Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jan 2008
    Location
    Finland
    Posts
    18
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Client's real IP

    Hi, from a certain conversation I remained wondering if it's possible to get a user's real ip address e.g. behind proxy. Googlin' around I found this snippet of code that's creator told it will give the real ip address:

    Code:
    <?php
    function getip () {
      if ($_SERVER) {
        if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {$rip = $_SERVER["HTTP_X_FORWARDED_FOR"];}
        elseif ($_SERVER["HTTP_CLIENT_IP"]) {$rip = $_SERVER["HTTP_CLIENT_IP"];}
        else {$rip = $_SERVER["REMOTE_ADDR"];}
      } else {
        if (getenv("HTTP_X_FORWARDED_FOR")) {$rip = getenv("HTTP_X_FORWARDED_FOR");}
        elseif (getenv("HTTP_CLIENT_IP")) {$rip = getenv("HTTP_CLIENT_IP");}
        else {$rip = getenv("REMOTE_ADDR");}
      }
      return $rip;
    }
    ?>
    I don't understand that much PHP yet, so I need an expert advice if there's any sense in this code. Many thanks.

  • #2
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by T.K. View Post
    Hi, from a certain conversation I remained wondering if it's possible to get a user's real ip address e.g. behind proxy. Googlin' around I found this snippet of code that's creator told it will give the real ip address:

    Code:
    <?php
    function getip () {
      if ($_SERVER) {
        if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {$rip = $_SERVER["HTTP_X_FORWARDED_FOR"];}
        elseif ($_SERVER["HTTP_CLIENT_IP"]) {$rip = $_SERVER["HTTP_CLIENT_IP"];}
        else {$rip = $_SERVER["REMOTE_ADDR"];}
      } else {
        if (getenv("HTTP_X_FORWARDED_FOR")) {$rip = getenv("HTTP_X_FORWARDED_FOR");}
        elseif (getenv("HTTP_CLIENT_IP")) {$rip = getenv("HTTP_CLIENT_IP");}
        else {$rip = getenv("REMOTE_ADDR");}
      }
      return $rip;
    }
    ?>
    I don't understand that much PHP yet, so I need an expert advice if there's any sense in this code. Many thanks.
    not quite sure but:
    - I don't know a case when $_SERVER is false, maybe the author want to check something else with that if.
    - some headers are redundant and all of them, except REMOTE_ADDR, which came from your server, can be replaced with other values then real.
    wait for other opinion before you take a decision, as I said, I'm not sure about what I said.

    best regards

  • #3
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,858
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Have you tested it at your end, by viewing your page via some proxy sites?
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #4
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Everything in the $_SERVER super global array can be faked, i.e. changed and altered, by a browser add-on. If I know how to code up a Firefox add-on, then I can make the $_SERVER array look like whatever I want it to look like.

    Therefore, this script is only as good as the level of the user's ignorance.

    In fact it took me about 3 minutes to find a Firefox add-on that spoofs this information for me (called X-Forwarded-For Spoofer 1.0.2).

    https://addons.mozilla.org/en-US/firefox/addon/5948

    (edit) in the 3 minutes it took me to find that add-on, oesxyl and abduraooft posted in front of me

  • Users who have thanked Fumigator for this post:

    T.K. (03-09-2009)

  • #5
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    maybe this would not help you but in my opinion internet from today become a paranoic place. More and more people ask how to find ip and on the other hand how to hide real ip,
    More constructive in my opinion is to use a "ask why" method to find why do you really need that in fact.
    for example:
    - why do I need real ip?
    - because of X
    - why do I need X?
    - ....
    and so on. In the end you will find that there are other methods better then that to do what you really want.
    I hope this help you, if not I apologise for off topic replay.

    best regards

  • Users who have thanked oesxyl for this post:

    T.K. (03-09-2009)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •