socket_getpeername()

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kwong
Forum Newbie
Posts: 10
Joined: Thu Mar 15, 2007 1:17 am

socket_getpeername()

Post by kwong »

Hi all,

I'm currently digging into socket programming and found this function call socket_getpeername()
http://au2.php.net/manual/en/function.s ... ername.php

It retrieves the host ip address and port. I'm not sure if this is the server port and ip or the client's.
Is there a function that we can use to get the client 'real' ip address not the last one from the relay?
If a client is behind a firewall or proxy server, are we going to get the proxy ip address or the client's machine ip address where the request is made?


Thanks for the answer....
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: socket_getpeername()

Post by Mordred »

kwong wrote:Hi all,

I'm currently digging into socket programming and found this function call socket_getpeername()
http://au2.php.net/manual/en/function.s ... ername.php

It retrieves the host ip address and port. I'm not sure if this is the server port and ip or the client's.
Is there a function that we can use to get the client 'real' ip address not the last one from the relay?
If a client is behind a firewall or proxy server, are we going to get the proxy ip address or the client's machine ip address where the request is made?


Thanks for the answer....
RTFM.
socket_getpeername -- Queries the remote side of the given socket
socket_getsockname -- Queries the local side of the given socket
You'll get the proxy ip. Some proxies will tell you the "real" IP of the user in some header - Via, x-forwarded-for, or another. Some will not be distinguishable from an end client. Some client will lie to you that he is a proxy. You can't know for sure.
kwong
Forum Newbie
Posts: 10
Joined: Thu Mar 15, 2007 1:17 am

Re: socket_getpeername()

Post by kwong »

Modred, thanks for your answer.
In fact, it has triggered another question which sounds like this:
"If we can't know for sure our visitor IP address, how would it be possible to distinguish one visitor and another?"
"How do we know that it is Visitor A who connects again regardless their username and password, as these login details can be used by different person."?

Thanks for the answer....
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: socket_getpeername()

Post by Mordred »

Well, you can't be 100% sure. You can only hope that it's true :)
Can you stop me giving my account to my wife, who will connect from our home ISP, with the same password and the same IP, from the same browser with the same settings? Can you recognize the case? (Hint: the answer isn't "yes" :lol: )

The real question is: Should you?

Answer: no.

You work with user accounts. Accounts are recognized in the login process, and identified by a session id (SID), most commonly in a cookie. If you don't have vulnerabilities that allow attacks on the SID (XSS, session fixation, information leaks, predictable SID generation), you can be really sure that it's the same account.
Post Reply