Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy. This forum is not for asking programming related questions.
So, I tried it out on my system, and both of my computers that are connected to my router returned the same address. So, I removed the router from the DSL modem, and linked directly through the modem -- still getting the same ip address, which is not the address that I get from ipconfig at the command prompt.
I want to know if I am getting an actual ip address from my location, or an address which merely locates my isp. Because, I want to be able to know when a person logs in more than once, but not when an ISP does.
You cannot reliably get the ip address of users. Whether it is NAT, or proxies, or other items, IP addresses do not have a reliable relationship to the users.
I agree with Roja. It's not reliable information. I use code similar to what you posted in that it checks for the FORWARDED header but the only place I actually use IP address check is in statistics gathering for things like hit counters and other traffic analysis. I wouldn't rely on an IP address if it was critical to the design of an authentication system or such like... it I mean, the forwarded value can easily be spoofed, or not passed at all.
The purpose of my locating when someone has already logged in is for a customer whose has recipes posted on their site which are specific for their product. They want for users to be able to post ratings/reviews for recipes. I will store the reviews in a database, and if I stored the corresponding ip address, I could make reasonably sure that people were not trying to "hack the results." I am not going to force log ins, as that is not what this site is looking for, just want to put some kind of net in place to see if they are voting more than once for the same recipe. (Of course, they can vote as many times as they would like as long as they are reviewing different recipes)
OK, look at it this way. An association may have 1000 computers hooked up to the internet but they only have 1 external IP address you can see. Two people log onto your site, they are both the same person if all you're going by is an IP.
In my house, we have three computers, all connected to a router. We are all the same person.
Using cookies/sessions could perhaps be used in some way yes, although again this could probably be worked around easily.
Without an actual set of fixed credentials to identify a "person" (i.e. username/password) this is not going to be reliable. I wonder what use cookies could be here?