PHP - 500 Points - Explain this ip code

Hi, can someone please explain this php code to get a user's ip address and if
they are using a proxy, the proxy address.

And if the below code is robust and good practice,

thanks

<?php

if (getenv(HTTP_X_FORWARDED_FOR))
{
  $ip=getenv(HTTP_X_FORWARDED_FOR);
    echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
  $ip=getenv(HTTP_CLIENT_IP);
    echo $ip;
}
else
{
  $ip=getenv(REMOTE_ADDR);
  echo $ip;
}

?>
babyboy808Asked:
Who is Participating?
 
ksecorCommented:
Sure....I'm assuming you want to keep track of a user's ip, right? Let's say the in the original code, you don't want to print the ip, but you want to do something to store it...probably in a database or written to a file. Well, the idea is to get as accurate a read as possible. Let's say you have a user and you want to track what pages he accesses on your site. Well you'd think $_SERVER['REMOTE_ADDR'] would do it, right? Well, to be sure, we'll check to see that the ip shown is not that of a network ip, which is why we use $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER['HTTP_CLIENT_IP'] . If the ip addresses are the same, the $_SERVER['REMOTE_ADDR'] might not be accurate as it may be that of a router or proxy which is what the $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER['HTTP_CLIENT_IP']  detect....
0
 
gamebitsCommented:
Hi babyboy808,

If you don't mind a little bit of reading this page will teach you a lot about what you are trying to do.

http://ca.php.net/manual/en/function.getenv.php

Gamebits
0
 
babyboy808Author Commented:
Eh actually I do gamebits, only messing :)

Read a bit, but am still a bit in the dark :|

0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
ksecorCommented:
Let's take this line by line:
<?php

if (getenv(HTTP_X_FORWARDED_FOR))
//getenv gets the environmental variable which you probably know...HTTP_X_FORWARDED_FOR is ip of the nat proxy. //Nat stands for network address translation...so it's the proxy address behind the router.
{
  $ip=getenv(HTTP_X_FORWARDED_FOR);
    echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
  $ip=getenv(HTTP_CLIENT_IP);
//$HTTP_CLIENT_IP  does a very similar thing as http_x_forwarded as it passes extra headers put in by some proxies to //pass on the real ip address of the connecting machine
    echo $ip;
}
else
{
  $ip=getenv(REMOTE_ADDR);
//REMOTE_ADDR is the least reliable of the three. It's the ISP proxy.
  echo $ip;
}
So what is the best practice? Well, You seem to have a good start as you are extracting each piece of potential data. I'd use $_SERVER instead of getenv in case of an IIS (Windows server) and I'd do it in one line just in case...something like:
if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])

                              Hope that helps!
0
 
babyboy808Author Commented:
Thanks ksecor,

Ok so to be IIS compatible, could you explain this, cheers

if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])

i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?

thanks again
0
 
ksecorCommented:
Ok, the asapi (Internet Server Application Programming Interface)  for iis has filters and basically getenv is 50/50 in getting past those filters...but the Super Global seems to have no problem with it. Here is an article about those filters: http://www.iis-resources.com/modules/wfsection/article.php?articleid=9 and there are even some notes in the php manual about it: http://us2.php.net/function.getenv
Assuming your grabbing the ip to do some user research, the idea would be to see if the ip's that each function get are different, then try to identify the one you can count on for that particular user. All my line of code says above is to make a log only if all three have values, then you could decide which are valid or not. Let's say the $_SERVER['HTTP_CLIENT_IP'] or $_SERVER['HTTP_X_FORWARDED_FOR'] were that of a network and the $_SERVER['REMOTE_ADDR'] was different, I could try to find a pattern of what the network and the user are and eliminate the extraneous data that I do not need. I use this code when I teach to see where assignments are being uploaded from as the school where I teach is on a network with the same proxy ip....
 
      Sorry for the wordy explanation:)
0
 
babyboy808Author Commented:
phew, thanks for the indepth explanation but could you explain in layman's terms please :)

i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?

$_SERVER['HTTP_X_FORWARDED_FOR'] = ?????
$_SERVER['HTTP_CLIENT_IP'] = ?????
$_SERVER['REMOTE_ADDR'] = ?????

thanks again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.