How to use PHP to obtain the real IP of the user client

This article mainly introduces the method of using PHP to obtain the real IP of the user client. It has certain reference value. Now I share it with you. Friends in need can refer to it.

Getting the client IP is actually It is not a simple job. Because there are IP spoofing and agency problems, the authenticity of obtaining the client's IP will be compromised and cannot be 100% accurate. However, we try to use more complete methods to obtain the customer's IP. Here are the following Let’s share the PHP method of obtaining the real IP of the user’s client. Let’s take a look.

Obtaining the client’s IP is actually not a simple task. Because of IP spoofing and proxy problems, obtaining the authenticity of the client’s IP It will be discounted and cannot be 100% accurate. But we still try to find a more complete method of obtaining the real IP of the client. There are many ways to obtain the IP using php.

function getIp(){
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);

Now we need to carry out this code Explanation, two functions are used here, getenv() and strcasecmp(). The former function obtains the system environment variable. If the value can be obtained, it returns the value, otherwise it returns false.

$_SERVER It is the server super global variable array. You can also use $_SERVER['REMOTE_ADDR'] to get the client's IP address. The difference between the two is that getenv does not support php running in IIS isapi mode.

strcasecmp(string1 , string2) The usage of the string function is to compare string1 and string2. If they are equal, 0 is returned. If string1 is greater than string2, a number greater than 0 is returned. If it is less, a number less than 0 is returned.

The function first uses the customer IP, if it doesn't work, try using the proxy method. If it doesn't work, use REMOTE_ADDR.

I also saw a more detailed method of detecting IP, which takes into account IP spoofing and multiple proxy codes. The method is similar.

function getip() {
$unknown = 'unknown';
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] && strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], $unknown) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif ( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], $unknown) ) {
$ip = $_SERVER['REMOTE_ADDR'];
}
/*
处理多层代理的情况
或者使用正则方式：$ip = preg_match("/[\d\.]{7,15}/", $ip, $matches) ? $matches[0] : $unknown;
*/
if (false !== strpos($ip, ','))
$ip = reset(explode(',', $ip));
return $ip;
}

1. PHP without using a proxy server to obtain the client IP:

REMOTE_ADDR = Client IP
HTTP_X_FORWARDED_FOR = No value or no display

2. The situation of using a transparent proxy server: Transparent Proxies

REMOTE_ADDR = The last proxy server IP
HTTP_X_FORWARDED_FOR = The real IP of the client (when passing through multiple proxy servers , this value is similar: 221.5.252.160, 203.98.182.163, 203.129.72.215)

This type of proxy server still sends the client’s real IP to the access object, which cannot achieve the purpose of hiding the true identity.

3. Use PHP of ordinary anonymous proxy server to obtain client IP: Anonymous Proxies

REMOTE_ADDR = Last proxy server IP
HTTP_X_FORWARDED_FOR = Proxy server IP (after When there are multiple proxy servers, this value is similar: 203.98.182.163, 203.98.182.163, 203.129.72.215)

In this case, the real IP of the client is hidden, but the client is disclosed to the access object They are accessed using a proxy server.

4. The use of deceptive proxy servers: Distorting Proxies

REMOTE_ADDR = Proxy server IP
HTTP_X_FORWARDED_FOR = Random IP (when passing through multiple proxy servers, this value is similar: 220.4.251.159, 203.98.182.163, 203.129.72.215)

In this case, it also reveals that the client uses a proxy server, but fabricates one Fake random IP (220.4.251.159) replaces the client’s real IP to deceive it.

5. Use PHP of high-anonymity proxy server to obtain the client IP: High Anonymity Proxies (Elite proxies)

REMOTE_ADDR = Proxy server IP

HTTP_X_FORWARDED_FOR = No value or not displayed

Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these header messages may not be available because of different browsers Different network devices may send different IP header messages. Therefore, the value obtained by PHP using $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"] may be a null value or an "unknown" value.

The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

How to implement anti-leeching in PHP

PHP obtains IP information, php obtains ip

The above is the detailed content of How to use PHP to obtain the real IP of the user client. For more information, please follow other related articles on the PHP Chinese website!