David Calkins wrote:
My web page needs to determine the client's external IP address, i.e., the
IP address that others viewing the web page would be able to use to contact
that user's machine (assuming they've setup the appropriate forwarding into
their actual machine of course). In this environment the clients want their external IP to be correctly reported, so there's no issue of people trying to spoof and
show a wrong IP.

I'm currently using $_SERVER['REMOTE_ADDR'] as this seemed like the best
approach as I thought it would yield the IP as seen from the web server and
hence, hopefully, as seen by everyone else on the internet.

This works in many cases, but in a couple cases users have reported issues
with others not being able to use the IPs the web page reports to contact their
machines.  In these cases the $_SERVER['REMOTE_ADDR'] seems to be returning
a different IP than what www.whatismyip.com <http://www.whatismyip.com> returned, for example.

Is there another reccomended way to get the client's externally visible IP
address?  Or is $_SERVER['REMOTE_ADDR'] the right approach but might
not always work?

life is not that simple.... here are some functions I wrote as an attempt to
to better than 'REMOTE_ADDR' - interested if these allow you to retrieve the
same IP as whatismyip.com:

/* Determine if an ip is in a net.
 * E.G. 120.120.120.120 in 120.120.0.0/16
 */
function isIPInSubnet($ip, $net, $mask)
{
    $firstpart  = substr(str_pad(decbin(ip2long($net)), 32, "0", STR_PAD_LEFT) 
,0 , $mask);
    $firstip    = substr(str_pad(decbin(ip2long($ip)), 32, "0", STR_PAD_LEFT), 
0, $mask);

    return (strcmp($firstpart, $firstip) == 0);
}

/* This function check if a ip is in an array of nets (ip and mask) */
function isPrivateIP($theip)
{
    foreach (array("10.0.0.0/8",
                   "172.16.0.0/12",
                   "192.168.0.0/16") as $subnet)
    {
        list($net, $mask) = explode('/', $subnet);
        if(isIPInSubnet($theip,$net,$mask)) {
            return true;
        }
    }

    return false;
}

/* Building the ip array with the HTTP_X_FORWARDED_FOR and REMOTE_ADDR HTTP 
vars.
 * With this function we get an array where first are the ip's listed in
 * HTTP_X_FORWARDED_FOR and the last ip is the REMOTE_ADDR
 */
function getRequestIPs()
{
    $ipList = array();

    foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'REMOTE_ADDR') 
as $key) {
        if (isset($_SERVER[$key]) && $_SERVER[$key]) {
            $ipList = array_merge($ipList, explode(',', $_SERVER[$key]));
            break;
        }
    }

    return $ipList;
}

/* try hard to determine whAt the users/clients public IP address is */
function getRequestIP($allowPrivIPs = false)
{
    foreach (getRequestIPs() as $ip) {
        if($ip && ($allowPrivIPs === true || !isPrivateIP($ip))) {
            return $ip;
        }
    }


    return 'unknown';
}



Thanks!


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to