XF 2.3 Login throws error (InvalidArgumentException: Invalid binary IP)

[Dysphoria]

Hi there,

I have some trouble, setting up a new site. When logging in with my user, XF will throw this error message:

InvalidArgumentException: Invalid binary IP: in src/XF/Util/Ip.php at line 35
XF\Util\Ip::binaryToString() in src/XF/Session/Session.php at line 254
XF\Session\Session->regenerate() in src/XF/Session/Session.php at line 274
XF\Session\Session->changeUser() in src/XF/ControllerPlugin/LoginPlugin.php at line 210
XF\ControllerPlugin\LoginPlugin->completeLogin() in src/addons/xenMade/AED/XF/ControllerPlugin/Login.php at line 12
xenMade\AED\XF\ControllerPlugin\Login->completeLogin() in src/XF/Pub/Controller/LoginController.php at line 165
XF\Pub\Controller\LoginController->actionLogin() in src/XF/Mvc/Dispatcher.php at line 362
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 264
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 121
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 63
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2826
XF\App->run() in src/XF.php at line 806
XF::runApp() in index.php at line 23

The installation is running with nginx + php-fpm behind haproxy. Therefore I verified already that php is able to see the correct client ip.
I added this to index.php for debuging purpose.

$debug_info = [
    'REMOTE_ADDR' => $_SERVER['REMOTE_ADDR'] ?? 'not set',
    'HTTP_X_FORWARDED_FOR' => $_SERVER['HTTP_X_FORWARDED_FOR'] ?? 'not set',
    'HTTP_X_REAL_IP' => $_SERVER['HTTP_X_REAL_IP'] ?? 'not set',
    'HTTP_X_FORWARDED_PROTO' => $_SERVER['HTTP_X_FORWARDED_PROTO'] ?? 'not set'
];
error_log("XenForo IP Debug: " . json_encode($debug_info));

Do you have any idea where this error message is coming from? Important note maybe, this is not a fresh installation, but an import from an existing installation on a new server.

XF Version:
| XF version : 2030470 (2.3.4)
| Last upgrade: 2030470 (2025-01-04)

 

[Paul B]

Looks like it may be related to addons/xenMade/AED .

 

[Dysphoria]

Looks like it may be related to addons/xenMade/AED .

Thanks for that hint.
I disabled the plugin and tested it again. I get the same error message, just without the plugin in the stracktrace:

InvalidArgumentException: Invalid binary IP: in src/XF/Util/Ip.php at line 35
XF\Util\Ip::binaryToString() in src/XF/Session/Session.php at line 254
XF\Session\Session->regenerate() in src/XF/Session/Session.php at line 274
XF\Session\Session->changeUser() in src/XF/ControllerPlugin/LoginPlugin.php at line 210
XF\ControllerPlugin\LoginPlugin->completeLogin() in src/XF/Pub/Controller/LoginController.php at line 165
XF\Pub\Controller\LoginController->actionLogin() in src/XF/Mvc/Dispatcher.php at line 362
XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 264
XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 121
XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 63
XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2826
XF\App->run() in src/XF.php at line 806
XF::runApp() in index.php at line 23

 

[ENF]

his is not a fresh installation, but an import from an existing installation on a new server.

There was an earlier case, documented here.

Why didn't you just copy over the install to the new server instead of importing?
Or maybe the wording is just confusing... import implies you ran the importer to bring over data from an existing installation.

 

[Jeremy P]

Therefore I verified already that php is able to see the correct client ip.
I added this to index.php for debuging purpose.

If you're seeing this error, that seems unlikely. Does REMOTE_ADDR contain a string with only a single IP address? The other headers don't really matter to XF much out of the box.

 

[Dysphoria]

There was an earlier case, documented here.

Why didn't you just copy over the install to the new server instead of importing?
Or maybe the wording is just confusing... import implies you ran the importer to bring over data from an existing installation.

I guess it was just my wording. With importing, I meant the db dump and coping over everything else.

However, I eventually found the issue. The headers were correct, but it turns out there was a session in the database without an IP address—possibly left over from earlier testing with incorrect headers. After clearing all sessions from the database, I was able to log in successfully. It just took me an embarrassingly long time to figure it out.