Re: [PHP] user's ip

Tue, 07 Aug 2001 19:20:11 -0700 

I would use

$HTTP_SERVER_VARS["REMOTE_ADDR"]
 or
$HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]

to return the IP address..

I have seen, people using if($ip == $REMOTE_ADDR) { // do whatever }
but in some configurations of PHP this can be a bad thing..

index.php?REMOTE_ADDR=10.0.0.1 would override the variable $REMOTE_ADDR (in
SOME configurations)

Its probably alot harder for a malicious user to fake the HTTP_SERVER_VARS
array than just a normal variable.

Just my .02c :)

Regards

Chris

-----Original Message-----
From: Renze Munnik [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 7 August 2001 10:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Re: [PHP] user's ip]


On Tue, Aug 07, 2001 at 02:01:04PM +0200, René Moonen wrote:
> The problem is that REMOTE_ADDR returns the IP address of the
> proxy (if the user
> accesses the web-page via a proxy. This will allways return the IP
> address of
> the user's machine:
>
> if(getenv(HTTP_X_FORWARDED_FOR))
> {
>   $ip=getenv(HTTP_X_FORWARDED_FOR);
> }
> else
> {
>   $ip=getenv(REMOTE_ADDR);
> }
> $host = gethostbyaddr($ip);
>


Ahh.... see, that wasn't clear in the question. Yeah... that's true.
Pain in the ass those proxies. They're also realy useful while
testing your (dynamic) site. NOT!!! "Hey, what's this? I thought I'd
realy changed that error. How's this possible?", "Didn't I just
change the background-color? Why is it still the same?"
BECAUSE THE DAMN PROXY DOESN'T WANT TO SHOW YOU THE NEW VERSION.
No... cache, cache, cache... Damn things always come up with pages
that are (way) to old!

But anyway... that's not what this was about (just my own
frustration). But I just don't use the proxy nomore. Only for
testing things like REMOTE_ADDR etc.

But thank you for specifying the question. And eh, you're right. I
just didn't know the question was about this problem.

--

* R&zE:

-- »»»»»»»»»»»»»»»»»»»»»»»»
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
--
-- Stationsplein 82
-- 2011 LM  HAARLEM
--
-- http://www.datalink.nl
-- ««««««««««««««««««««««««


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to