function detect real ip (updated)

kiss replied

14.06.19, 13:18
PHP Code:

function ip( $default = null, $filter_options = 12582912 ) { $HTTP_X_FORWARDED_FOR = isset( $_SERVER ) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : getenv( 'HTTP_X_FORWARDED_FOR' ) ; $HTTP_X_REAL_IP = isset( $_SERVER ) ? $_SERVER["HTTP_X_REAL_IP"] : getenv( 'HTTP_X_REAL_IP' ) ; $HTTP_CLIENT_IP = isset( $_SERVER ) ? $_SERVER["HTTP_CLIENT_IP"] : getenv( 'HTTP_CLIENT_IP' ) ; $HTTP_X_CLUSTER_CLIENT_IP = isset( $_SERVER ) ? $_SERVER["HTTP_X_CLUSTER_CLIENT_IP"] : getenv( 'HTTP_X_CLUSTER_CLIENT_IP' ) ; $HTTP_X_SUCURI_CLIENTIP = isset( $_SERVER ) ? $_SERVER["HTTP_X_SUCURI_CLIENTIP"] : getenv( 'HTTP_X_SUCURI_CLIENTIP' ) ; $HTTP_CF_CONNECTING_IP = isset( $_SERVER ) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : getenv( 'HTTP_CF_CONNECTING_IP' ) ; $REMOTE_ADDR = isset( $_SERVER ) ? $_SERVER["REMOTE_ADDR"] : getenv( 'REMOTE_ADDR' ) ; $all_ips = explode( ",", "$HTTP_X_FORWARDED_FOR,$HTTP_X_REAL_IP,$HTTP_CLIENT_IP,$HTTP_X_CLUSTER_CLIENT_IP,$HTTP_X_SUCURI_CLIENTIP,$HTTP_CF_CONNECTING_IP,$REMOTE_ADDR" ) ; foreach ( $all_ips as $ip ) { if ( $ip = filter_var( $ip, FILTER_VALIDATE_IP, $filter_options ) ) break ; } return $ip ? $ip : $default ; }

Last edited by kiss; 14.06.19, 14:19.
Leave a comment:
GumSlone replied

16.02.12, 14:58
function fixed, added trim() to ip check.
Leave a comment:
GumSlone replied

08.02.12, 15:41
function updated added filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) which check if the ip is private
Leave a comment:
CuteAmit replied

30.05.11, 04:03
hello guys,

why we using HTTP_X_FORWARDED_FOR', 'HTTP_REMOTE_ADDR_REAL', 'HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'REMOTE_ADDR, to detect ip ???

all these are similar to REMOTE_ADDR ??
Leave a comment:
GumSlone replied

16.04.11, 21:30
Originally posted by arnage View Post

I discard everything invalid, even with commas.

PHP Code:

function user_ip() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED'])) { $ip = $_SERVER['HTTP_X_FORWARDED']; } elseif (!empty($_SERVER['HTTP_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_FORWARDED_FOR']; } elseif (!empty($_SERVER['HTTP_FORWARDED'])) { $ip = $_SERVER['HTTP_FORWARDED']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if (isset($ip) && !preg_match('/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/', $ip)) { $ip = 'ProxyIP'; } return $ip; }

the ip range with comma contains the real ip of opera mini user, i use my function for ip to country detection, because its more correct than the default mod geoip which detects country by remote_addr.
Leave a comment:
arnage replied

16.04.11, 19:19
I discard everything invalid, even with commas.

PHP Code:

function user_ip() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED'])) { $ip = $_SERVER['HTTP_X_FORWARDED']; } elseif (!empty($_SERVER['HTTP_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_FORWARDED_FOR']; } elseif (!empty($_SERVER['HTTP_FORWARDED'])) { $ip = $_SERVER['HTTP_FORWARDED']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if (isset($ip) && !preg_match('/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/', $ip)) { $ip = 'ProxyIP'; } return $ip; }
Leave a comment:
GumSlone replied

16.04.11, 14:24
Originally posted by something else View Post

Yeah i was going to say you could use something like:

PHP Code:

if(!isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])) //re-arange array

however this will also miss poor proxys also
so maybe also an else statement something like:

PHP Code:

else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&$_SERVER['HTTP_X_FORWARDED_FOR']!=$_SERVER['REMOTE_ADDR']) $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

also finally to prevent hacking:

PHP Code:

return (int)$ip1.'.'.(int)$ip2.'.'.(int)$ip3.'.0'; //REAL IP

if someone wants to change/hide ip he can do it easily and there is no way to detect a real ip in such cases,
this function is made to detect ip of other 99% normal site users who use opera or use other different proxys to save their traffic costs and not trying to hide their location/ip, you could also add a function which checks if the detected ip is valid and if not then skip back to remote_addr.
Leave a comment:
something else replied

16.04.11, 13:52
Yeah i was going to say you could use something like:

PHP Code:

if(!isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])) //re-arange array

however this will also miss poor proxys also
so maybe also an else statement something like:

PHP Code:

else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])&&$_SERVER['HTTP_X_FORWARDED_FOR']!=$_SERVER['REMOTE_ADDR']) $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

also finally to prevent hacking:

PHP Code:

return (int)$ip1.'.'.(int)$ip2.'.'.(int)$ip3.'.0'; //REAL IP
Leave a comment:
GumSlone replied

16.04.11, 00:46
Originally posted by something else View Post

is relying on HTTP_X_FORWARDED_FOR as your first choice to get real ip a good idea ?
As it is probably the most common way of spoofing ip number

well, the HTTP_X_FORWARDED_FOR will work wth all opera mini users.
Leave a comment:
something else replied

15.04.11, 03:02
is relying on HTTP_X_FORWARDED_FOR as your first choice to get real ip a good idea ?
As it is probably the most common way of spoofing ip number
Leave a comment:
GumSlone replied

14.04.11, 22:48
i have updated the function
Leave a comment:
Anshul replied

04.04.11, 17:40
Originally posted by GumSlone View Post

yes it will return the last 0 for all ips,
and it should work with nginx and opera and other proxies, this it the latest function which i am using on my sites,
well,
if you dont want to have the last number in ip =0;
you can simply replace :

PHP Code:

list($ip1,$ip2,$ip3,$ip4) = explode('.',$ip); return $ip1.'.'.$ip2.'.'.$ip3.'.0'; //REAL IP

by

PHP Code:

return $ip;

also if you dont use apache's mod_geo_ip for ip to coutry detection its better to set last ip value to zero and cache the result of geo ip detection for this ip eg. with memcached, this will reduce the server load.

ok cool i dont use seperate queries for updatin ip anyway its wid last active time anyway i wil giv a try to this
Leave a comment:
Leviathan73 replied

03.04.11, 17:11
thanks gumslone
Leave a comment:
GumSlone replied

03.04.11, 17:06
Originally posted by Leviathan73 View Post

gumslone.. but they put in the core, or in the user profile?

put it wherever you want to detect the ip
Leave a comment:
Leviathan73 replied

03.04.11, 17:05
gumslone.. but they put in the core, or in the user profile?
Leave a comment:

function detect real ip (updated)

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: