0

Which one is better in terms of security & other terms ?or suggest the other one which is better...i am getting ::1 output when i am using it in my PC

First one with getenv

function get_client_ip() {
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
    $ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
    $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
    $ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
    $ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
   $ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
    $ipaddress = getenv('REMOTE_ADDR');
else
    $ipaddress = 'UNKNOWN';
return $ipaddress;}

Second Method with $_Server

function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
    $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
    $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
    $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
    $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
    $ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
    $ipaddress = $_SERVER['REMOTE_ADDR'];
else
    $ipaddress = 'UNKNOWN';
return $ipaddress;

}

Sangeet Shukla
  • 37
  • 1
  • 7
  • You want to be very careful with those HTTP `Client-IP` / `X-Forwarded-For` headers. Consider accepting them only from known (and trusted?) proxies otherwise users can just set the HTTP header themselves. – lmz May 09 '15 at 12:50
  • Use cookies if you want to see when user returns back. This is what they are for – Tebe May 09 '15 at 12:51
  • @AlexShulzhenko yes,cookie is also in my mind but is it safer & accurate than $_Server & getenv – Sangeet Shukla May 09 '15 at 13:53
  • Personally, I think it's ridiculous that this was marked as a duplicate, and I voted to reopen. Since the question you pose is about the differences in security, not simply a HOW TO GET IP, which is precisely what the linked question is. – Reed May 09 '15 at 14:03
  • 1
    @Jakar the linked question explains the pros and cons of each method. I think there is sufficient information there for the OP to make an educated decision. – Jonathon Reinhart May 09 '15 at 14:09
  • 1
    The fact that many users (sometimes even a whole country) can share the same IP breaks makes idea of monitoring by IP not viable – Tebe May 09 '15 at 15:06

0 Answers0