function detect real ip (updated)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    kiss
    Senior Member

  • kiss
    replied
    PHP Code:
     function ip$default null$filter_options 12582912 )
     {
      
    $HTTP_X_FORWARDED_FOR = isset( $_SERVER ) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : getenv'HTTP_X_FORWARDED_FOR' ) ;
      
    $HTTP_X_REAL_IP = isset( $_SERVER ) ? $_SERVER["HTTP_X_REAL_IP"] : getenv'HTTP_X_REAL_IP' ) ;
      
    $HTTP_CLIENT_IP = isset( $_SERVER ) ? $_SERVER["HTTP_CLIENT_IP"] : getenv'HTTP_CLIENT_IP' ) ;
      
    $HTTP_X_CLUSTER_CLIENT_IP = isset( $_SERVER ) ? $_SERVER["HTTP_X_CLUSTER_CLIENT_IP"] : getenv'HTTP_X_CLUSTER_CLIENT_IP' ) ;
      
    $HTTP_X_SUCURI_CLIENTIP = isset( $_SERVER ) ? $_SERVER["HTTP_X_SUCURI_CLIENTIP"] : getenv'HTTP_X_SUCURI_CLIENTIP' ) ;
      
    $HTTP_CF_CONNECTING_IP = isset( $_SERVER ) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : getenv'HTTP_CF_CONNECTING_IP' ) ;
      
    $REMOTE_ADDR = isset( $_SERVER ) ? $_SERVER["REMOTE_ADDR"] : getenv'REMOTE_ADDR' ) ;
      
    $all_ips explode",""$HTTP_X_FORWARDED_FOR,$HTTP_X_REAL_IP,$HTTP_CLIENT_IP,$HTTP_X_CLUSTER_CLIENT_IP,$HTTP_X_SUCURI_CLIENTIP,$HTTP_CF_CONNECTING_IP,$REMOTE_ADDR) ;
      foreach ( 
    $all_ips as $ip ) {
       if ( 
    $ip filter_var$ipFILTER_VALIDATE_IP$filter_options ) )
        break ;
      }
      return 
    $ip $ip $default ;
     } 
    kiss
    Senior Member
    Last edited by kiss; 14.06.19, 14:19.

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    function fixed, added trim() to ip check.

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    function updated added filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) which check if the ip is private

    Leave a comment:

  • CuteAmit
    Member

  • CuteAmit
    replied
    hello guys,


    why we using HTTP_X_FORWARDED_FOR', 'HTTP_REMOTE_ADDR_REAL', 'HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'REMOTE_ADDR, to detect ip ???


    all these are similar to REMOTE_ADDR ??

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    Originally posted by arnage View Post
    I discard everything invalid, even with commas.

    PHP Code:
    function user_ip() {
    if (!empty(
    $_SERVER['HTTP_CLIENT_IP'])) {
    $ip $_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty(
    $_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    elseif (!empty(
    $_SERVER['HTTP_X_FORWARDED'])) {
    $ip $_SERVER['HTTP_X_FORWARDED'];
    }
    elseif (!empty(
    $_SERVER['HTTP_FORWARDED_FOR'])) {
    $ip $_SERVER['HTTP_FORWARDED_FOR'];
    }
    elseif (!empty(
    $_SERVER['HTTP_FORWARDED'])) {
    $ip $_SERVER['HTTP_FORWARDED'];
    } else {
    $ip $_SERVER['REMOTE_ADDR'];
    }
    if (isset(
    $ip) && !preg_match('/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/'$ip)) {
    $ip 'ProxyIP';
    }
    return 
    $ip;

    the ip range with comma contains the real ip of opera mini user, i use my function for ip to country detection, because its more correct than the default mod geoip which detects country by remote_addr.

    Leave a comment:

  • arnage
    Moderator

  • arnage
    replied
    I discard everything invalid, even with commas.

    PHP Code:
    function user_ip() {
    if (!empty(
    $_SERVER['HTTP_CLIENT_IP'])) {
    $ip $_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty(
    $_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    elseif (!empty(
    $_SERVER['HTTP_X_FORWARDED'])) {
    $ip $_SERVER['HTTP_X_FORWARDED'];
    }
    elseif (!empty(
    $_SERVER['HTTP_FORWARDED_FOR'])) {
    $ip $_SERVER['HTTP_FORWARDED_FOR'];
    }
    elseif (!empty(
    $_SERVER['HTTP_FORWARDED'])) {
    $ip $_SERVER['HTTP_FORWARDED'];
    } else {
    $ip $_SERVER['REMOTE_ADDR'];
    }
    if (isset(
    $ip) && !preg_match('/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/'$ip)) {
    $ip 'ProxyIP';
    }
    return 
    $ip;

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    Originally posted by something else View Post
    Yeah i was going to say you could use something like:
    PHP Code:
    if(!isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA']))
             
    //re-arange array 
    however this will also miss poor proxys also
    so maybe also an else statement something like:
    PHP Code:
    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&$_SERVER['HTTP_X_FORWARDED_FOR']!=$_SERVER['REMOTE_ADDR'])
    $ip $_SERVER['HTTP_X_FORWARDED_FOR']; 
    also finally to prevent hacking:
    PHP Code:
    return (int)$ip1.'.'.(int)$ip2.'.'.(int)$ip3.'.0'//REAL IP 
    if someone wants to change/hide ip he can do it easily and there is no way to detect a real ip in such cases,
    this function is made to detect ip of other 99% normal site users who use opera or use other different proxys to save their traffic costs and not trying to hide their location/ip, you could also add a function which checks if the detected ip is valid and if not then skip back to remote_addr.

    Leave a comment:

  • something else
    Moderator

  • something else
    replied
    Yeah i was going to say you could use something like:
    PHP Code:
    if(!isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA']))
             
    //re-arange array 
    however this will also miss poor proxys also
    so maybe also an else statement something like:
    PHP Code:
    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&$_SERVER['HTTP_X_FORWARDED_FOR']!=$_SERVER['REMOTE_ADDR'])
    $ip $_SERVER['HTTP_X_FORWARDED_FOR']; 
    also finally to prevent hacking:
    PHP Code:
    return (int)$ip1.'.'.(int)$ip2.'.'.(int)$ip3.'.0'//REAL IP 

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    Originally posted by something else View Post
    is relying on HTTP_X_FORWARDED_FOR as your first choice to get real ip a good idea ?
    As it is probably the most common way of spoofing ip number
    well, the HTTP_X_FORWARDED_FOR will work wth all opera mini users.

    Leave a comment:

  • something else
    Moderator

  • something else
    replied
    is relying on HTTP_X_FORWARDED_FOR as your first choice to get real ip a good idea ?
    As it is probably the most common way of spoofing ip number

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    i have updated the function

    Leave a comment:

  • Anshul
    Moderator

  • Anshul
    replied
    Originally posted by GumSlone View Post
    yes it will return the last 0 for all ips,
    and it should work with nginx and opera and other proxies, this it the latest function which i am using on my sites,
    well,
    if you dont want to have the last number in ip =0;
    you can simply replace :
    PHP Code:
        list($ip1,$ip2,$ip3,$ip4) = explode('.',$ip); 
        return 
    $ip1.'.'.$ip2.'.'.$ip3.'.0'//REAL IP 
    by
    PHP Code:
    return $ip
    also if you dont use apache's mod_geo_ip for ip to coutry detection its better to set last ip value to zero and cache the result of geo ip detection for this ip eg. with memcached, this will reduce the server load.
    ok cool i dont use seperate queries for updatin ip anyway its wid last active time anyway i wil giv a try to this

    Leave a comment:

  • Leviathan73
    Senior Member

  • Leviathan73
    replied
    thanks gumslone

    Leave a comment:

  • GumSlone
    Administrator

  • GumSlone
    replied
    Originally posted by Leviathan73 View Post
    gumslone.. but they put in the core, or in the user profile?
    put it wherever you want to detect the ip

    Leave a comment:

  • Leviathan73
    Senior Member

  • Leviathan73
    replied
    gumslone.. but they put in the core, or in the user profile?

    Leave a comment:

Working...
X