[SOLVED]Getting user IP address

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

[SOLVED]Getting user IP address

Post by batfastad »

Hi guys

I'm building a simple intranet application on windows 2000, with php5 and mysql4 on apache 2.2

I'm using the $_SERVER['REMOTE_ADDR'] to get a user's IP address if they make a change to the record, but according to my log script there's been occasions where the IP address hasn't been entered.

I was wondering if there's any reason why this might happen from the PHP / Apache side.

Should this reserved variable always return the user's IP address?
Or are there occasions when the IP address doesn't get returned correctly using this method.


Thanks

Ben
Last edited by batfastad on Tue Oct 24, 2006 6:33 am, edited 1 time in total.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

I have never known the IP address to NOT work. Other SERVER variables can be hit or miss (referring url), but REMOTE_ADDR has ALWAYS worked for me.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

The IP address is sent by the client nothing to do at all with the server side of things...

You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking...or maybe their going through a proxy...

Lots of reasons why it won't or might not work...thats why it's a horrible way to do business...it's unreliable like anything else sent in by the client through headers...

In short: Don't trust IP for anything, but use it only for basic non-security type situations...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Hockey wrote:The IP address is sent by the client nothing to do at all with the server side of things...

You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking
no, the address and the port are part of the socket connection. If the information is faked no return data will reach the client - not even will the tcp/ip connection be fully established.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

volka wrote:
Hockey wrote:The IP address is sent by the client nothing to do at all with the server side of things...

You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking
no, the address and the port are part of the socket connection. If the information is faked no return data will reach the client - not even will the tcp/ip connection be fully established.
Ok I realize that, but instead of correcting me...as I wasn't the one asking the question, why not explain to the fellow I replied too, why the IP of some users doesn't show???

My best guess was some browsers maybe didn't construct the headers properly, but your right, I don't think the IP is handled by the browser. So my second guess, would be a proxy possibly causing the problem, or hackers poking at his web site.

If the IP isn't valid it's obvious, data cannot be sent back to the requesting application, so, why then would an IP be bogus? DoS attack or similar is the only thing I can think of, where the attacker doesn't care about feedback, they simply want to tax a system and not have any trace.

I'm out of guesses, but I'm interested in hearing yours...

p.s-In all fareness when I said client I wasn't refering to browsers per se, but rather the client machine, regardless of where it came from.

Cheers :)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

~Hockey, I believe ~volka was correcting you in an informative manner to the OP. If somebody says something directly to the OP which is so significantly incorrect it's kind of sensible to correct them ;)

Back on-topic please.
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

Post by batfastad »

Hi everyone

Thanks for all your input.
I use it generally for logging and noticed that on some ocassions it wasn't getting entered.
I won't look into it any further though since proxies can munge all kinds of information.


Thanks everyone

Ben
Z3RO21
Forum Contributor
Posts: 130
Joined: Thu Aug 17, 2006 8:59 am

Post by Z3RO21 »

Even with a proxy i thought you would still get the proxy IP, check your logging code there may be an error that is not being noticed? Just my 2 cents :) cheers everyone
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You will get an IP with a proxy, but it can (and for has) change. Often. So I wouldn't rely on it for anything critical. But $_SERVER['REMOTE_ADDR'] should work in all cases.
Post Reply