Safe method for web sites to obtain user IP HTTP_X_FORWARDED_FOR inspection_PHP tutorial

Security filtered getIP function

Copy code The code is as follows:

function getIP() {
$realip = ''; //Set the default Value
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
$realip = $_SERVER['HTTP_CLIENT_IP'];
} else {
$realip = $_SERVER['REMOTE_ADDR'];
}

preg_match('/^((?:d{1,3}.){3}d{1,3})/',$realip,$match);
return $match?$match[ 0]:false;
}

The above function adds IP judgment, and will only read data starting with IP format, and the first one that satisfies the IP format value. If not return false. In this way, the IP that meets the format can be read and the IP format of the data is verified.

If I read the IP of the Internet, the IP of the user's incoming LAN, I should filter it out directly

We often see prompts on some websites that illegal IP addresses are actually part of the IP address format error, and part of it may be that the IP address is read and does not meet the IP format allowed on the Internet. The following function encapsulates a function through the IANA site specification. By entering the IP address, you can accurately know whether the IP can be used on the Internet.

Copy code The code is as follows:

//The Internet allows the use of IP addresses
function ipType2($ip) {
$iplist = explode(".", $ip);

if ($iplist[0] >= 224 && $iplist[0] <= 239)
return 'Multicast';
if ($iplist[0] >= 240 && $ iplist[0] <= 255)
return 'reserved';

if (preg_match('/^198.51.100/', $ip))
return 'TEST-NET-2, documentation and examples';
if (preg_match('/^203.0.113/ ', $ip))
return 'TEST-NET-3, documentation and examples';

if (preg_match('/^192.(18|19)./', $ip))
return 'Network Benchmark';

if (preg_match('/^192.168/', $ip))
return 'Private network [intranet]';

if (preg_match('/^192.88.99/', $ip))
return 'ipv6to4 relay';
if (preg_match('/^192.0.2./', $ip) )
return 'TEST-NET-1, documentation and examples';
if (preg_match('/^192.0.0./', $ip))
return 'Reserved (IANA)';
if (preg_match('/^192.0.0./', $ip))
return 'Reserved (IANA)';

if ($iplist[0] == 172 && $iplist[1] <= 31 && $iplist[1] >= 16)
return 'Private network [Intranet]';

if ($iplist[0] == 169 && $iplist[1] == 254)
return 'link local';
if ($iplist[0] == 127)
return 'Loopback address';
if ($iplist[0] == 10)
return 'Private network [intranet]';
if ($iplist[0] == 0)
return 'This network (only valid as a source address)';

return 'InterNet network address';
}

When you enter an IP address, it returns "'InterNet address'. Then this IP address is not only in the correct format, but also a legal IP address on the Internet. This function is very complicated. In fact, it excludes many non-Internet IP addresses. We are probably familiar with the common addresses starting with 192, 127, and 10. But in fact, many IP addresses are reserved or reserved for other purposes. With the above two functions, we can not only read them. The correct format of the IP address can also ensure that the IP address is read on the Internet. The above are functions commonly used in work. Friends are welcome to communicate!

Author: chengmo QQ:8292669

http://www.bkjia.com/PHPjc/327101.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327101.htmlTechArticleThe copy code of the getIP function after security filtering is as follows: function getIP() { $realip = ''; // Set default value if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $realip = $_SERVER['HTTP_...