My problem is a touch different, I know the IP's of the visitors who can visit the
site, but I need to make sure that it's *really* them. Cookies are a potential
solution, but don't quite fit the bill due to some variables on the users sides - and
what I'm really keeping out are bots (that break in), not people.
I've tested for:
$HTTP_CONNECTION ("Keep-Alive" means not a robot - right?)
$HTTP_REFERER (can't fake this if you're a robot...?)
$HTTP_ACCEPT_LANGUAGE (Only comes along with browsers... yea?)
In short, I need to make sure that only humans (who are on the IP list) can view
content... and I wanted to make sure that bots couldn't spoof their IP and look like
one of the human IP's.
make sense?
thanks,
Sean
-----Original Message-----
From: Steven Walker [mailto:[EMAIL PROTECTED]]
I don't know too much about this, but IP checking is not a reliable way
of identification anyway. Depending on how people connect to the
internet, some people will have different IPs every time. Since I use a
cable modem, my IP address rarely changes (if ever) so I use it as a
safety net to prevent other users from accessing my files.
Steven J. Walker
Walker Effects
www.walkereffects.com
[EMAIL PROTECTED]
On Wednesday, February 20, 2002, at 08:28 PM, [EMAIL PROTECTED]
wrote:
> Hi all,
>
> I need to know the exact ip of who is entering a site and I'm worried
> about proxies and spoofing. From php.net:
> http://www.php.net/manual/en/function.getenv.php
> This was listed:
> ============================
> This gives you the right ip:
>
> if (getenv(HTTP_CLIENT_IP)){
> $ip=getenv(HTTP_CLIENT_IP);
> }
> else {
> $ip=getenv(REMOTE_ADDR);
> }
> ============================
> Is this really a fool-proof method of knowing exactly what the ip is
> that's getting onboard?
>
> Thanks!
>
> Sean
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
