Pages: [1]   Go Down
« previous next »
Send this topic | Print
Author Topic: [script] get a users IP address, even through proxies or shared internets!  (Read 632 times)
general vegitable
please ask (by pm duh!) before you yim me
Official 110mb Guru
********
Offline Offline

Posts: 6029


do NOT pm me asking for help


WWW
« on: July 01, 2009, 03:03:07 AM »
So I am working on a project, which is secure, so if the user uses a proxy it will capture the true IP from it. this script should detect it from proxies and shared internet connections (No Idea what they are but hey!) so here is the basic script, tidies into a php function:

Code:
<?php
function ip()
{
if (!empty($_SERVER['HTTP_CLIENT_IP']))
{
   //shared internet
   ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
  //proxy
  $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
   //no proxy?
   $ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
?>
Logged



Piotr GRD
Honoured 110MB Member
Official 110mb Guru
*****
Offline Offline

Posts: 6669



WWW
« Reply #1 on: July 01, 2009, 03:16:05 AM »
Be aware of what contain HTTP_X_FORWARDED_FOR if the request is going trough several proxies - all the previous IPs (except the last proxy used which is in REMOTE_ADDR) separated by commas:

http://www.www.www.www.grd.110mb.com/_test_/
(four times trough internal 110mb proxy)
Logged

Hacker Fred
Hyper-Active Member
***
Offline Offline

Posts: 213
« Reply #2 on: July 03, 2009, 06:57:02 AM »
Also be aware that each of these headers are optionally sent by proxies.  Depending on who's running the server, different http-headers representing the person's ip address may be sent (if any at all).  These headers can also be spoofed (this means that a user could impersonate someone else with malicious intent or to evade detection (I think that they can also be any string (for example, an ip address, or a list of ip addresses, or an ip address and a fragment of a mysql query)).  Only the $_SERVER['REMOTE_ADDR'] part can be relied on.  This variable is assigned by the php server (as opposed to headers sent by the client) and should always be a properly formatted ip address.
Logged
thefluffball
Knock. Knock.
Loyal 110MB Member
*******
Offline Offline

Posts: 2317


I came, I saw, I strutted.


WWW
« Reply #3 on: July 03, 2009, 07:10:39 AM »
All the above is true - Plus I thought I'd point out, d3xt3r made a very similar script a while ago. wink
Logged
Piotr GRD
Honoured 110MB Member
Official 110mb Guru
*****
Offline Offline

Posts: 6669



WWW
« Reply #4 on: July 03, 2009, 07:12:07 AM »
Thousands PHP programmers already made such "script" in this or similar way. Wink
Logged

thefluffball
Knock. Knock.
Loyal 110MB Member
*******
Offline Offline

Posts: 2317


I came, I saw, I strutted.


WWW
« Reply #5 on: July 03, 2009, 07:20:07 AM »
Quote from: Piotr GRD on July 03, 2009, 07:12:07 AM
Thousands PHP programmers already made such "script" in this or similar way. Wink
Yes, but there's one already on this specific forum. It's like say a flash game, it's all over the internet, but you still wouldn't want the same game twice on your website, would you?
P.S. Not trying to malicious, offensive, be ungrateful, lessen your work, mean etc.
Logged
darrenbeige
Authority Member
****
Offline Offline

Posts: 834


WWW
« Reply #6 on: July 03, 2009, 07:27:07 AM »
"I know your IP address." No, you know what I want you to know, which means you know nothing at all. "I'm telling you 'my' IP address."

Now thats political correctness.
Logged


Darren Beige - Wonders of the Brain | Post on My Wall
Pages: [1]   Go Up
Send this topic | Print
« previous next »
Jump to: