definitive way to get user ip address php
$_SERVER['REMOTE_ADDR']
is the only reliable IP address you'll get - it's extracted directly from the TCP stack and is where the current connection was established from. This means if the user is connecting via a proxy, you'll get the proxy's address, not the user's.
Any of the other header-based ones are unreliable, as HTTP headers are trivial to forge. You can use the information from them, if you'd like, as long as you don't TRUST it.
PHP most accurate / safe way to get real user IP address in 2017
Short answer:
$ip = $_SERVER['REMOTE_ADDR'];
As of 2021 (and still) $_SERVER['REMOTE_ADDR'];
is the only reliable way to get users ip address, but it can show erroneous results if behind a proxy server.
All other solutions imply security risks or can be easily faked.
Get the client IP address using PHP
The simplest way to get the visitor’s/client’s IP address is using the $_SERVER['REMOTE_ADDR']
or $_SERVER['REMOTE_HOST']
variables.
However, sometimes this does not return the correct IP address of the visitor, so we can use some other server variables to get the IP address.
The below both functions are equivalent with the difference only in how and from where the values are retrieved.
getenv() is used to get the value of an environment variable in PHP.
// Function to get the client IP address
function get_client_ip() {
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
$_SERVER is an array that contains server variables created by the web server.
// Function to get the client IP address
function get_client_ip() {
$ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP']))
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_X_FORWARDED']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_FORWARDED']))
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if(isset($_SERVER['REMOTE_ADDR']))
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
How to get Real IP from Visitor?
Try this php code.
<?PHP
function getUserIP()
{
// Get real visitor IP behind CloudFlare network
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
$_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
$client = @$_SERVER['HTTP_CLIENT_IP'];
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
$remote = $_SERVER['REMOTE_ADDR'];
if(filter_var($client, FILTER_VALIDATE_IP))
{
$ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
$ip = $forward;
}
else
{
$ip = $remote;
}
return $ip;
}
$user_ip = getUserIP();
echo $user_ip; // Output IP address [Ex: 177.87.193.134]
?>
What is the most accurate way to retrieve a user's correct IP address in PHP?
Here is a shorter, cleaner way to get the IP address:
function get_ip_address(){
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip); // just to be safe
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
return $ip;
}
}
}
}
}
Your code seems to be pretty complete already, I cannot see any possible bugs in it (aside from the usual IP caveats), I would change the validate_ip()
function to rely on the filter extension though:
public function validate_ip($ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false)
{
return false;
}
self::$ip = sprintf('%u', ip2long($ip)); // you seem to want this
return true;
}
Also your HTTP_X_FORWARDED_FOR
snippet can be simplified from this:
// check for IPs passing through proxies
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
// check if multiple ips exist in var
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false)
{
$iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($iplist as $ip)
{
if ($this->validate_ip($ip))
return $ip;
}
}
else
{
if ($this->validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
}
To this:
// check for IPs passing through proxies
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($iplist as $ip)
{
if ($this->validate_ip($ip))
return $ip;
}
}
You may also want to validate IPv6 addresses.
Function to get user ip address
Well, your function should behave as expected, but here are some suggestions:
// lowercase first letter of functions. It is more standard for PHP
function getIP()
{
// populate a local variable to avoid extra function calls.
// NOTE: use of getenv is not as common as use of $_SERVER.
// because of this use of $_SERVER is recommended, but
// for consistency, I'll use getenv below
$tmp = getenv("HTTP_CLIENT_IP");
// you DON'T want the HTTP_CLIENT_ID to equal unknown. That said, I don't
// believe it ever will (same for all below)
if ( $tmp && !strcasecmp( $tmp, "unknown"))
return $tmp;
$tmp = getenv("HTTP_X_FORWARDED_FOR");
if( $tmp && !strcasecmp( $tmp, "unknown"))
return $tmp;
// no sense in testing SERVER after this.
// $_SERVER[ 'REMOTE_ADDR' ] == gentenv( 'REMOTE_ADDR' );
$tmp = getenv("REMOTE_ADDR");
if($tmp && !strcasecmp($tmp, "unknown"))
return $tmp;
return("unknown");
}
Related Topics
Fatal Error: Call to Undefined Function Openssl_Random_Pseudo_Bytes()
Illegal Command Error Code 127 in PHP Exec Function
Opposite of Nl2Br? Is It Str_Replace
Why Can't I Access the Array with Index Directly
How to Make Sure That Values from MySQL Keep Their Type in PHP
PHP Optional Parameters - Specify Parameter Value by Name
Submit Multiple Forms with One Button
PHP Undefined Index Error $_Files
Nested PHP Ternary Trouble: Ternary Output != If - Else
How to Download a File on Clicking the Name of File Using PHP
Sort a Set of Multidimensional Arrays by Array Elements
How To: Install Memcache on Xampp (Windows 7/8/10)
Difference Between Float and Double in PHP
"Usort" a Doctrine\Common\Collections\Arraycollection