why cant read ip address sometimes, this function

Question

I am using this function to get ip address of the user in my site but it cant read ipaddress sometimes. I dont know that a user can hide the ipaddress or not ? If a user able to do so then how can i get the ipaddress or any other solution to identify the local computer of the user so i can prevent that computer to open my site.

Any suggestion would be greatly appreciated.

function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";
    return($ip);
}

Thanks a lot.

http://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php — CD001, Nov 04 '11 at 13:09

score 2 · Answer 1 · answered Nov 04 '11 at 13:07

2

Normally just echo $_SERVER['REMOTE_ADDR']; should do the job. Otherwise, explain us, what you mean with "it cant read ipaddress sometimes"

answered Nov 04 '11 at 13:07

sascha

4,671
3
36
54

means this function can not return the ip address of the user's computer. – Bajrang Nov 04 '11 at 13:15
If they're behind a NAT, their public IP will be different from their computer's IP. – ceejayoz Nov 04 '11 at 13:18
@J.J. do you receive just "NULL" or do you receive 127.0.0.1? – sascha Nov 04 '11 at 13:31
This mostly happens for users using a transparent proxy. The output of my above var could be an array, try to use `print_r($_SERVER['REMOTE_ADDR'])`. Maybe it prints some more data than unknown. – sascha Nov 05 '11 at 15:59

score 0 · Answer 2 · answered Nov 04 '11 at 13:13

Ip addresses aren't a sure-fire way of banning users, since they can use Proxies, or can have a dynamic IP. For instance, for some users, banning the IP would just mean they'd have to restart their router and they can access your site again.

Depending on your site, a better way to deny someone access is to use user authentication (user login).

score 0 · Answer 3 · answered Nov 04 '11 at 13:17

The short answer is that there is no 100% guaranteed way of getting a user's IP address - $_SERVER['REMOTE_ADDR'] is your best bet but even that's not 100% reliable - especially for users on networks.

Anything that's passed over HTTP from the client could be blocked/spoofed.

It's easier to work your problem the other way around - it's much easier (and more secure) to whitelist access rather than blacklist it - if you can work that way around, I'd go for it. It only requires something like a simple (in an Apache .htaccess or vhost configuration):

Deny from all
Allow from mydomain.com

score 0 · Answer 4 · answered Nov 04 '11 at 13:19

0

the only IP address you can get from the environment is REMOTE_ADDR one.
The other silly strings in your code is no more than HTTP headers, optional ones. Can be faked, omitted, have wrong format, be empty etc.

I leave a conclusion for you to make.

answered Nov 04 '11 at 13:19

Your Common Sense

156,878
40
214
345

why cant read ip address sometimes, this function

4 Answers4