Updated AbstractOAuth2Controller with X-Real-IP

Added additional PHP Server variable to check when attempting to determine the client's IP address.

Author: jaredbiehler

src/Controllers/AbstractOAuth2Controller.php

@@ -50,8 +50,9 @@ public function __construct()
                 'X-Longitude' => $_SERVER['GEOIP_LONGITUDE']
             ];
         }
-        $clientIpAddress = $this->getClientIP();
-        $this->headers['X-Forwarded-For'] = $clientIpAddress; 
+        if (!is_null($clientIpAddress = $this->getClientIP())) {
+            $this->headers['X-Forwarded-For'] = $clientIpAddress; 
+        }
         $this->encryption = DI::container()->get(EncryptionProvider::class);
         $this->secureStorage = DI::container()->get(SecureCookieProvider::class);
         $this->secureStorage->setEncryptionProvider($this->encryption);
@@ -109,20 +110,24 @@ public function setEncryptionProvider(EncryptionInterface $encryptionProvider):
         return $this;
     }
 
-     /**
+    /**
      * looks for a user's IP address 
      *
-     * @return string
+     * @return string|null
      */
-    public function getClientIP(){       
-        if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){
-               return  $_SERVER["HTTP_X_FORWARDED_FOR"];  
-        }else if (array_key_exists('REMOTE_ADDR', $_SERVER)) { 
+    public function getClientIP()
+    {   
+        if (array_key_exists('HTTP_X_REAL_IP', $_SERVER)) {
+               return $_SERVER["HTTP_X_REAL_IP"];  
+        } else if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+               return $_SERVER["HTTP_X_FORWARDED_FOR"];  
+        } else if (array_key_exists('REMOTE_ADDR', $_SERVER)) { 
                return $_SERVER["REMOTE_ADDR"]; 
-        }else if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) {
+        } else if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) {
                return $_SERVER["HTTP_CLIENT_IP"]; 
-        } 
-        return '';
+        }
+        
+        return null;
    }
 
     /**