Getting visitor IP address with PHP
Monday, 13 August 2007

Here's a function to detect remote IP address from a PHP script, even if the client/visitor is behind a proxy 

function validip($ip) {
 
if (!empty($ip) && ip2long($ip)!=-1) {
 
$reserved_ips = array (
 
array('0.0.0.0','2.255.255.255'),
 
array('10.0.0.0','10.255.255.255'),
 
array('127.0.0.0','127.255.255.255'),
 
array('169.254.0.0','169.254.255.255'),
 
array('172.16.0.0','172.31.255.255'),
 
array('192.0.2.0','192.0.2.255'),
 
array('192.168.0.0','192.168.255.255'),
 
array('255.255.255.0','255.255.255.255')
 
);
 
 
foreach ($reserved_ips as $r) {
 
$min = ip2long($r[0]);
 
$max = ip2long($r[1]);
 
if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false;
 
}
 
return true;
 
} else {
 
return false;
 
}
 }
 
 function getip() {
 
if (validip($_SERVER["HTTP_CLIENT_IP"])) {
 
return $_SERVER["HTTP_CLIENT_IP"];
 
}
 
foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
 
if (validip(trim($ip))) {
 
return $ip;
 
}
 
}
 
if (validip($_SERVER["HTTP_X_FORWARDED"])) {
 
return $_SERVER["HTTP_X_FORWARDED"];
 
} elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) {
 
return $_SERVER["HTTP_FORWARDED_FOR"];
 
} elseif (validip($_SERVER["HTTP_FORWARDED"])) {
 
return $_SERVER["HTTP_FORWARDED"];
 
} elseif (validip($_SERVER["HTTP_X_FORWARDED"])) {
 
return $_SERVER["HTTP_X_FORWARDED"];
 
} else {
 
return $_SERVER["REMOTE_ADDR"];
 
}
 }
 ?>
 

Credits go to http://algorytmy.pl/doc/php/function.getenv.php

Are you a Joomla/PHP/Web developer? You may want to check our freelance marketplaces list.


Give us some social love (it really works now)!

Reddit! Del.icio.us! StumbleUpon! Yahoo! Swik!



Comments (2)
RSS comments
1. 07-06-2008 22:29
Ignas

"Written by Trevor GryffynThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it , on 07-12-2007 17:32 
Just a quick aside.. in the PHP world, it's generally accepted that you shouldn't trust or rely upon data obtained from $_SERVER variables or many environment variables. That's not to say that they're always wrong, but they can be spoofed and other things can get in the way of them being accurate (the IP address you retrieve may be for a proxy server, a shared external IP for a large internal network, etc). So it's a passable basic start, but don't use it for any real security purposes." 
So if whys script not very can you proved better?

2. 07-12-2007 18:32
Trevor Gryffyn

Just a quick aside.. in the PHP world, it's generally accepted that you shouldn't trust or rely upon data obtained from $_SERVER variables or many environment variables. That's not to say that they're always wrong, but they can be spoofed and other things can get in the way of them being accurate (the IP address you retrieve may be for a proxy server, a shared external IP for a large internal network, etc). So it's a passable basic start, but don't use it for any real security purposes.

Write Comment
  • Please keep the topic of messages relevant to the subject of the article.
  • Please don't use comments to plug your web site. Links are rel='nofollow'-ed
  • Please refresh the page if you're having trouble with the security image code
Name:
E-mail
Homepage
Title:
Comment:

:) :grin ;) 8) :p
:roll :eek :upset :zzz :sigh
:? :cry :( :x
Code:* Code
Last Updated ( Thursday, 18 June 2009 )
 
[ Back ]

Europe freelancer directory

Joomla stuff

Newsletter

Subscribe to TeachMeJoomla's newsletter
Name:
Email:


Auto tags

PHP REMOTE ADDRESS

php remote addr

php remote ip

remote address php

php ip

remote addr php

php get remote address

php get remote ip

ip php

php server remote address

IP detection

remote ip php

php remote adress

remote ip

ip detector

php remote ip address

php server remote addr

$_server remote

php ip detection

php remote_ip

php server remote

php ip address