Proxy Checker

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Proxy Checker

Post by nickman013 »

Hello,

I was wondering if there was any way to check if a IP is a proxy server?

Thanks.!!!
User avatar
potato
Forum Contributor
Posts: 192
Joined: Tue Mar 16, 2004 8:30 am
Location: my lovely trailer, next to the big tree

Post by potato »

if you want to check the script, http://www.phpbuddy.com/sample/proxydetector.php

Code: Select all

<?php 

// use this script to detect whether a user is using a 

//proxy server to connect to your website.



echo "Proxy Detector

";

if(isset($HTTP_X_FORWARDED_FOR))
{
if ($HTTP_X_FORWARDED_FOR)
{
// proxy detected...
?>

Proxy Detected...


Your Actual IP Address:
<?= $HTTP_X_FORWARDED_FOR ?>


Your Proxy Server:
<?= $HTTP_VIA ?>

You Proxy I.P address: <?= $REMOTE_ADDR ?>


<?
}
}
else
{
// no proxy detected
?>

No Proxy Detected


Your Actual IP Address:
<?= $REMOTE_ADDR ?>


<?
}
?>
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

thanks alot!!!!!!!
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

hmm.. doesnt seem to work though??

I tried it out...
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Those variables are deprecated , have a look at Reserved Variables.

To my knowledge, it is impossible to check whether or not the user is accessing behind a proxy or not. Considering a proxy relays the requests, like a normal user, there is little differentiations between a legit user and a proxy. The only way that comes to mind is compiling a list of known proxies and checking against that. :? I would be interested to hear others opinion on this.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The headers sent by the proxy that signal it being a proxy are optional, so there's no 100% way of determining if a request is from a proxy or not... but you can at least compile a list of conforming and compliant proxies.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Hmmm... I see..

The reason why I need to know this is becuase I have a voting system I made w/ help of somepeople on here.. And people go through a proxy to vote more than once... But, I just delete their vote.... But some people are voting more than once with the same IP address. I dont know how becuase my code prevents it... Any one know how to make this better...

The codes are

moty_main.php

Code: Select all

<?
$ip = $_SERVER[REMOTE_ADDR]; 
include "/home/muot/public_html/ipban/check.php";
//this is just a checker for a ip banner i have.
?>
<body bgcolor=black>
<script LANGUAGE="JavaScript">
<!--
// Nannette Thacker http://www.shiningstar.net
function confirmSubmit()
{
var agree=confirm("Are you sure you want to vote for this person? You cannot vote again, or change your vote if you do.");
if (agree)
	return true ;
else
	return false ;
}
// -->
</script>
<style type=text/css>
body {
color:white;
}
#formfont { 
  color:white; 
} 
input,textarea { 
  background-color:black; 
  color:white; 
}
</style>
<?php 
$host = "localhost";//Hostname 
$usr = "muot_report";//DB Usr 
$psw = "passwordd";//DB Password 
$dbname = "muot_report";//DB Name 
$tbl_name = "moty_ip";//Table Name 
$ip_field = "IP";//Field For IP 
$visitor_ip = $_SERVER[REMOTE_ADDR];//Visitor's IP Address 

$conn = mysql_connect($host, $usr, $psw) or die(mysql_error()); 
mysql_select_db($dbname, $conn) or die(mysql_error());
$sql = "SELECT $ip_field FROM $tbl_name WHERE $ip_field = '$visitor_ip'"; 
$res = mysql_query($sql, $conn) or die(mysql_error()); 
$num_rows = mysql_num_rows($res); 
if($num_rows > 0)
 { 
?>
<font size=6 color=red><b><center>Thanks for voting.</font><br></center>
<br><font size=4 color=white>The next voting round for the Muot Of The Year, will be on December 23rd.<br>Until then check out <a href=http://www.sickrat.com target=_blank><b><font size=5 color=white>SICKRAT.COM</font></a> for the new CJ vs.  Joe fight.<br></font>
</center>
<?
  } 
else 
  { 
?>
<html>
<body bgcolor=black>
<?php
$ip = @$REMOTE_ADDR;
$usr = "muot_report";
$pwd = "passsword"; 
$db = "muot_report"; 
$host = "localhost"; 

# connect to database 
$cid = mysql_connect($host,$usr,$pwd); 
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); } 

$output = '<HTML>'; 

# setup SQL statement 
$SQL = " SELECT * FROM `report` WHERE previous = 1 AND moty = 1"; 
$SQL = $SQL . 

# execute SQL statement 
$retid = mysql_db_query($db, $SQL, $cid) or die(mysql_error()); 

# display results 
$output .= "<table align=center bgcolor=black border=1 bordercolor=white cellpadding=20 width=450>\n\n"; 
$howmany = mysql_num_rows($retid); 
$rowmax = 4; 
for($x = 0; $row = mysql_fetch_array($retid); $x++) 
{ 
if($x % $rowmax == 0) 
$output .= "<tr>\n"; 
$prevpic = $row["Number"]; 
$prevname = $row["prevname"]; 


$output .= "<td align=center><a href=/prev.php?id=$prevpic target=_blank><img src =\"/prevpics/$prevpic.jpg\" width=100 height=100><br><font color=white>$prevname</font></a><br>
<form action=/moty_vote.php method=post>
<input type=hidden name=choice value=$prevpic>
<input type=submit value=Vote! onClick=\"return confirmSubmit()\"></form>
</td>"; 
if($x % $rowmax == $rowmax - 1) 
$output .= "\r</tr>\n\n"; 
} 


$output .= "</table>\n\n"; 

$output .= "</DT></P>"; 

$output .= '</BODY> 
</HTML>'; 

echo $output; 
?><?
  } 
?>

moty_vote.php

Code: Select all

<?
$ip = @$REMOTE_ADDR;
$choice = $_POST['choice'];
$username2= "muot_report";  
$password2= "passwordd";  
$database2= "muot_report";  
$connection2 = mysql_connect('localhost',$username2,$password2);  
mysql_select_db($database2); 

$sql4 = "SELECT * FROM `report` WHERE `Number` =".$choice;
$result4 = mysql_query($sql4) or die(mysql_error());
while($row4 = mysql_fetch_array($result4)) { 
$choice2 = $row4['votes']+1;
}
mysql_query('UPDATE report set `votes` = '.$choice2.' WHERE `Number` ='.$choice);
$query = "INSERT INTO moty_ip VALUES ('','$ip','$choice')";
$result = mysql_query($query) or die(mysql_error());
?>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/moty_thankyou.php">

Need more info??
its probly written horrible and the worst way but it works for me...
I just cant figure out why people can vote more than one time with one IP address...
any one got any good idea how to improve this...and not allow someone to vote more than 1 time..

thanks alot!!!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I see nothing that prevents a previous voter from voting again. I do see several security holes however.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

It adds the voters IP into a row on a table.. and then checks to see if it exists before loading the voting page... It works but I am getting multiple votes on certain IP addresses.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Hmm, I think I should add that 'check for the voters ip' on the vote process page?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

That is probably a pretty good idea, however be aware that many users can be behind a single IP so your check may be serving false positives.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Yeah I was thinking of that, like if they are at a school or somthing like that.

Would cookies be better?
The only reason why I didnt use cookies was because people can just delete them and re-vote.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

nickman013 wrote:Yeah I was thinking of that, like if they are at a school or somthing like that.

Would cookies be better?
The only reason why I didnt use cookies was because people can just delete them and re-vote.
As you can tell there is no foolproof way to handle single votes only, unless your user based is forced to make an account first.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Yea I see.. Ill just manually delete votes if they voted more than 1 time.

Thanks Alot!!
Post Reply