homepage Welcome to WebmasterWorld Guest from 54.161.197.188
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
How do I get a user's IP address?
Can't seem to bypass proxy
vik_c




msg:4407843
 6:24 pm on Jan 17, 2012 (gmt 0)

I'm trying to get the user's IP address to present content based on IP. The only PHP scripts I've been able to get aren't able to bypass proxy connections. There are many websites that seem to be able to figure out my IP address. So I figure there must be a way to do it. Can someone guide me.

 

vik_c




msg:4407846
 6:29 pm on Jan 17, 2012 (gmt 0)

This is what I've got so far and it doesn't work.



<?php
$ip=$REMOTE_ADDR;
echo $ip;
?>



<?php
$ip=$_SERVER['REMOTE_ADDR'];
echo $ip;
?>




<?php

function getIp() {

$ip = $_SERVER['REMOTE_ADDR'];

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {

$ip = $_SERVER['HTTP_CLIENT_IP'];

} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {

$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

}
return $ip;
}
$ip = getIp();

echo $ip;
?>

brotherhood of LAN




msg:4407848
 6:34 pm on Jan 17, 2012 (gmt 0)

$_SERVER['REMOTE_ADDR'] is what you're after.

[php.net...]

penders




msg:4407878
 7:18 pm on Jan 17, 2012 (gmt 0)

Does
$_SERVER['REMOTE_ADDR'] return an IP address for you?

I have experienced the situation where
REMOTE_ADDR was not set (or was empty) - I think this was down to the server configuration and the users accessing it over a closed intranet. In this case I had to fall back to HTTP_X_FORWARDED_FOR (which can contain multiple (comma separated) IP addresses if going through multiple proxies). However, if REMOTE_ADDR is set and is a valid IP address then this should take priority as I believe these other headers could be faked, if you are on the world-wide-web.

The script you have posted above looks as if you are allowing REMOTE_ADDR to be overridden if another header is set - this looks dangerous to me, particularly if you are serving content based on this IP address.

enigma1




msg:4407901
 8:14 pm on Jan 17, 2012 (gmt 0)

With cloud hosting $_SERVER['REMOTE_ADDR'] may not return the right value. I had to pull it from the $_ENV['REMOTE_ADDR'] in a couple of cases where I had access to that kind of environment, but I don't know how reliable it is.

The HTTP_X_* surely can be faked I wouldn't rely on them.

penders




msg:4407960
 12:22 am on Jan 18, 2012 (gmt 0)

<?php 
$ip=$REMOTE_ADDR;
echo $ip;
?>


Just to add, this should not be used (referencing $REMOTE_ADDR in the global scope) - this is reliant on register_globals being set on the server and it probably isn't - or shouldn't be!

You could examine all the superglobals (or the output from phpinfo() [uk.php.net]) to see if you can see your IP address!

vik_c




msg:4408023
 7:02 am on Jan 18, 2012 (gmt 0)


$_SERVER['REMOTE_ADDR'] is what you're after.


That doesn't bypass proxy.

Does $_SERVER['REMOTE_ADDR'] return an IP address for you?


No. it doesn't

this is reliant on register_globals being set on the server


True. That's why I'm not using it.

Still looking for a reliable PHP snippet. I'm sure there's a way because so many sites are able to figure out my own IP, unless they're using Perl or something else.

enigma1




msg:4408041
 8:55 am on Jan 18, 2012 (gmt 0)

That doesn't bypass proxy.

You can't reliably detect proxies. The $_SERVER['REMOTE_ADDR'] will return an IP. What it returns? an empty string?

FromBelgium




msg:4408083
 11:09 am on Jan 18, 2012 (gmt 0)

This works for me:
$ip = $HTTP_SERVER_VARS['HTTP_X_CLUSTER_CLIENT_IP'];

penders




msg:4408090
 11:23 am on Jan 18, 2012 (gmt 0)

I'm sure there's a way because so many sites are able to figure out my own IP, unless they're using Perl or something else.


You are presumably behind a proxy server? I don't think any other scripting language will offer any benefits over PHP in this respect. If it is an anonymous proxy then no server will be able to identify your IP address.

Have you examined the output from phpinfo() as I mentioned above? If your IP address is reachable in any way, then it should be in there? What do the following PHP variables return for you....?

$_SERVER['REMOTE_ADDR'] - wrong IP, empty string or just not set at all?
$_SERVER['HTTP_X_FORWARDED_FOR']
$_SERVER['HTTP_VIA']
$_SERVER['HTTP_CLIENT_IP']

As I understand it, if a user is behind a proxy server then you will probably have to check $_SERVER['HTTP_X_FORWARDED_FOR'] (or possibly $_SERVER['HTTP_CLIENT_IP'] or something else...) to get the users actual IP address, but this is dependent on the proxy server, as the proxy server needs to 'pass on' your IP address (it doesn't have to - an anonymous proxy). So, whilst this might work for you and perhaps others on a known system, this is unreliable (and can be faked) on the www AFAIK, as @enigma1 states.

So, IMO, if you are on the www then you should not authenticate a user (ie. serve content based on their IP) if you have determined their IP address by one of these other methods and not by REMOTE_ADDR? Which address does the server send back the response to?

vik_c




msg:4408104
 1:34 pm on Jan 18, 2012 (gmt 0)

This is the code I'm using to test all these possibilities:

<?php

function getIp() {



$ip = $_SERVER['REMOTE_ADDR'];

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {

$ip = $_SERVER['HTTP_CLIENT_IP'];

} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {

$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

}

return $ip;
}
$ip = getIp();

$ip2 = $HTTP_SERVER_VARS['HTTP_X_CLUSTER_CLIENT_IP'];

echo $ip;
print "</br>";
echo $ip2;
$ip3 = $_SERVER['REMOTE_ADDR'];
$ip4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip5 = $_SERVER['HTTP_VIA'];
$ip6 = $_SERVER['HTTP_CLIENT_IP'];
echo $ip3;
print "</br>";
print "IP4 is $ip4";
print "</br>";
print "IP5 is $ip5";
print "</br>";
print "IP6 is $ip6";
print "</br>";

?>


Here's the output I get:

10.255.255.4
10.255.255.4
IP4 is
IP5 is
IP6 is


I'm no expert on this but I believe I'm being assigned a dynamic IP when I log on using my connection which is a broadband line from a prominent ISP in these parts. Other websites are able to determine my IP which means it should be possible to do so but I just can't figure out how. None of these snippets work. Thanks for all the help so far.

vik_c




msg:4408114
 1:51 pm on Jan 18, 2012 (gmt 0)

You could examine all the superglobals (or the output from phpinfo() [uk.php.net]) to see if you can see your IP address!


I couldn't locate my IP anywhere within the output of the php info file that I placed on the server.

penders




msg:4408133
 2:50 pm on Jan 18, 2012 (gmt 0)

10.255.255.4


This is a private IP address! From the results you have posted it looks like you are running this on a local test server within your own network - not behind a proxy server?! If this is the case then "10.255.255.4" is your local IP address on your LAN.

vik_c




msg:4408162
 4:04 pm on Jan 18, 2012 (gmt 0)

If this is the case then "10.255.255.4" is your local IP address on your LAN.


My IP address according to Google and some other websites is 115.246.ZZZ.ZZZ (THE 'Z's are numbers). I'm trying to create a script which can determine this successfully.

penders




msg:4408182
 4:38 pm on Jan 18, 2012 (gmt 0)

But where are you currently running your test script? On an external webserver, or locally on your LAN? Your results look as if you are running it locally on your LAN. Only if you run your script on an external webserver will it return your external IP address. Google and all the other sites that show you your IP address are external and therefore show you your external IP address.

vik_c




msg:4408428
 2:59 am on Jan 19, 2012 (gmt 0)

Not quite sure what happened but it seems to work now. Thanks!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved