Not only that but on some ISPS (AOL) the users proxy may change with each request, making tracking the user by the IP not practical or advisiable. Just to let you know you also can't track the user by the MAC, the mac is designed for local area network identification and not on the Internet and it is easily changable.
If you are wanting to uniquely identify a user what I have done in the past is add a column to the users table in the database, when they login I generate a random identifier and store it on the client and in the DB, then each time the page is loaded I verify the two match, if they don't match I log the user out automatically. This allows you to force the user to be logged in only once but it allows them to login at one pc, then login from another pc and be able to use their account from wherever they logged in last from.
If you are just trying to prevent people from voting twice, etc, or signing up for multiple accounts another technique is to force them to give you valid email and then verify the email is valid by sending them an email and having a link they must click to verify their account.
Remember dialup user's ips change every time they connect anyway so blocking by IP is not that effective unless you block an entire IP range.
Jason
Paul van der Linden wrote:
I've a problem: I need to block accounts with the same ip, but if it's a proxy-server you get only the proxy-server ip's. I downloaded somewhere this script:
<?php $proxy=""; $IP = ""; if (isSet($_SERVER)) { if (isSet($_SERVER["HTTP_X_FORWARDED_FOR"])) { $IP = $_SERVER["HTTP_X_FORWARDED_FOR"]; $proxy = $_SERVER["REMOTE_ADDR"]; } elseif (isSet($_SERVER["HTTP_CLIENT_IP"])) { $IP = $_SERVER["HTTP_CLIENT_IP"]; } else { $IP = $_SERVER["REMOTE_ADDR"]; } } else { if ( getenv( 'HTTP_X_FORWARDED_FOR' ) ) { $IP = getenv( 'HTTP_X_FORWARDED_FOR' ); $proxy = getenv( 'REMOTE_ADDR' ); } elseif ( getenv( 'HTTP_CLIENT_IP' ) ) { $IP = getenv( 'HTTP_CLIENT_IP' ); } else { $IP = getenv( 'REMOTE_ADDR' ); } } if (strstr($IP, ',')) { $ips = explode(',', $IP); $IP = $ips[0]; } $RemoteInfo[0]=$IP; $RemoteInfo[1]=$proxy; print "Client-ip: " . $RemoteInfo[0] . "<BR>Proxy-ip: " . $RemoteInfo[1]; ?>
But that doesn't seems to work, it will only give your proxy-server ip's, and doesn't give the real client-ip. Does someone know how to recieve the real client-ip, and not the proxy-server ip.
Thanx Paul
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
