Remote IP detection with PHP

Monday, 13 August 2007

Here's a function to detect remote IP, even if client is behind a proxy

function validip($ip) {
    if (!empty($ip) && ip2long($ip)!=-1) {
        $reserved_ips = array (
        array('0.0.0.0','2.255.255.255'),
        array('10.0.0.0','10.255.255.255'),
        array('127.0.0.0','127.255.255.255'),
        array('169.254.0.0','169.254.255.255'),
        array('172.16.0.0','172.31.255.255'),
        array('192.0.2.0','192.0.2.255'),
        array('192.168.0.0','192.168.255.255'),
        array('255.255.255.0','255.255.255.255')
        );
 
        foreach ($reserved_ips as $r) {
            $min = ip2long($r[0]);
            $max = ip2long($r[1]);
            if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false;
        }
        return true;
    } else {
        return false;
    }
 }
 
 function getip() {
    if (validip($_SERVER["HTTP_CLIENT_IP"])) {
        return $_SERVER["HTTP_CLIENT_IP"];
    }
    foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
        if (validip(trim($ip))) {
            return $ip;
        }
    }
    if (validip($_SERVER["HTTP_X_FORWARDED"])) {
        return $_SERVER["HTTP_X_FORWARDED"];
    } elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) {
        return $_SERVER["HTTP_FORWARDED_FOR"];
    } elseif (validip($_SERVER["HTTP_FORWARDED"])) {
        return $_SERVER["HTTP_FORWARDED"];
    } elseif (validip($_SERVER["HTTP_X_FORWARDED"])) {
        return $_SERVER["HTTP_X_FORWARDED"];
    } else {
        return $_SERVER["REMOTE_ADDR"];
    }
 }
 ?>

Credits go to http://algorytmy.pl/doc/php/function.getenv.php

Give us some social love (it really works now)!

Comments (3)

1. 07-12-2007 18:32

Trevor Gryffyn

Just a quick aside.. in the PHP world, it's generally accepted that you shouldn't trust or rely upon data obtained from $_SERVER variables or many environment variables. That's not to say that they're always wrong, but they can be spoofed and other things can get in the way of them being accurate (the IP address you retrieve may be for a proxy server, a shared external IP for a large internal network, etc). So it's a passable basic start, but don't use it for any real security purposes.

2. reconfigure search feature in joomla12-12-2007 01:50

Barry

Hi there I have a question !
is it possible to somehow rewrite this joomla search feature so that it finds specific Items
and not only text.
Also how is it possible to create dropdown lists in joomla so that when they are selected by e user than only that picture or text is displayed for Example:

I have a picture in my page with the name let say "JOHN" so my question is how is it possible to create dropdownlists so that they display the name JOHN and when somebody selects that name
it displays only JOHN picture and not text and I am not talking about a dropdown menu I am talking about a dropdownlist.

Thank you in this matter!
Barry Bonds

3. reconfigure search feature in joomla07-06-2008 22:29

Ignas

"Written by Trevor GryffynThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it , on 07-12-2007 17:32
Just a quick aside.. in the PHP world, it's generally accepted that you shouldn't trust or rely upon data obtained from $_SERVER variables or many environment variables. That's not to say that they're always wrong, but they can be spoofed and other things can get in the way of them being accurate (the IP address you retrieve may be for a proxy server, a shared external IP for a large internal network, etc). So it's a passable basic start, but don't use it for any real security purposes."
So if whys script not very can you proved better?

Write Comment