How to get the real IP of the user client in PHP?

How does PHP get the real IP of the user client? This article will introduce to you the method of obtaining the real IP of the user client in PHP. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

Obtaining the client IP is actually not a simple task. Because of IP spoofing and proxy problems, the authenticity of obtaining the client IP will be compromised and cannot be 100% accurate. But we still try to find a more complete method to obtain the real IP address of the client. There are many ways to get IP using php.

Use getenv to get the client's IP address, for example:

function getIp(){
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);

In PHP, $_SERVER is the server's super global variable array. You can also use $_SERVER['REMOTE_ADDR'] to get the client's IP address. The difference between the two is that getenv does not support PHP running in IIS isapi mode.

Now we need to explain this code. Two functions are used here, getenv() and strcasecmp(). The former function gets the system environment variables. If the value can be obtained, it will return the value. If it cannot, it will return false. .

strcasecmp(string1, string2) The usage of the string function is: compare string1 and string2, and return 0 if they are equal; if string1 is greater than string2, return a number greater than 0, if less than return a number less than 0.

The function first uses the customer IP. If it does not work, try to use the proxy method. If it does not work, then use REMOTE_ADDR.

I have also seen a more detailed method of detecting IP, which considers IP spoofing and multiple proxy codes. The method is similar Similar.

function getip() {
$unknown = 'unknown';
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] && strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], $unknown) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif ( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], $unknown) ) {
$ip = $_SERVER['REMOTE_ADDR'];
}
/*
处理多层代理的情况
或者使用正则方式：$ip = preg_match("/[\d\.]{7,15}/", $ip, $matches) ? $matches[0] : $unknown;
*/
if (false !== strpos($ip, ','))
$ip = reset(explode(',', $ip));
return $ip;
}

REMOTE_ADDR = Client IP

1. The situation of obtaining the client IP by PHP without using a proxy server:

HTTP_X_FORWARDED_FOR = No value or no display

2. The situation of using a transparent proxy server: Transparent Proxies

REMOTE_ADDR = The last proxy server IP
HTTP_X_FORWARDED_FOR = The real IP of the client (when passing through multiple proxy servers, this value is similar: 221.5.252.160, 203.98.182.163, 203.129.72.215)

This type of proxy server will still be used The real IP of the client is sent to the access object, which cannot achieve the purpose of hiding the true identity.

3. Use PHP of ordinary anonymous proxy server to obtain the client IP: Anonymous Proxies

REMOTE_ADDR = The last proxy server IP
HTTP_X_FORWARDED_FOR = Proxy server IP (when passing through multiple proxy servers, this value is similar: 203.98.182.163, 203.98.182.163, 203.129.72.215)

In this case, the real IP of the client is hidden, but the client is disclosed to the access object They are accessed using proxy servers.

4. The situation of using deceptive proxy servers: Distorting Proxies

REMOTE_ADDR = Proxy server IP
HTTP_X_FORWARDED_FOR = Random IP (when passing through multiple proxy servers, this value is similar: 220.4 .251.159, 203.98.182.163, 203.129.72.215)

In this case, it is also revealed that the client is using a proxy server, but a fake random IP (220.4.251.159) is made up to replace the client's real IP to deceive it.名 V. PHP with a high anonymous proxy server obtain client IP situation: High Anonymity Proxies (Elite Proxies)

Remote_addr = Agent server ip

Http_x_For = No value or no display

Http_forwardeded_For, These header messages may not be obtained because different browsers and different network devices may send different IP header messages. Therefore, the values ​​obtained by PHP using $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"] may be null values. It may also be the "unknown" value.

Summary: The above is the entire content of this article, I hope it will be helpful to everyone's learning.