get_remote_address() - incorrectly detecting users IP address

As this is my first post here, let me start by saying what a great piece of software punbb. Thank you for creating it. There was a definite need in the php forum genre for something like this!

However, with the release of 1.2.11, I've noticed a bit of a problem with the detection of the users IP address. It's not a bug as such, just more of a problem. It hasn't personally been a problem for me, but I believe this could cause some minor issues with registration in future, as well as cause problems for a lot of existing users elsewhere.

I used to work for an ISP, and we used to get lots of complaints from customers because they could not access such and such a site. It turns out the forum software was incorrectly detecting their IP address. This happened, because these people were transparently being routed through proxy servers on their way out onto the web. So, the forum software was detecting the IP address of the proxy server, rather than that of the users machine. When you consider that the proxy servers could serve up to 50000 people or more, then it became a bit of a problem for the busier sites when 50 or so people couldn't access the forum because 1 user had been banned.

It's in the function get_remote_address().

The way around it, is instead of using $_SERVER['REMOTE_ADDR'], is to use $_SERVER['HTTP_X_FORWARDED_FOR'] if it exists. If it doesn't, then revert to $_SERVER['REMOTE_ADDR'].

i.e. in functions.php, replace:

function get_remote_address()
{
    return $_SERVER['REMOTE_ADDR'];
}

with something like:

function get_remote_address()
{
    if ($_SERVER['HTTP_X_FORWARDED_FOR'])
    {
        return $_SERVER['HTTP_X_FORWARDED_FOR']
    }
    else
    {
        return $_SERVER['REMOTE_ADDR'];
    }
}

If you need me to demostrate the problem, then I can do so, but let me know as I'll need to use a different machine on a different connection as my current one is not proxied.

Cheers.