Page 1 of 1

Find user IP

Posted: Sat Jan 22, 2005 10:03 pm
by Stryks
Hi all,

A while back I found some code that found a clients IP address, at least that is what it was supposed to do.

Code: Select all

function PCF_getIP() {
	if ($_SERVER['HTTP_CLIENT_IP'] && strcasecmp($_SERVER['HTTP_CLIENT_IP'], "unknown"))
		$ip = $_SERVER['HTTP_CLIENT_IP'];
	else if ($_SERVER['HTTP_X_FORWARDED_FOR'] && strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], "unknown"))
		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	else if ($_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
		$ip = $_SERVER['REMOTE_ADDR'];
	else $ip = "unknown";
	return($ip);
}
Anyhow, someone told me that I should turn error reporting to E_ALL in order to help me make the site a little more error free. What is happening however, is that I am getting errors from the above code, namely:

Code: Select all

Notice: Undefined index: HTTP_CLIENT_IP in modules/common.php on line 21

Notice: Undefined index: HTTP_X_FORWARDED_FOR in modules/common.php on line 23
Is this an indication that the code isnt actually doing what it is supposed to? If not, is there similar code which would work.

Also, does having a warning appear count as info before the header? I'm getting those messages all the time as well when the messages are turned on.

Thanks

Posted: Sat Jan 22, 2005 10:09 pm
by feyd
Is this an indication that the code isnt actually doing what it is supposed to? If not, is there similar code which would work.
the code is working corrected, provided those values were sent via the client.. HTTP_REMOTE_ADDR is set by the server as the computer accessing the site, not neccesarily the actual machine.. the code you posted tries to deal with proxy'd users. Sadly it assumes either E_NOTICE is turned off, or that those values are always set.. which only under a properly running proxy will they (most of the time)
Also, does having a warning appear count as info before the header? I'm getting those messages all the time as well when the messages are turned on.
it was added to the output buffer before the header calls were made, so yes.

Posted: Sat Jan 22, 2005 10:26 pm
by Stryks
Is there any better way to find out the user's IP than what I am doing?

It is used to find out if a session is matched to the original session owner. It is OK if it returns nothing or simply a proxy address, but it would be preferable to usually return something.

Posted: Sat Jan 22, 2005 10:39 pm
by feyd
as I mentioned: $_SERVER['HTTP_REMOTE_ADD']

Posted: Sat Jan 22, 2005 10:44 pm
by Stryks
:oops: Sorry .. Missed that. Where *are* my glasses anyway.

Cheers :wink:

Posted: Sat Jan 22, 2005 10:55 pm
by feyd
oops.. HTTP_REMOTE_ADDR... my fingers are cold! I can't type :(

Posted: Sun Jan 23, 2005 1:52 pm
by rehfeld
you should be aware that a users ip can change duirng the session. most peoples ip wont change, but some will. so some legitimate users will get the bad hand from this.

i would match thier user agent string instead. its not as unique, but its highly unlikely to change during a session for any legitimate reasons i can think of.

$_SERVER['HTTP_USER_AGENT']