vik_c
msg:4407846 | 6:29 pm on Jan 17, 2012 (gmt 0) |
This is what I've got so far and it doesn't work.
<?php
$ip=$REMOTE_ADDR;
echo $ip;
?>
<?php
$ip=$_SERVER['REMOTE_ADDR'];
echo $ip;
?>
<?php
function getIp() {
$ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $ip;
}
$ip = getIp();
echo $ip;
?>
|
brotherhood of LAN
msg:4407848 | 6:34 pm on Jan 17, 2012 (gmt 0) |
$_SERVER['REMOTE_ADDR'] is what you're after.
[php.net...]
|
penders
msg:4407878 | 7:18 pm on Jan 17, 2012 (gmt 0) |
Does $_SERVER['REMOTE_ADDR'] return an IP address for you?
I have experienced the situation where REMOTE_ADDR was not set (or was empty) - I think this was down to the server configuration and the users accessing it over a closed intranet. In this case I had to fall back to HTTP_X_FORWARDED_FOR (which can contain multiple (comma separated) IP addresses if going through multiple proxies). However, if REMOTE_ADDR is set and is a valid IP address then this should take priority as I believe these other headers could be faked, if you are on the world-wide-web.
The script you have posted above looks as if you are allowing REMOTE_ADDR to be overridden if another header is set - this looks dangerous to me, particularly if you are serving content based on this IP address.
|
enigma1
msg:4407901 | 8:14 pm on Jan 17, 2012 (gmt 0) |
With cloud hosting $_SERVER['REMOTE_ADDR'] may not return the right value. I had to pull it from the $_ENV['REMOTE_ADDR'] in a couple of cases where I had access to that kind of environment, but I don't know how reliable it is.
The HTTP_X_* surely can be faked I wouldn't rely on them.
|
penders
msg:4407960 | 12:22 am on Jan 18, 2012 (gmt 0) |
<?php
$ip=$REMOTE_ADDR;
echo $ip;
?> |
|
Just to add, this should not be used (referencing $REMOTE_ADDR in the global scope) - this is reliant on register_globals being set on the server and it probably isn't - or shouldn't be!
You could examine all the superglobals (or the output from phpinfo() [uk.php.net]) to see if you can see your IP address!
|
vik_c
msg:4408023 | 7:02 am on Jan 18, 2012 (gmt 0) |
$_SERVER['REMOTE_ADDR'] is what you're after. |
|
That doesn't bypass proxy.
| Does $_SERVER['REMOTE_ADDR'] return an IP address for you? |
|
No. it doesn't
| this is reliant on register_globals being set on the server |
|
True. That's why I'm not using it.
Still looking for a reliable PHP snippet. I'm sure there's a way because so many sites are able to figure out my own IP, unless they're using Perl or something else.
|
enigma1
msg:4408041 | 8:55 am on Jan 18, 2012 (gmt 0) |
| That doesn't bypass proxy. |
|
You can't reliably detect proxies. The $_SERVER['REMOTE_ADDR'] will return an IP. What it returns? an empty string?
|
FromBelgium
msg:4408083 | 11:09 am on Jan 18, 2012 (gmt 0) |
This works for me:
$ip = $HTTP_SERVER_VARS['HTTP_X_CLUSTER_CLIENT_IP'];
|
penders
msg:4408090 | 11:23 am on Jan 18, 2012 (gmt 0) |
| I'm sure there's a way because so many sites are able to figure out my own IP, unless they're using Perl or something else. |
|
You are presumably behind a proxy server? I don't think any other scripting language will offer any benefits over PHP in this respect. If it is an anonymous proxy then no server will be able to identify your IP address.
Have you examined the output from phpinfo() as I mentioned above? If your IP address is reachable in any way, then it should be in there? What do the following PHP variables return for you....?
$_SERVER['REMOTE_ADDR'] - wrong IP, empty string or just not set at all?
$_SERVER['HTTP_X_FORWARDED_FOR']
$_SERVER['HTTP_VIA']
$_SERVER['HTTP_CLIENT_IP']
As I understand it, if a user is behind a proxy server then you will probably have to check $_SERVER['HTTP_X_FORWARDED_FOR'] (or possibly $_SERVER['HTTP_CLIENT_IP'] or something else...) to get the users actual IP address, but this is dependent on the proxy server, as the proxy server needs to 'pass on' your IP address (it doesn't have to - an anonymous proxy). So, whilst this might work for you and perhaps others on a known system, this is unreliable (and can be faked) on the www AFAIK, as @enigma1 states.
So, IMO, if you are on the www then you should not authenticate a user (ie. serve content based on their IP) if you have determined their IP address by one of these other methods and not by REMOTE_ADDR? Which address does the server send back the response to?
|
vik_c
msg:4408104 | 1:34 pm on Jan 18, 2012 (gmt 0) |
This is the code I'm using to test all these possibilities:
<?php
function getIp() {
$ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $ip;
}
$ip = getIp();
$ip2 = $HTTP_SERVER_VARS['HTTP_X_CLUSTER_CLIENT_IP'];
echo $ip;
print "</br>";
echo $ip2;
$ip3 = $_SERVER['REMOTE_ADDR'];
$ip4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip5 = $_SERVER['HTTP_VIA'];
$ip6 = $_SERVER['HTTP_CLIENT_IP'];
echo $ip3;
print "</br>";
print "IP4 is $ip4";
print "</br>";
print "IP5 is $ip5";
print "</br>";
print "IP6 is $ip6";
print "</br>";
?>
Here's the output I get:
10.255.255.4
10.255.255.4
IP4 is
IP5 is
IP6 is |
|
I'm no expert on this but I believe I'm being assigned a dynamic IP when I log on using my connection which is a broadband line from a prominent ISP in these parts. Other websites are able to determine my IP which means it should be possible to do so but I just can't figure out how. None of these snippets work. Thanks for all the help so far.
|
vik_c
msg:4408114 | 1:51 pm on Jan 18, 2012 (gmt 0) |
| You could examine all the superglobals (or the output from phpinfo() [uk.php.net]) to see if you can see your IP address! |
|
I couldn't locate my IP anywhere within the output of the php info file that I placed on the server.
|
penders
msg:4408133 | 2:50 pm on Jan 18, 2012 (gmt 0) |
This is a private IP address! From the results you have posted it looks like you are running this on a local test server within your own network - not behind a proxy server?! If this is the case then "10.255.255.4" is your local IP address on your LAN.
|
vik_c
msg:4408162 | 4:04 pm on Jan 18, 2012 (gmt 0) |
| If this is the case then "10.255.255.4" is your local IP address on your LAN. |
|
My IP address according to Google and some other websites is 115.246.ZZZ.ZZZ (THE 'Z's are numbers). I'm trying to create a script which can determine this successfully.
|
penders
msg:4408182 | 4:38 pm on Jan 18, 2012 (gmt 0) |
But where are you currently running your test script? On an external webserver, or locally on your LAN? Your results look as if you are running it locally on your LAN. Only if you run your script on an external webserver will it return your external IP address. Google and all the other sites that show you your IP address are external and therefore show you your external IP address.
|
vik_c
msg:4408428 | 2:59 am on Jan 19, 2012 (gmt 0) |
Not quite sure what happened but it seems to work now. Thanks!
|
|
