11

I'm saving the user's IP addresses by saving the value of $_SERVER['REMOTE_ADDR'] in a MySQL database. Problem is that for both Firefox and Chrome $_SERVER['REMOTE_ADDR'] is ::1 (that means localhost in IPv6) and for IE and Opera is 127.0.0.1 (IPv4).

So, my questions are

  • Are IP versions browser-dependant? (I used to think it depended on the computer)

  • Should I create two fields in the database, one for IPv4 addresses and one for IPv6 ones?

  • Should I unify all IPs to IPv6? And how can I do this in PHP (if it's even possible)?

federico-t
  • 12,014
  • 19
  • 67
  • 111

3 Answers3

6

  1. Fairly obvious - your box is IPv6-enabled, Firefox/Chrome use IPv6 whenever available, while IE and Opera don't (or it's a off-by-default setting).

  2. Store the address in a string that's long enough to hold an IPv6 address.

  3. No, 'cause in the general case you cannot.

Seva Alekseyev
  • 59,826
  • 25
  • 160
  • 281
  • But... isn't the IP the same but only in different representations? I mean, if a webpage bans me by IP while navigating in Chrome, that means that logging with Opera I could bypass it? – federico-t Nov 15 '11 at 21:40
  • 2
    No. It's two different network transports with two different address spaces. In a two-protocol network, you have an IPv6 address and an IPv4 address, which may or may not match, depending on the network setup. – Seva Alekseyev Nov 15 '11 at 21:45
  • 1
    @John Doe: in theory, yes. You'd have two different IPs so blocking one would still let the other through. In practice, probably not. There's not many sites that are IPv6 enabled, and fewer ISPs that provide IPv6 connectivity without tunneling/encapsulation. – Marc B Nov 15 '11 at 21:52
  • Well, I guess that I'll save every IP (v4 or v6) in a VARCHAR (37) (which is the length of a generic IPv6). Sounds awfully inneficient though, but whatever.. – federico-t Nov 15 '11 at 22:37
  • @JohnDoe: this [question](http://stackoverflow.com/q/3455320/112968) suggests the maximum size possible is 39 chars. As for inefficiency: store your addresses in packed binary format (you'll only need 16 byte per address) – knittl Nov 16 '11 at 07:25
  • Yep, it's 39 characters: 8 blocks of 4 hex digits with 7 colons in between = (8*4) + 7 = 39. That's max length, ipv6 can also be abbreviated - see "Address Representation" http://en.wikipedia.org/wiki/IPv6 leading zeros and consecutive zeros can be removed – codercake Jun 11 '13 at 21:10
2

Use the PHP function inet_pton to convert human readable IP addresses to their packed representation. You can then store each IP address in a BINARY(16) or VARBINARY(16) field in your database.

knittl
  • 246,190
  • 53
  • 318
  • 364
2

The browser will use whatever is available. This can be IPv4 or IPv6, and that can even change during the session. On top of that keep in mind that a host can have many IPv6 addresses so it might change during the session as well.

In short: don't depend on the value of REMOTE_ADDR too much :-)

Sander Steffann
  • 9,509
  • 35
  • 40
  • Yeah been told that and that many people may share the same IP, etc., but the accuracy in this case is not EXTREMELY important for me, so I'll let it slide – federico-t Nov 15 '11 at 22:36
  • @JohnDoe: It's not just a matter of "extreme" accuracy -- *many* offices, WiFi hotspots, home networks, etc., use only a single IP address for a whole network. If you care about differentiating two different users on different laptops at the same Starbucks, then you shouldn't be identifying them by IP address. – Daniel Pryden Nov 16 '11 at 04:44
  • 1
    @JohnDoe What you mention is exactly the opposite of what I was saying: you talk about multiple users using the same IP address, I am talking about one user using multiple (IPv4 and/or IPv6) addresses. That can be caused because someone has multiple IPv6 addresses, because they are behind a NAT444 gateway that has multiple public IPv4 addresses and because the user switches between those IPv4 and IPv6 addresses. – Sander Steffann Nov 16 '11 at 10:48