Thread: Why you shouldn't rely entirely on an IP
View Single Post
Old 11-08-2007, 08:59 PM   #17 (permalink)
Tanax
The Prestige
Upcoming Programmer Inquisitive 
 
Tanax's Avatar
 
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
Tanax is on a distinguished road
Default
Quote:
Originally Posted by Wildhoney View Post
Well, as Salathe rightly pointed out, some ISPs rotate the IP on every page, and as Salathe is not man enough to say it himself (grins), I'll say it myself and face the consequences! As AOL rotates the IP on every page, identifying unique visitors is something that can never be determined.

However, as Bluesaga mentioned, and I have verified this with another source, then the comma-separated X_FORWARDED_FOR would be extremely useful. What I couldn't locate is the ordering of the comma+space separated X_FORWARDED_FOR and so if anybody knows, please let me know. Let's assume that I am correct in assuming that the original IP will be at the beginning of the X_FORWARDED_FOR attribute. The following code would work:

PHP Code:
function getUserIP()
{
    if(isset($_SERVER['X_FORWARDED_FOR']))
    {
        if(strpos($_SERVER['X_FORWARDED_FOR'], ',') === false)
        {
            return $_SERVER['X_FORWARDED_FOR'];
        }
        
        return trim(reset(explode(','$_SERVER['X_FORWARDED_FOR'])));
    }
    
    return $_SERVER['REMOTE_ADDR'];

This would check to see if there are any commas in X_FORWARDED_FOR, and if there are, return the first IP. If not then return X_FORWARDED_FOR as-is. If there is no X_FORWARDED_FOR set at all then return the address from REMOTE_ADDR. As pointed out in another article of mine, the two popular web-based proxies do not set the X_FORWARDED_FOR attribute as they are poorly coded and do not understand web-standards.

Let's mimic the X_FORWARDED_FOR and add the following code that calls our getUserIP function:

PHP Code:
$_SERVER['X_FORWARDED_FOR'] = '127.0.0.1, 192.168.0.1';

echo 'User IP: ' getUserIP(); 
This would rightfully return 127.0.0.1. If, however, my assumption is incorrect and the first proxy is at the end of the X_FORWARDED_FOR attribute, which I highly doubt, then replace the reset function with end. Though knowing the correct order would be much appreciated!
I see, that looks really nice!!

But can't you use for example HTTP_USER_AGENT in the function aswell?
Or wouldn't that work?
Tanax is offline   		Reply With Quote