You are not logged in.
Coder Board Community »
Coding »
PHP »wcf.regNote.message
Thursday, November 25th 2004, 8:27am
|
PHP Source code |
1 2 3 4 5 6 7 8 9 10 |
function getip()
{
if(getenv("HTTP_X_FORWARDED_FOR"))
// User über Proxy
$ip = getenv("HTTP_X_FORWARDED_FOR");
else
// User normal
$ip = getenv("REMOTE_ADDR");
return $ip;
}
|
Thursday, November 25th 2004, 10:46am
Quoted
In reply to destes at ix dot netcom dot com dot nospam:
It's possible for a HTTP client to spoof HTTP_X_FORWARDED_FOR, and set it to a fake IP number. It's more secure to use this code and log BOTH the ip and the proxy ip.
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
if ($_SERVER["HTTP_CLIENT_IP"]) {
$proxy = $_SERVER["HTTP_CLIENT_IP"];
} else {
$proxy = $_SERVER["REMOTE_ADDR"];
}
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
if ($_SERVER["HTTP_CLIENT_IP"]) {
$ip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
}
echo "Your IP $ip<BR>\n";
if (isset($proxy)) {
echo "Your proxy IP is $proxy<BR>\n";
}
The problem with empty HTTP_X_FORWARDED_FOR is because of anonymous proxy servers:
Anonymous - HTTP Proxy server does not send HTTP_X_FORWARDED_FOR variable to host, this improves privacy since your IP address cannot be logged.
High anonymity - HTTP Servers of this type don?t send HTTP_X_FORWARDED_FOR, HTTP_VIA and HTTP_PROXY_CONNECTION variables. Host doesn?t even know you are using proxy server an of course it doesn?t know your IP address.
Thursday, November 25th 2004, 4:11pm
|
|
PHP Source code |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
if ($_SERVER["HTTP_X_FORWARDED_FOR"])
{
if ($_SERVER["HTTP_CLIENT_IP"])
{
$proxy = $_SERVER["HTTP_CLIENT_IP"];
}
else
{
$proxy = $_SERVER["REMOTE_ADDR"];
}
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
}
else
{
if ($_SERVER["HTTP_CLIENT_IP"])
{
$ip = $_SERVER["HTTP_CLIENT_IP"];
}
else
{
$ip = $_SERVER["REMOTE_ADDR"];
}
}
echo "Your IP $ip<BR>\n";
if (isset($proxy))
{
echo "Your proxy IP is $proxy<BR>\n";
}
|
This post has been edited 1 times, last edit by "piep001" (Nov 25th 2004, 4:13pm)
