Incorrect user IP when running BOCA with a reverse proxy #38
Description
What is this issue about?
The incorrect IP is obtained for all users when BOCA runs behind a reverse proxy (e.g., Traefik).
The problem occurs because in the part of the code in which the user IP is obtained only the environment variable REMOTE_ADDR is taken into account. It's important to keep in mind that running BOCA with a reverse proxy, REMOTE_ADDR will be always the proxy's IP (even though users have logged in from different machines), thus BOCA will show the same IP for all users.
https://github.com/cassiopc/boca/blob/master/src/globals.php#L258-L259
This issue allows to bypass the MultiLogins option set to 'No' when using BOCA + reverse proxy (that means that the same user account could be potentially used to log in from different machines).
How to test it?
git clone --branch test_fix_getip_proxy https://github.com/rlaiola/boca.git
cd boca
# Launch application (it may take a while)
docker compose up -d
# Open a web browser and visit the URL http://localhost/boca.
# First, create and activate a BOCA contest (user: system | password: boca).
# Then, login as admin (user: admin | password: boca).
# Visit the users' page to see that the admin IP is 192.168.0.100
# To stop the application:
docker compose down