getting ip address not accurate in php

Question

There I have a application that grabs the latitude and longitude in php of where the users ip address is but it does not come out accurate heres my code

<form action="" method="POST">
<input type="submit" name="ipBtn" value="Get ip address">
    <?php 
     if(isset($_POST['ipBtn'])) {
        $user_ip = getenv('REMOTE_ADDR');
        $geo = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=$user_ip"));
        $country = $geo["geoplugin_countryName"];
        $region = $geo["geoplugin_region"];
        $longitude = $geo["geoplugin_longitude"];
        $latitude = $geo["geoplugin_latitude"];
        $first_name = $_GET[userName];
        $password = $_GET['last_name'];
    ?>

</form>

What do you mean specifically by "does not come out accurate"? Are you getting a result which seems inaccurate, or no result at all? — , May 19 '18 at 02:29
IP to location services are never very accurate, for me it can be as several hundred km's wrong, wrong city — , May 19 '18 at 02:36
We even have problems where since we use one service (like MaxMind), and a linked site uses another service... they completely even disagree which whole COUNTRY the IP is in ;) — IncredibleHat, May 19 '18 at 02:56

Courses Cart · Answer 1 · 2018-05-19T02:28:21.497

The simplest way to get the visitor’s/client’s IP address is using the $_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_HOST'] variables.

However, sometimes this does not return the correct IP address of the visitor, so we can use some other server variables to get the IP address.

The below both functions are equivalent with the difference only in how and from where the values are retrieved.

getenv() is used to get the value of an environment variable in PHP.

// Function to get the client IP address
function get_client_ip() {
    $ipaddress = '';
    if (getenv('HTTP_CLIENT_IP'))
        $ipaddress = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $ipaddress = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
       $ipaddress = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $ipaddress = getenv('REMOTE_ADDR');
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}

$_SERVER is an array that contains server variables created by the web server.

// Function to get the client IP address
function get_client_ip() {
    $ipaddress = '';
    if (isset($_SERVER['HTTP_CLIENT_IP']))
        $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
    else if(isset($_SERVER['HTTP_X_FORWARDED']))
        $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
    else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
        $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
    else if(isset($_SERVER['HTTP_FORWARDED']))
        $ipaddress = $_SERVER['HTTP_FORWARDED'];
    else if(isset($_SERVER['REMOTE_ADDR']))
        $ipaddress = $_SERVER['REMOTE_ADDR'];
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}

This is a terrible, terrible piece of code that needs to stop being shared. Trusting arbitrary, nonstandard HTTP headers like `Forwarded:` or `Client-IP:` as a source of IP addresses is inappropriate and dangerous. — , May 19 '18 at 02:25
You've improved the formatting, but the fundamental issue with your code remains. HTTP headers should never be trusted as a source of the user's IP address outside of certain very specific environments. — , May 19 '18 at 02:30
Check the answer here: https://stackoverflow.com/questions/44085102/php-most-accurate-safe-way-to-get-real-user-ip-address-in-2017 As @duskwuff already said, it's dangerous. Headers are easily manipulated by users. — icecub, May 19 '18 at 02:31

getting ip address not accurate in php

1 Answers1