log IP for API auth errors

2 files changed, 28 insertions, 2 deletions

diff --git a/actions/api.php b/actions/api.php
index 1fe5875ad..08f5fadad 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -67,7 +67,9 @@ class ApiAction extends Action
                     $this->process_command();
                 } else {
                     # basic authentication failed
-                    common_log(LOG_WARNING, "Failed API auth attempt, nickname: $nickname.");
+                    list($proxy, $ip) = common_client_ip();
+
+                    common_log(LOG_WARNING, "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip.");
                     $this->show_basic_auth_error();
                 }
             }
diff --git a/lib/util.php b/lib/util.php
index c8da8c7dd..9c1af7a0d 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1490,4 +1490,28 @@ function common_shorten_url($long_url)
     curl_close($curlh);
 
     return $short_url;
-}
\ No newline at end of file
+}
+
+function common_client_ip()
+{
+    if (!isset($_SERVER) || !array_key_exists('REQUEST_METHOD', $_SERVER)) {
+        return null;
+    }
+
+    if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
+        if ($_SERVER['HTTP_CLIENT_IP']) {
+            $proxy = $_SERVER['HTTP_CLIENT_IP'];
+        } else {
+            $proxy = $_SERVER['REMOTE_ADDR'];
+        }
+        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    } else {
+        if ($_SERVER['HTTP_CLIENT_IP']) {
+            $ip = $_SERVER['HTTP_CLIENT_IP'];
+        } else {
+            $ip = $_SERVER['REMOTE_ADDR'];
+        }
+    }
+
+    return array($ip, $proxy);
+}