babyboy808
asked on
PHP - 500 Points - Explain this ip code
Hi, can someone please explain this php code to get a user's ip address and if
they are using a proxy, the proxy address.
And if the below code is robust and good practice,
thanks
<?php
if (getenv(HTTP_X_FORWARDED_F OR))
{
$ip=getenv(HTTP_X_FORWARDE D_FOR);
echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
$ip=getenv(HTTP_CLIENT_IP) ;
echo $ip;
}
else
{
$ip=getenv(REMOTE_ADDR);
echo $ip;
}
?>
they are using a proxy, the proxy address.
And if the below code is robust and good practice,
thanks
<?php
if (getenv(HTTP_X_FORWARDED_F
{
$ip=getenv(HTTP_X_FORWARDE
echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
$ip=getenv(HTTP_CLIENT_IP)
echo $ip;
}
else
{
$ip=getenv(REMOTE_ADDR);
echo $ip;
}
?>
ASKER
Eh actually I do gamebits, only messing :)
Read a bit, but am still a bit in the dark :|
Read a bit, but am still a bit in the dark :|
Let's take this line by line:
<?php
if (getenv(HTTP_X_FORWARDED_F OR))
//getenv gets the environmental variable which you probably know...HTTP_X_FORWARDED_FO R is ip of the nat proxy. //Nat stands for network address translation...so it's the proxy address behind the router.
{
$ip=getenv(HTTP_X_FORWARDE D_FOR);
echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
$ip=getenv(HTTP_CLIENT_IP) ;
//$HTTP_CLIENT_IP does a very similar thing as http_x_forwarded as it passes extra headers put in by some proxies to //pass on the real ip address of the connecting machine
echo $ip;
}
else
{
$ip=getenv(REMOTE_ADDR);
//REMOTE_ADDR is the least reliable of the three. It's the ISP proxy.
echo $ip;
}
So what is the best practice? Well, You seem to have a good start as you are extracting each piece of potential data. I'd use $_SERVER instead of getenv in case of an IIS (Windows server) and I'd do it in one line just in case...something like:
if ($_SERVER['HTTP_X_FORWARDE D_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])
Hope that helps!
<?php
if (getenv(HTTP_X_FORWARDED_F
//getenv gets the environmental variable which you probably know...HTTP_X_FORWARDED_FO
{
$ip=getenv(HTTP_X_FORWARDE
echo $ip;
}
else
if (getenv(HTTP_CLIENT_IP))
{
$ip=getenv(HTTP_CLIENT_IP)
//$HTTP_CLIENT_IP does a very similar thing as http_x_forwarded as it passes extra headers put in by some proxies to //pass on the real ip address of the connecting machine
echo $ip;
}
else
{
$ip=getenv(REMOTE_ADDR);
//REMOTE_ADDR is the least reliable of the three. It's the ISP proxy.
echo $ip;
}
So what is the best practice? Well, You seem to have a good start as you are extracting each piece of potential data. I'd use $_SERVER instead of getenv in case of an IIS (Windows server) and I'd do it in one line just in case...something like:
if ($_SERVER['HTTP_X_FORWARDE
Hope that helps!
ASKER
Thanks ksecor,
Ok so to be IIS compatible, could you explain this, cheers
if ($_SERVER['HTTP_X_FORWARDE D_FOR'] && $_SERVER['HTTP_CLIENT_IP'] && $_SERVER['REMOTE_ADDR'])
i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?
thanks again
Ok so to be IIS compatible, could you explain this, cheers
if ($_SERVER['HTTP_X_FORWARDE
i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?
thanks again
Ok, the asapi (Internet Server Application Programming Interface) for iis has filters and basically getenv is 50/50 in getting past those filters...but the Super Global seems to have no problem with it. Here is an article about those filters: http://www.iis-resources.com/modules/wfsection/article.php?articleid=9 and there are even some notes in the php manual about it: http://us2.php.net/function.getenv
Assuming your grabbing the ip to do some user research, the idea would be to see if the ip's that each function get are different, then try to identify the one you can count on for that particular user. All my line of code says above is to make a log only if all three have values, then you could decide which are valid or not. Let's say the $_SERVER['HTTP_CLIENT_IP'] or $_SERVER['HTTP_X_FORWARDED _FOR'] were that of a network and the $_SERVER['REMOTE_ADDR'] was different, I could try to find a pattern of what the network and the user are and eliminate the extraneous data that I do not need. I use this code when I teach to see where assignments are being uploaded from as the school where I teach is on a network with the same proxy ip....
Sorry for the wordy explanation:)
Assuming your grabbing the ip to do some user research, the idea would be to see if the ip's that each function get are different, then try to identify the one you can count on for that particular user. All my line of code says above is to make a log only if all three have values, then you could decide which are valid or not. Let's say the $_SERVER['HTTP_CLIENT_IP']
Sorry for the wordy explanation:)
ASKER
phew, thanks for the indepth explanation but could you explain in layman's terms please :)
i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?
$_SERVER['HTTP_X_FORWARDED _FOR'] = ?????
$_SERVER['HTTP_CLIENT_IP'] = ?????
$_SERVER['REMOTE_ADDR'] = ?????
thanks again
i think 'HTTP_X_FORWARDED_FOR = proxy?
this HTTP_CLIENT_IP = ?????
and this is REMOTE_ADDR = get the ip?
$_SERVER['HTTP_X_FORWARDED
$_SERVER['HTTP_CLIENT_IP']
$_SERVER['REMOTE_ADDR'] = ?????
thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you don't mind a little bit of reading this page will teach you a lot about what you are trying to do.
http://ca.php.net/manual/en/function.getenv.php
Gamebits