How to get ip from a user using php?

Asked

Viewed 44,856 times

11

I’m using the function getenv("REMOTE_ADDR"), to catch the ip users who enter a particular page of my site and then I made a if to redirect that ip which is not equal to the variable of ip allowed. But when I play in the hosting it does not catch the ip who is accessing and yes another ip.

Does anyone know why or knows another method?

<?php

    $pegar_ip = $_SERVER["REMOTE_ADDR"];
    $ip_permitido = "ip_permitido";

    if ($pegar_ip == $ip_permitido) 
    {
       echo 'Ip Permitido!';
    } 
    else 
    { 
        header("Location: url");
    }

?>

2 answers

15

If you are not using services such as Cloudflare, Incapsula and neither Sucuri, among others, you can use:

$_SERVER['REMOTE_ADDR'];

This will return the IP of the user, if he is using proxy will return the IP of the proxy he is using, however it is better than trusting the X-FORWARDED-FOR.


If you’re using Cloudflare:

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

If you’re using Incapsula:

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_INCAP_CLIENT_IP'];

If you are using the Sucuri:

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];

Remember that it is extremely necessary to recur direct connections to the server, restricting access to the site to connections originating from these services. Otherwise, it will allow a Spoofing IP. This is because any header can be changed or inserted by the client, in which case it could include a HTTP_CF_CONNECTING_IP arbitrary and send out the request from Cloudflare.

In this case, from Cloudflare, only authorize access to Ips from Cloudflare, this will prevent someone from connecting directly to your server and specify a HTTP_CF_CONNECTING_IP arbitrary, you can see an example of this setting in specific here.

8

The simplest way to get the IP address would be using the variable $_SERVER, as $_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_HOST']. However these 2 variables do not always return the correct IP of the user/visitor, so you can use other variables, the best way to do this would be to create a function. I recommend looking at the topic of the source, even in English, to have an explanation and even better ideas.

Basically creating a simple function:

function get_client_ip() {
    $ipaddress = '';
    if (isset($_SERVER['HTTP_CLIENT_IP']))
        $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
    else if(isset($_SERVER['HTTP_X_FORWARDED']))
        $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
    else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
        $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
    else if(isset($_SERVER['HTTP_FORWARDED']))
        $ipaddress = $_SERVER['HTTP_FORWARDED'];
    else if(isset($_SERVER['REMOTE_ADDR']))
        $ipaddress = $_SERVER['REMOTE_ADDR'];
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}

This function is not by me, but by a user of the stackoverflow forum in English, look at the source.

Source: Stackoverflow in English

  • that’s right vlw gave right Aki.

  • 3

    This function is very dangerous. The HTTP_CLIENT_IP and the HTTP_X_FORWARDED_FOR are headers sent by the user, which can be changed and manipulated. Including, the X_FORWARDED_FOR may have one more IP separated by comma. Someone commented on this in the original English post as well, not in those words, but here’s the warning.

  • @Inkeliz Correct, I saw this warning, so I recommended that you take a good look at the topic, since this would be the simplest solution in PHP, but it has its caveats

Browser other questions tagged

You are not signed in. Login or sign up in order to post.