[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PHP - 500 Points - Explain this ip code

Posted on 2006-05-13
7
Medium Priority
?
307 Views
Last Modified: 2012-05-05
Hi, can someone please explain this php code to get a user's ip address and if
they are using a proxy, the proxy address.

And if the below code is robust and good practice,

thanks

<?php

if (getenv(HTTP_X_FORWARDED_FOR))
{
  $ip=getenv(HTTP_X_FORWARDED_FOR);
    echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
  $ip=getenv(HTTP_CLIENT_IP);
    echo $ip;
}
else
{
  $ip=getenv(REMOTE_ADDR);
  echo $ip;
}

?>
0
Comment
Question by:babyboy808
  • 3
  • 3
7 Comments
 
LVL 28

Expert Comment

by:gamebits
ID: 16675166
Hi babyboy808,

If you don't mind a little bit of reading this page will teach you a lot about what you are trying to do.

http://ca.php.net/manual/en/function.getenv.php

Gamebits
0
 

Author Comment

by:babyboy808
ID: 16675185
Eh actually I do gamebits, only messing :)

Read a bit, but am still a bit in the dark :|

0
 
LVL 1

Expert Comment

by:ksecor
ID: 16675359
Let's take this line by line:
<?php

if (getenv(HTTP_X_FORWARDED_FOR))
//getenv gets the environmental variable which you probably know...HTTP_X_FORWARDED_FOR is ip of the nat proxy. //Nat stands for network address translation...so it's the proxy address behind the router.
{
  $ip=getenv(HTTP_X_FORWARDED_FOR);
    echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
  $ip=getenv(HTTP_CLIENT_IP);
//$HTTP_CLIENT_IP  does a very similar thing as http_x_forwarded as it passes extra headers put in by some proxies to //pass on the real ip address of the connecting machine
    echo $ip;
}
else
{
  $ip=getenv(REMOTE_ADDR);
//REMOTE_ADDR is the least reliable of the three. It's the ISP proxy.
  echo $ip;
}
So what is the best practice? Well, You seem to have a good start as you are extracting each piece of potential data. I'd use $_SERVER instead of getenv in case of an IIS (Windows server) and I'd do it in one line just in case...something like:
if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])

                              Hope that helps!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:babyboy808
ID: 16675869
Thanks ksecor,

Ok so to be IIS compatible, could you explain this, cheers

if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])

i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?

thanks again
0
 
LVL 1

Expert Comment

by:ksecor
ID: 16676093
Ok, the asapi (Internet Server Application Programming Interface)  for iis has filters and basically getenv is 50/50 in getting past those filters...but the Super Global seems to have no problem with it. Here is an article about those filters: http://www.iis-resources.com/modules/wfsection/article.php?articleid=9 and there are even some notes in the php manual about it: http://us2.php.net/function.getenv
Assuming your grabbing the ip to do some user research, the idea would be to see if the ip's that each function get are different, then try to identify the one you can count on for that particular user. All my line of code says above is to make a log only if all three have values, then you could decide which are valid or not. Let's say the $_SERVER['HTTP_CLIENT_IP'] or $_SERVER['HTTP_X_FORWARDED_FOR'] were that of a network and the $_SERVER['REMOTE_ADDR'] was different, I could try to find a pattern of what the network and the user are and eliminate the extraneous data that I do not need. I use this code when I teach to see where assignments are being uploaded from as the school where I teach is on a network with the same proxy ip....
 
      Sorry for the wordy explanation:)
0
 

Author Comment

by:babyboy808
ID: 16676112
phew, thanks for the indepth explanation but could you explain in layman's terms please :)

i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?

$_SERVER['HTTP_X_FORWARDED_FOR'] = ?????
$_SERVER['HTTP_CLIENT_IP'] = ?????
$_SERVER['REMOTE_ADDR'] = ?????

thanks again
0
 
LVL 1

Accepted Solution

by:
ksecor earned 2000 total points
ID: 16676493
Sure....I'm assuming you want to keep track of a user's ip, right? Let's say the in the original code, you don't want to print the ip, but you want to do something to store it...probably in a database or written to a file. Well, the idea is to get as accurate a read as possible. Let's say you have a user and you want to track what pages he accesses on your site. Well you'd think $_SERVER['REMOTE_ADDR'] would do it, right? Well, to be sure, we'll check to see that the ip shown is not that of a network ip, which is why we use $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER['HTTP_CLIENT_IP'] . If the ip addresses are the same, the $_SERVER['REMOTE_ADDR'] might not be accurate as it may be that of a router or proxy which is what the $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER['HTTP_CLIENT_IP']  detect....
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month17 days, 17 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question