#1
  1. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,214
    Rep Power
    220

    Is HTTP_X_REAL_IP reliable way to get users ip?


    Hello;

    I am gonna lock users and only allow login with single IP. I am awaere their ip may change based on their location etc etc.

    What I need to understand here is [REMOTE_ADDR] . How come it says the same value for everyone regardless of the location?

    I checked $_SERVER and [HTTP_X_REAL_IP] seems the be right.
    Code:
    Correct: [HTTP_X_REAL_IP] => 60.***.***.***
    Same for all users! [REMOTE_ADDR] => 67.***.***.**
    Is this reliable way to get their ip?

    [HTTP_X_REAL_IP]

    Thanks


    Edit

    Stackoverflow says
    PHP Code:
    <?PHP

    function getUserIP()
    {
        
    $client  = @$_SERVER['HTTP_CLIENT_IP'];
        
    $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
        
    $remote  $_SERVER['REMOTE_ADDR'];

        if(
    filter_var($clientFILTER_VALIDATE_IP))
        {
            
    $ip $client;
        }
        elseif(
    filter_var($forwardFILTER_VALIDATE_IP))
        {
            
    $ip $forward;
        }
        else
        {
            
    $ip $remote;
        }

        return 
    $ip;
    }


    $user_ip getUserIP();

    echo 
    $user_ip// Output IP address [Ex: 177.87.193.134]


    ?>
    Reliable?
    Last edited by English Breakfast Tea; September 9th, 2017 at 10:55 PM.
  2. #2
  3. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,380
    Rep Power
    9645
    REMOTE_ADDR is the closest NAT device to your server. It won't be the client computer itself. It's often the client's gateway to the internet, but may not be for assorted reasons. If your REMOTE_ADDR is always the same value then you have a NATting device between your server and the internet which is proxying the traffic - perhaps as a load balancer.

    Besides REMOTE_ADDR, HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP are the two most common places to find the "original" IP address, but it's not 100% reliable. It is, however, probably the best you can get.
  4. #3
  5. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,214
    Rep Power
    220
    Originally Posted by requinix
    REMOTE_ADDR is the closest NAT device to your server. It won't be the client computer itself. It's often the client's gateway to the internet, but may not be for assorted reasons. If your REMOTE_ADDR is always the same value then you have a NATting device between your server and the internet which is proxying the traffic - perhaps as a load balancer.

    Besides REMOTE_ADDR, HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP are the two most common places to find the "original" IP address, but it's not 100% reliable. It is, however, probably the best you can get.
    Hey I know you're always right (really). But here what I see on the screen is not what you say.

    I get different ips from different locations with [HTTP_X_REAL_IP] but not with REMOTE_ADDR.

    Doesn't it mean [HTTP_X_REAL_IP] is a better option here?

    Thanks
  6. #4
  7. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,380
    Rep Power
    9645
    Yeah.

    Anything HTTP_X_* is non-standard. Providing the original IP address from a proxy/forwarder is not standardized either.

    "X-Forwarded-For" is the most common way of providing the original IP, "Client-IP" I've never seen but apparently was popular too. Whatever software is driving your forwarder is instead using "X-Real-IP".

    This is the (rare) sort of thing that works well as a global function you copy/paste between projects.
    PHP Code:
    function get_remote_addr() {
        return 
    $_SERVER["HTTP_X_REAL_IP"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["HTTP_CLIENT_IP"] ?? $_SERVER["REMOTE_ADDR"] ?? null;

    Last edited by requinix; September 10th, 2017 at 02:28 PM.
  8. #5
  9. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,214
    Rep Power
    220
    Originally Posted by requinix
    Yeah.

    Anything HTTP_X_* is non-standard. Providing the original IP address from a proxy/forwarder is not standardized either.

    "X-Forwarded-For" is the most common way of providing the original IP, "Client-IP" I've never seen but apparently was popular too. Whatever software is driving your forwarder is instead using "X-Real-IP".

    This is the (rare) sort of thing that works well as a global function you copy/paste between projects.

    PHP Code:
    function get_remote_addr() {
        return 
    $_SERVER["HTTP_X_REAL_IP"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["HTTP_CLIENT_IP"] ?? $_SERVER["REMOTE_ADDR"] ?? null;

    PHP Code:
    echo $ip $this->custom_functions->get_users_ip(); 
    Parse error: syntax error, unexpected '?'
    PHP Code:
    public function get_users_ip() 
              {
                  return 
    $_SERVER["HTTP_X_REAL_IP"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["HTTP_CLIENT_IP"] ?? $_SERVER["REMOTE_ADDR"] ?? null;
              } 

    ======

    On other note, does this
    PHP Code:
    return $_SERVER["HTTP_X_REAL_IP"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["HTTP_CLIENT_IP"] ?? $_SERVER["REMOTE_ADDR"] ?? null
    Mean:

    Return $_SERVER["HTTP_X_REAL_IP"] if it's set,
    if not then if $_SERVER["HTTP_X_FORWARDED_FOR"] is set, return $_SERVER["HTTP_X_FORWARDED_FOR"],
    if not then if $_SERVER["HTTP_CLIENT_IP"] is set, then return $_SERVER["HTTP_CLIENT_IP"] ...?
    Last edited by English Breakfast Tea; September 10th, 2017 at 10:33 PM.
  10. #6
  11. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,098
    Rep Power
    4103
    ?? - Null coalesce operator
    The expression (expr1) ?? (expr2) evaluates to expr2 if expr1 is NULL, and expr1 otherwise.
    Requires PHP 7, If you're getting a parse error on it then you must be using an older PHP version.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  12. #7
  13. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,214
    Rep Power
    220
    Originally Posted by kicken
    ?? - Null coalesce operator


    Requires PHP 7, If you're getting a parse error on it then you must be using an older PHP version.
    Ok thanks. I got older php.

    Is this equivelant to what Requinix suggested?
    PHP Code:
    public function get_users_ip() 
              {
                  
                  if(isset(
    $_SERVER["HTTP_X_REAL_IP"]))
                    {
                      
    $ip $_SERVER["HTTP_X_REAL_IP"];
                    }
                  elseif(isset(
    $_SERVER["HTTP_X_FORWARDED_FOR"]))   
                    {
                      
    $ip $_SERVER["HTTP_X_FORWARDED_FOR"];
                    }
                  elseif(isset(
    $_SERVER["HTTP_CLIENT_IP"]))   
                    {
                      
    $ip $_SERVER["HTTP_CLIENT_IP"];
                    }  
                  else
                    {
                      
    $ip NULL;
                    }
              } 
    Last edited by English Breakfast Tea; September 11th, 2017 at 12:07 AM.
  14. #8
  15. Lazy Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,380
    Rep Power
    9645
  16. #9
  17. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,214
    Rep Power
    220
    Thanks

IMN logo majestic logo threadwatch logo seochat tools logo