2

I have the line of code below in my contact form with the intention of grabbing the IP address of my visitors via the form. It instead returns the default value. How do I get it to return the visitor's IP? My Potential clients us the form to contact me but spammers do too.

<input type=hidden name="env_report" value="REMOTE_HOST,REMOTE_ADDR">
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Dz.slick
  • 433
  • 1
  • 5
  • 19
  • What server environment are you using? If you are sending this form to the client you can also determine the requesting IP. – Tigraine Dec 28 '11 at 17:41
  • I believe you'll need to get the IP from the server on request. And if you have "clients", have them login to access the form, something I assume "spammers" wouldn't be able to do. Or use a reCaptcha or whatnot, which are better than nothing if done correctly. – Jared Farrish Dec 28 '11 at 17:47
  • 1
    It looks like you're trying to reference the PHP $_SERVER variables 'REMOTE_ADDR' and 'REMOTE_HOST'. http://php.net/manual/en/reserved.variables.server.php – msanford Dec 28 '11 at 17:50
  • Jared, I actually meant "Potential Clients" – Dz.slick Dec 28 '11 at 17:51
  • You'll need to use the server to check IP address, ie in PHP `$_SERVER['REMOTE_ADDR']`. If you think you can detect spammers this way, put the check on the server only; someone could edit your `input` value and change it, for instance. You really should look into a human check like *add 1 + 4 times 3* or a reCaptcha, which can cut down on the amount of spam you get (but probably not stop it all). There is no perfect solution without requiring a verified user account, it just depends on how much you want to put your legitimate user through to block the spammers. – Jared Farrish Dec 28 '11 at 17:55

2 Answers2

1

What exactly do you expect this to do?

If you want the IP address then look at the client address in the HTTP request the form generates. If the form is dynamically creating an email on the client (i.e. not sending the form data back in an HTTP request) which you want to populate with some values then you'd need to set the values from the code which generates the HTML (javascript doesn't know about IP addresses) e.g. with PHP....

<input type=hidden name="env_report" value="<?php print $_SERVER['REMOTE_ADDR']; ?>">

Only it's trivial for someone to amend the contents of the email unless you also include some tamper detection....

<input type=hidden name="anti_tamper" value="<?php 
    print md5('s3cr3t' . $_SERVER['REMOTE_ADDR']); 
?>">

...and validate on receipt.

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • 1
    But still... What is that going to accomplish? That the request came from the same client the form was sent to? I suspect the OP wants to filter out IPs seen as coming from spammers, but I could be wrong I suppose. Maybe spammers flip IPs between form request and form submittal, and this will actually do something. – Jared Farrish Dec 28 '11 at 17:59
  • if (md5('s3cr3t' . $ip_address_in_email) != $anti_tamper) { // ip address tampered with } – symcbean Jun 08 '12 at 08:17
0

You cannot get it directly from HTML. The best way to get it using server side language, like PHP. In PHP use can use $_SERVER['REMOTE_ADDR'] to get the the Clients IP address. Here is a blog post that I had written a while ago on Getting real client IP address in PHP.

There is no reliable way to get IP address using JavaScript, but you can see this question on more details about it.

So you would want to check the IPaddress when the form was submitted to your server and then identify it there whether the submitted was a spammer or a regular user.

Community
  • 1
  • 1
Virendra
  • 2,560
  • 3
  • 23
  • 37