...

View Full Version : PHP - server behind proxy, IP tracking



jthunder
01-07-2012, 10:33 PM
I want to at least monitor visitor's IP address where they really are coming from. I have a server1 running a qualified domain (domain1.com) that is on port 80 and it runs a proxy for the other server, (server2) that is running over the local LAN with a qualified domain names (domain2.com, domain3.com).

MY problem right now is I am using this to get the remote user IP, $_SERVER['REMOTE_ADDR'] but now its on the proxy, I am getting the local host IP instead.

There are also a few areas in the html/php code that refers to that IP that is currently not working right for me since I changed it.

So, what I want is to be able to track at least close to the real IP but still use our admin judgment if its fake or not. Anyway, on the html header, I have this on top:

<?php
require_once('includes/functions/func.signup.php');
db_connect($config);
session_start();
$ip=$_SERVER['REMOTE_ADDR'];


So, Instead of this on my header, I will use this and put this on top unless this is not correct, maybe you can edit it for me.

$headers = apache_request_headers();

if(array_key_exists("X-Forwarded-For", $headers)){
$proxylist = $headers['X-Forwarded-For'];
$proxylist = explode(',', $proxylist);
$realip = $proxylist[0];
}else{
$realip = $_SERVER['REMOTE_ADDR'];
}


THEN: Any statements that has currently "$ip" which was referring to the old header, as in, "Your IP ($ip) is banned !", I changed it to

"Your IP ($realip) is banned !".


Moreover, there are some mysql queries that also deal with the IP address where I save them in the mysql table. So, I need to make sure I get the right IP as opposed to my local proxy's IP. An example will be this one where the is this encode_ip($_SERVER,$_ENV) toward the bottom of the code:

if($type == 'buyer')
{
mysql_query("INSERT INTO `".$config['db']['pre']."buyers` ( `buyer_id` , `buyer_username` , `buyer_password` , `buyer_email` , `buyer_name` , `buyer_joined` , `buyer_rating` , `buyer_reviews` , `buyer_confirm` , `buyer_custom_fields` , `buyer_custom_values`, `buyer_zipcode`, `buyer_city`, `buyer_state`, `buyer_country`, `buyer_ip3`, `buyer_ip3date`, `buyer_country_flag`) VALUES ('', '" . validate_input($_POST['username']) . "', '" . validate_input(md5($_POST['password'])) . "', '" . validate_input($_POST['email']) . "', '" . validate_input($_POST['name']) . "', '" . time() . "', '0', '0', '".validate_input($confirm_id)."', '" . validate_input($custom_db_fields2) . "', '" . validate_input($custom_db_data2) . "', '" . validate_input($_POST['zipcode']) . "', '" . validate_input($_POST['city']) . "', '" . validate_input($_POST['state']) . "', '" . validate_input($_POST['country']) . "', '" . encode_ip($_SERVER, $_ENV) . "', NOW(), '" . $flag_file_name . "');");

$user_id = mysql_insert_id();

mysql_query("INSERT INTO `".$config['db']['pre']."buyers_balance` ( `buyer_id` , `balance_amount` ) VALUES ('" . $user_id . "', '" . $config['start_amount_buyer'] . "');");

mysql_query("INSERT INTO `".$config['db']['pre']."transactions` ( `transaction_id` , `transaction_type` , `transaction_method` , `buyer_id` , `provider_id` , `transaction_ip` , `transaction_time` , `transaction_amount` , `transaction_description` ) VALUES ('', 'adm', 'initial', '" . $user_id . "', '', '" . encode_ip($_SERVER,$_ENV) . "', '" . time() . "', '" . addslashes($config['start_amount_buyer']) . "', 'Signup Bonus');");
}



And for my parameters where I have "IP" defined, I have this, and I Need to point it to the right IP:

$page->SetParameter ('IP',$_SERVER['REMOTE_ADDR']);



Hopefully, I can get some great help here again. Thanks guys.

jthunder
01-08-2012, 07:41 PM
Any takers??



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum