Hi pear-dev,
I would like to know what people think about such method of
IP detection.
I understand that X_FORWARDED_FOR can be faked in requests,
so is there
another way to get the real address behind proxy?
public static function getUserIP()
{
$realIP = '';
$httpXForwardedFor = '';
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$httpXForwardedFor =
$_SERVER['HTTP_X_FORWARDED_FOR'];
}
if (!empty($httpXForwardedFor)) {
if (strpos($httpXForwardedFor, ',') !== false) {
$ips = array_reverse(explode(', ',
$httpXForwardedFor));
} else {
$ips[] = $httpXForwardedFor;
}
foreach ($ips as $i => $ip) {
if
(preg_match('~^((0|10|172.16|192.168|255|127.0).|unknown
)~',
$ip) != 0) {
continue;
}
$realIP = trim($ip);
break;
}
if (empty($realIP)) {
throw new PEAR_Exception('Invalid IP
address.');
}
} else {
$realIP = $_SERVER['REMOTE_ADDR'];
}
$userIP = ip2long($realIP);
if (!$userIP || $userIP == -1) {
throw new PEAR_Exception('Invalid IP address.');
}
return strval($userIP);
}
--
PEAR Development Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub
.php
|