diff --git a/app-code/api/login/redirect.php b/app-code/api/login/redirect.php
index cdcaf03..5621999 100644
--- a/app-code/api/login/redirect.php
+++ b/app-code/api/login/redirect.php
@@ -64,7 +64,7 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
 		];
 	}
 	//update last login
-	$ip=$_SERVER["HTTP_X_FORWARDED_FOR"];
+	$ip=trim(explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"])[0]);
 	$date=date('Y-m-d H:i:s');
 	$last_login_msg=$date." from ".$ip;
 	$sql="UPDATE users SET last_login = ? WHERE id = ?";
diff --git a/app-code/api/login/send_reset_link.php b/app-code/api/login/send_reset_link.php
index 0be3a53..335228a 100644
--- a/app-code/api/login/send_reset_link.php
+++ b/app-code/api/login/send_reset_link.php
@@ -18,7 +18,8 @@ mysqli_stmt_fetch($stmt);
 mysqli_stmt_close($stmt);
 //send telegram message
 $device = $_SERVER['HTTP_USER_AGENT'];
-$ip=$_SERVER["REMOTE_ADDR"];
+//$ip=$_SERVER["REMOTE_ADDR"];
+$ip=trim(explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"])[0]);
 $location=get_location_from_ip($ip);
 $date=date('Y-m-d H:i:s');
 $token=bin2hex(random_bytes(128));