You lost me... but it sounds like fun! :) BTW, can anything fake
$HTTP_REFERER?
I'm sure one of the pros on the list can answer your original question:
Is this really a fool-proof method of knowing exactly what the ip is
============================
if (getenv(HTTP_CLIENT_IP)){
$ip=getenv(HTTP_CLIENT_IP);
}
else {
$ip=getenv(REMOTE_ADDR);
}
============================
Steven J. Walker
Walker Effects
www.walkereffects.com
[EMAIL PROTECTED]
On Wednesday, February 20, 2002, at 10:56 PM, [EMAIL PROTECTED]
wrote:
> My problem is a touch different, I know the IP's of the visitors who
> can visit the site, but I need to make sure that it's *really* them.
> Cookies are a potential solution, but don't quite fit the bill due to
> some variables on the users sides - and what I'm really keeping out are
> bots (that break in), not people.
> I've tested for:
> $HTTP_CONNECTION ("Keep-Alive" means not a robot - right?)
> $HTTP_REFERER (can't fake this if you're a robot...?)
> $HTTP_ACCEPT_LANGUAGE (Only comes along with browsers... yea?)
>
> In short, I need to make sure that only humans (who are on the IP list)
> can view content... and I wanted to make sure that bots couldn't spoof
> their IP and look like one of the human IP's.
>
> make sense?
>
> thanks,
> Sean
>
> -----Original Message-----
> From: Steven Walker [mailto:[EMAIL PROTECTED]]
>
> I don't know too much about this, but IP checking is not a reliable way
> of identification anyway. Depending on how people connect to the
> internet, some people will have different IPs every time. Since I use a
> cable modem, my IP address rarely changes (if ever) so I use it as a
> safety net to prevent other users from accessing my files.
>
>
> On Wednesday, February 20, 2002, at 08:28 PM, [EMAIL PROTECTED]
> wrote:
>
>> Hi all,
>>
>> I need to know the exact ip of who is entering a site and I'm worried
>> about proxies and spoofing. From php.net:
>> http://www.php.net/manual/en/function.getenv.php
>> This was listed:
>> ============================
>> This gives you the right ip:
>>
>> if (getenv(HTTP_CLIENT_IP)){
>> $ip=getenv(HTTP_CLIENT_IP);
>> }
>> else {
>> $ip=getenv(REMOTE_ADDR);
>> }
>> ============================
>> Is this really a fool-proof method of knowing exactly what the ip is
>> that's getting onboard?
>>
>> Thanks!
>>
>> Sean
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
