We all know that getting the IP address of the user is a quite easy job in PHP, even in any programming language. But are you sure that you are getting the real IP Address of the user?
[gads]
In php, [code]$_SERVER[‘REMOTE_ADDR’][/code] is used to get the IP address of the user. But what happen if any user from USA access you site via proxy server of Australia. In this case $_SERVER[‘REMOTE_ADDR’] will return ip address of the Australia rather than ip address of USA.
Now let’s see the code snippet:
[cc lang=”php”]
if (!empty($_SERVER[“HTTP_CLIENT_IP”]))
{
//check for ip from share internet
$ip = $_SERVER[“HTTP_CLIENT_IP”];
}
elseif (!empty($_SERVER[“HTTP_X_FORWARDED_FOR”]))
{
// Check for the Proxy User
$ip = $_SERVER[“HTTP_X_FORWARDED_FOR”];
}
else
{
$ip = $_SERVER[“REMOTE_ADDR”];
}
// This will print user’s real IP Address
// does’t matter if user using proxy or not.
echo $ip;
[/cc]
[gads]
Note: It is recommended to use above trick to track your user.
Even better: use haproxy before your webserver (it’s better at vonnection handling anyway) and have it do the trick before the request even reaches your app. Reduces app complexity and keeps things where they belong.
If you use a proxy surf (will pass everything) …
How can detect if someone use a proxy surf web page ?
as soon as a user uses a proxy the HTTP_X_FORWARDED_FOR variable will be set.
HTTP_CLIENT_IP is not a part of $_SERVER, so i’d like to know what it holds?
Like it…
The XTTP_X_FORWARDED_FOR is nice but often has more than one entries AND it’s also sometimes filled with local subnet and/or any other unusable content. So you first have to check if HTTP_X_FORWARDED_FOR has a real public IP before doing some stuff.
Yes but… no. Because it’s possible to simulate the use of a proxy by faking HTTP_X_FORWARDED_FOR or other informations (for example with that Firefox plugin : https://addons.mozilla.org/en-US/firefox/addon/ipflood/)
Then it is unfortunately not possible to say wich IP adress is the real one…
nice one, good website, haven’t seen it before
this will not detect an anonymous proxy.
Put this code in a page and visit it for example from http://anonymouse.org/anonwww.html , you’ll not see your IP.
Thanks for that code article.
This is helping me fulfill a different purpose. I have an old machine running a LAMP server. I’ve been using dyndns to forward to my dynamic ip but I’m tired of the “renew every thirty days or pay” model. I wanted to get the ip address and do a redirect from a PHP script on my company web page but the ISP is redirecting from a subdomain assigned to me and I kept getting their IP address when I ran the script.
This code solved my problem admirably. I simply have the server access the web page and refresh the code at intervals to get any changes in the ip address and store it. When I’m about and about, trying to do business from my cell or tablet, I simply go to that link and it redirects me.
Thanks again!
when i run the above code i get the ip address as ” ::1″. whereas the ip address should be 127.0.0.1. can you just tell me what is the problem.
thank you..
::1 is equivalent to 127.0.0.1. in IPv6
why cant we use this? $localIP1 = getHostByName(php_uname(‘n’));