0

I am trying to get the IP ADDRESS from my users, but as I search the web for ways to do this, I see that it's not possible because an IP can be faked easily.

I wan't the IP because I am creating an extraordinary application where there is no need to make a user, but you can still vote on some objects. I don't want multiple votes from each "user".

And now, how do I get the real IP Address? Is it even possible?

Or is there another way to keep the votes relatively "unique"?

skolind
  • 1,724
  • 6
  • 28
  • 51
  • 1
    Please define 'real' IP address a little better... – BenM Sep 25 '12 at 14:55
  • How about users whose ISP assign new IP (at least) every 24 hours? So a user could restart their modem, get a new IP and then vote again.... – Havelock Sep 25 '12 at 14:56
  • What if I turn off my router and I change my IP? In these days of OAUTH, I think it's the best way to deal with uniqueness without registering. – moonwave99 Sep 25 '12 at 14:56
  • I know that IP's are easy to spoof, and that's what I wrote. That's why I am asking for an alternative way of doing it.. – skolind Sep 25 '12 at 15:02
  • Thanks for the replies to my question. I've got some new thoughts to my question, and I will go further with this. – skolind Sep 25 '12 at 15:07

4 Answers4

1

The IP address can be faked, yes, but you also run into the more general problem of proxies and NAT where the end user may not have a "real" public IP. There's nothing you can specifically do about that.

You're going to have to find some way to do this without using IP addresses if you want it to be unique.

Telgin
  • 1,614
  • 10
  • 10
0

$_SERVER['REMOTE_ADDR'] can be used. I'm not sure what you mean with "real IP address" though.

Aleph
  • 1,209
  • 10
  • 19
  • It is the the IP address from which the user is viewing your page. If the user is using a proxy, then it is indeed not. But you can't prevent that from happening easily anyway. (Yes, you could blacklist a number of proxies, but never all). – Aleph Sep 25 '12 at 14:58
0

Not possible; your best bet is to stick with _SERVER['REMOTE_ADDR']. Although it can be spoofed it's often not, especially for users that aren't malicious. The only other possibility is to use a cookie to track users but those are also easily spoofed/cleared. You can probably see why people don't use IP addresses for authentication now.

Explosion Pills
  • 188,624
  • 52
  • 326
  • 405
0

IP spoffing (faking) will always be an issue. That's why you don't see much of these apps out there. I would recommend using evercookies. I think it's the closest you can get from uniquely identifying users without registration.

Hugo Mota
  • 11,200
  • 9
  • 42
  • 60