Since I am new to this forum, I figured adding this may be useful to some people as it works very well. If you are retrieving a users IP address for your website, then be sure that you are not using something like: $userip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']: $_SERVER['REMOTE_ADDR']; PHP: I have seen many websites get maliciously destroyed due to the users ability to spoof their ip address and inject the SQL database. If you simply use the 2 functions I will supply here, it works very well and safe. If you find it useful, please give me some positive points as I am trying to build up my profile. Thank you. } function validip($userip) { if (!empty($userip) && ip2long($userip) != -1) { $ReservedIps = array(array('0.0.0.0', '2.255.255.255'), array('10.0.0.0', '10.255.255.255'), array('127.0.0.0', '127.255.255.255'), array('169.254.0.0', '169.254.255.255'), array('172.16.0.0', '172.31.255.255'), array('192.0.2.0', '192.0.2.255'), array('192.168.0.0', '192.168.255.255'), array('255.255.255.0', '255.255.255.255')); foreach ($ReservedIps as $R) { $Min = ip2long($R[0]); $Max = ip2long($R[1]); if ((ip2long($userip) >= $Min) && (ip2long($userip) <= $Max)) return false; } return true; } else { return false; } } function getip() { if (validip(isset($_SERVER['HTTP_CLIENT_IP']))) { return $_SERVER['HTTP_CLIENT_IP']; } foreach (explode(",", isset($_SERVER['HTTP_X_FORWARDED_FOR'])) as $userip) { if (validip(trim($userip))) { return $userip; } } if (validip(isset($_SERVER['HTTP_X_FORWARDED']))) { return $_SERVER['HTTP_X_FORWARDED']; } else if (validip(isset($_SERVER['HTTP_FORWARDED_FOR']))) { return $_SERVER['HTTP_FORWARDED_FOR']; } else if (validip(isset($_SERVER['HTTP_FORWARDED']))) { return $_SERVER['HTTP_FORWARDED']; } else if (validip(isset($_SERVER['HTTP_X_FORWARDED']))) { return $_SERVER['HTTP_X_FORWARDED']; } else { return $_SERVER['REMOTE_ADDR']; } PHP:
why are you posting this? This is help section for begginers/ someone who has troubles ... + your function getip() isn't finished. $_SERVER['REMOTE_ADDR'] is always working for me ...
Hmm, maybe you can point me to the description where it states this is for beginners. From what I read, it says Programming / PHP, not beginners / PHP / come here! The functions I placed above work great and safe for me. Nobody said you had to use them, but maybe somebody else may enjoy them.
Oh for your information, I clearly stated that I supplied the functions to prevent anyone from SPOOFING their ip address as well. In case you didn't know, you CAN spoof an ip address when using your $_SERVER['REMOTE_ADDR'].