Get IP Address

if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; }

2 Responses

This snippet has a security issue. By setting the Client-IP or X-Forwarded-For header, anyone can pretend to be anyone else.

Various serious PHP and Python frameworks solved this problem by requiring the admin to configure a list of known and trusted proxies, and the header that they set. If REMOTE_IP comes from one of those proxies, then HTTP_X_FORWARDED_FOR should be inspected, and override the previous result.

Or better, you can just use $_SERVER['REMOTE_IP'] and tell the admin to set up mod_remoteip on his Apache if the said Apache is behind a reverse proxy.
@Alexander Patrakov Yup thats true I would not use this in public domains...

Write a comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.