1

I have a website in PHP and need to know what the IP of the accessing client is. For this I am using the function below:

function get_client_ip() {
    $ipaddress = '';
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ipaddress = $_SERVER['REMOTE_ADDR'];
    }

    return $ipaddress;
}

But when accessing the site by url omenorpreco.com/teste the page returns the server IP.

When access to page the url omenorpreco.com/teste.php, the page returns the client IP.

Possibly this error occurs because when you access the page without the extension ".php", the server interprets the page by .htaccess?

How can I adjust my application for both accesses, return the client's IP, and not the server IP?

above my htaccess code



    php_value allow_url_fopen on
    php_value allow_url_include 1
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule !.(js|ico|txt|gif|bmp|jpeg|jpg|png|css|log|rss|zip|xml|sql|pdf|doc|docx|xls)$ url_amigavel.php
    RewriteRule sitemap-categoria.xml$ sitemap.php?number=categoria
    RewriteRule sitemap-([0-9]+).xml$ sitemap.php?number=$1
    RewriteRule sitemap_index.xml$ sitemap_index.php

and url_amigavel.php code

<?php

$geturl = explode( "/", str_replace( strrchr( $_SERVER["REQUEST_URI"], "?" ), "", $_SERVER["REQUEST_URI"] ) );
array_shift( $geturl );

$tipo = $geturl[0];


if ( is_file( "$tipo.php" ) )
{
    include "$tipo.php";
}
else
{
    echo "page not found";

}

?>

EDIT: CAN I SET GLOBAL_VAR IN HTACCESS WITH THE CLIENT IP?

Rodrigo Mendes
  • 25
  • 9

3 Answers3

1

Put this in a file and run with and without the extension:

<?php
function get_ip_address() {
    return $_SERVER['REMOTE_ADDR'];
}
    echo get_ip_address();

?>

What error do you get if you run the above?

EDIT: Can you edit your .htaccess like this and see if the error still occurs:

php_value allow_url_fopen on
php_value allow_url_include 1
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !.(js|ico|txt|gif|bmp|jpeg|jpg|png|css|log|rss|zip|xml|sql|pdf|doc|docx|xls)$ $1.php [L]
RewriteRule sitemap-categoria.xml$ sitemap.php?number=categoria
RewriteRule sitemap-([0-9]+).xml$ sitemap.php?number=$1
RewriteRule sitemap_index.xml$ sitemap_index.php
stirredo
  • 2,297
  • 3
  • 19
  • 23
  • Hi stirredo. You can acess this pages? http://omenorpreco.com/test2.php http://omenorpreco.com/test2 i put your code into this page to test.. acess and see the error.. the first link retorn a correct ip the second link return a server ip the second link access the page test2.php by the htaccess. – Rodrigo Mendes Jan 12 '16 at 20:48
  • The webpage doesn't load for me. Can you check the server setting again please. – stirredo Jan 12 '16 at 20:52
  • i ajust my file test2.php, and the result is the same.. could you access? – Rodrigo Mendes Jan 12 '16 at 21:01
  • I am not able to access the page, it says "This webpage is not available". – stirredo Jan 12 '16 at 21:03
  • I am able to access it, the IP address issue still remains. Seems like a fresh request is made by the server or `url_amigavel.php` does something significant (asked to post it). – Benjy1996 Jan 12 '16 at 21:06
  • strange because I have not blocking ip or region on my website.He tried to put www in front? – Rodrigo Mendes Jan 12 '16 at 21:07
  • I had to use a proxy to access your website (probably problem at my end) and saw what you meant. Like Benjy said, please post the contents of url_amigavel.php – stirredo Jan 12 '16 at 21:11
  • i chaged to RewriteRule !\.(js|ico|txt|gif|bmp|jpeg|jpg|png|css|log|rss|zip|xml|sql|pdf|doc|docx|xls)$ $1.php [L] and now return another error.. because (***) is a extension.. could you see? – Rodrigo Mendes Jan 12 '16 at 21:30
1

I think I just saw it work on your server! Change .htaccess to;

php_value allow_url_fopen on
php_value allow_url_include 1

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !.(js|ico|txt|gif|bmp|jpeg|jpg|png|css|log|rss|zip|xml|sql|pdf|doc|docx|xls)$ url_amigavel.php
RewriteRule sitemap-categoria.xml$ sitemap.php?number=categoria
RewriteRule sitemap-([0-9]+).xml$ sitemap.php?number=$1
RewriteRule sitemap_index.xml$ sitemap_index.php

SetEnvIfNoCase Remote_Host "(.*)" HTTP_MY_REMOTE_HOST=$1
SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1

An change test.php to;

function get_client_ip() {
    if (isset($_SERVER[REDIRECT_HTTP_MY_REMOTE_ADDR])) {
        return $_SERVER[REDIRECT_HTTP_MY_REMOTE_ADDR];

    } else if (isset($_SERVER[REDIRECT_HTTP_MY_REMOTE_HOST])) {
        return $_SERVER[REDIRECT_HTTP_MY_REMOTE_HOST];

    } else if (isset($_SERVER[HTTP_MY_REMOTE_ADDR])) {
        return $_SERVER[HTTP_MY_REMOTE_ADDR];

    } else if (isset($_SERVER[HTTP_MY_REMOTE_HOST])) {
        return $_SERVER[HTTP_MY_REMOTE_HOST];

    }
}

echo get_client_ip();

Inspiration for setting variables in .htaccess from: http://www.askapache.com/htaccess/setenvif.html

Glad it finally worked!

Benjy1996
  • 159
  • 7
  • I think a trailing slash left over might have been a cause for the `404`, try my updated answer if the previous one does not work – Benjy1996 Jan 12 '16 at 22:07
  • Darn. Try putting `echo $tipo;` before the `if` statement to see where the file is being requested from – Benjy1996 Jan 12 '16 at 22:20
  • $tipo.php is the file where your get_client_ip function is? –  Jan 12 '16 at 22:23
  • Hmm, seems right, think my solution makes no difference. – Benjy1996 Jan 12 '16 at 22:24
  • can you var_dump ($geturl); –  Jan 12 '16 at 22:28
  • I'm pretty much out of options, try commenting out the `php_value allow_url_fopen on` and `php_value allow_url_include 1` flags in `.htaccess`, might be some weird external request initiation somewhere – Benjy1996 Jan 12 '16 at 22:28
  • Yeh `$geturl` won't contain the domain, my mistake xD . So we think the correct PHP file is run, but somewhere along the line the IP address is changed to the server only when that `.htaccess` rewrite rule is run?Strange. I've gotta sleep now good luck aarron and Rodrigo :) – Benjy1996 Jan 12 '16 at 22:29
  • var_dump($geturl) = array(1) { [0]=> string(5) "test2" } – Rodrigo Mendes Jan 12 '16 at 22:34
  • i commented these lines in .htaccess and the result is the same =/ thakyou for try to helpme, goodnight – Rodrigo Mendes Jan 12 '16 at 22:36
  • Morning all, Rodrigo - did you try my suggestion of commenting out/ removing the two allow php flags in your .htaccess file? David Alvarez has now suggested this too as a possible cause – Benjy1996 Jan 13 '16 at 07:59
  • Morning Benjy. I aswrer in a David propose to solve this problem. – Rodrigo Mendes Jan 13 '16 at 10:32
  • Tried again.. Have many diferences between my page and yours =/ – Rodrigo Mendes Jan 13 '16 at 11:44
  • OK, my final guess is posted - hopefully it should work – Benjy1996 Jan 13 '16 at 11:57
  • 1
    Finally!!!!! Thank you so much. When i set variable in htaccess i can get the correct IP from client.. Thank you!! – Rodrigo Mendes Jan 13 '16 at 12:10
0

You have allow_url_include set to 1 on your .htaccess. This is causing problems because as you are telling PHP to include a file, the preprocessor thinks it's a URL, other people have told you this so let's go straight.

My guess is, just disable allow_url_include. It's a bad practice, a security risk and there's nothing you can't do just with file_get_contents for example.

If you are still convinced that including remote files is a good idea, you should try using a full path, using this include with the code Benjy1996 gave you:

include(getcwd().$tipo.".php");

PD: you should probably change your ip function to return $_SERVER['REMOTE_ADDR'] only as well, as it's the one you can trust the most, because it's the most difficult to fake.

David Álvarez
  • 91
  • 5
  • Hello Benjy / David - I tried to change my htaccess, removing two lines of php value settings, and input the code 
    include ( getcwd()."/". $tipo . ".php");
    into url_amigavel.php, and doesnt work two. =(     – Rodrigo Mendes Jan 13 '16 at 10:22
  • 1
    I've just done a carbon copy of your original `.htaccess`, `test.php` and `url_amigavel.php` on my server and its providing expected results [ets.16mb.com/test](http://ets.16mb.com/test) and [ets.16mb.com/test.php](http://ets.16mb.com/test.php). It seems something must be configured differently somewhere. – Benjy1996 Jan 13 '16 at 10:47
  • WOW.. =( you just copy my original files? I access your server and really work fine.. Maybe its a server configuration? – Rodrigo Mendes Jan 13 '16 at 11:05
  • Yeh your original code works :). Its some configuration somewhere. Can you think of anything that could cause this? Any framework you are using or other configurations that have been set? – Benjy1996 Jan 13 '16 at 11:09
  • I think I may have found a possible cause, just check for the `$_SERVER['HTTP_X_FORWARDED_FOR']` field, ignoring `REMOTE_ADDR`, sometimes `.htaccess` can change this field with `RewriteRule`s – Benjy1996 Jan 13 '16 at 11:14
  • I have no idea , because the server that I use is a paid server , and who run it are a great company in Brazil , which does not allow me to change settings. I can make a request to look at the problem, but must be specific , otherwise not act on the problem. – Rodrigo Mendes Jan 13 '16 at 11:15
  • the variable $_SERVER['HTTP_X_FORWARDED_FOR'] is empty.. http://omenorpreco.com/test2 – Rodrigo Mendes Jan 13 '16 at 11:19
  • I'll move back to my post XD – Benjy1996 Jan 13 '16 at 11:23