PHP solution to obtain the real IP of the user client

Getting the client IP is actually not a simple job. Because of IP spoofing and proxy issues, the authenticity of getting the client IP will be compromised and cannot be 100% accurate. But we still try to find a more complete acquisition method. The real IP method of the client. You can find many ways to obtain the IP using PHP.

function getIp(){
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);

Now we need to explain this code. Two functions are used here, getenv() and strcasecmp(). The former function obtains the system Environment variable, if the value can be obtained, the value will be returned, otherwise false will be returned.

$_SERVER is the server's super global variable array. You can also use $_SERVER['REMOTE_ADDR'] to obtain the client's IP address. The difference between the two The reason is that getenv does not support PHP running in IIS isapi mode. The usage of strcasecmp(string1, string2) string function is to compare string1 and string2. If they are equal, 0 will be returned. If string1 is greater than string2, a number greater than 0 will be returned. If less than 0, return a number less than 0.

The function first uses the customer IP. If it is not established, try to use the proxy method. If it does not work, then use REMOTE_ADDR.

I have also seen a more detailed method of detecting IP, which considers IP spoofing. , similar to the multi-proxy code. The method is similar.

function getip() {
$unknown = 'unknown';
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] && strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], $unknown) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif ( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], $unknown) ) {
$ip = $_SERVER['REMOTE_ADDR'];
}
/*
处理多层代理的情况
或者使用正则方式：$ip = preg_match("/[\d\.]{7,15}/", $ip, $matches) ? $matches[0] : $unknown;
*/
if (false !== strpos($ip, ','))
$ip = reset(explode(',', $ip));
return $ip;
}

1. Obtain the client IP by PHP without using a proxy server:

REMOTE_ADDR = Client IP

HTTP_X_FORWARDED_FOR = No value or not displayed

2. Use a transparent proxy server Situation: Transparent Proxies

REMOTE_ADDR = last proxy server IP

HTTP_X_FORWARDED_FOR = client real IP (when passing through multiple proxy servers, this value is similar: 221.5.252.160, 203.98.182.163, 203.129.72.215)

This type of proxy The server still sends the client's real IP to the access object, which cannot achieve the purpose of hiding the true identity.

3. Using PHP of ordinary anonymous proxy servers to obtain the client IP: Anonymous Proxies

REMOTE_ADDR = The last proxy server IP

HTTP_X_FORWARDED_FOR = Proxy server IP (when passing through multiple proxy servers, this value is similar: 203.98.182.163, 203.98.182.163, 203.129.72.215)

In this case, the real IP of the client is hidden, but disclosed to the access object The client uses a proxy server to access them.

4. The situation of using a deceptive proxy server: Distorting Proxies

REMOTE_ADDR = proxy server IP

HTTP_X_FORWARDED_FOR = random IP (when passing through multiple proxy servers, this value is similar: 220.4 .251.159, 203.98.182.163, 203.129.72.215)

In this case, it is also revealed that the client is using a proxy server, but a fake random IP (220.4.251.159) is made up to replace the client's real IP to deceive it.

5. Use PHP of high anonymity proxy server to obtain client IP: High Anonymity Proxies (Elite proxies)

REMOTE_ADDR = Proxy server IP

HTTP_X_FORWARDED_FOR = No value or no display

Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these headers The message may not be obtained because different browsers and different network devices may send different IP header messages. Therefore, the value obtained by PHP using $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"] may be null or may be It is the "unknown" value.

The above is the PHP solution introduced by the editor to get the real IP of the user client. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will promptly Reply to everyone. I would also like to thank you all for your support of the PHP Chinese website!

For more articles related to PHP’s solution to obtain the real IP of the user client, please pay attention to the PHP Chinese website!