search
HomeBackend DevelopmentPHP TutorialUnderstand how to get client IP in php

Understand how to get client IP in php

jacklove
jacklove
May 22, 2018 am 11:38 AM
ipphpclient

This article explains how to obtain the client IP through php

The function to obtain the IP is as follows: 

function getIP() {
    $realip = ''; //设置默认值
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $realip = $_SERVER['HTTP_CLIENT_IP'];
    } else {
        $realip = $_SERVER['REMOTE_ADDR'];
    }
    preg_match('/^((?:\d{1,3}\.){3}\d{1,3})/',$realip,$match);
        if($match && ipType($match[0]) == 'InterNet网地址'){
                return  $match[0];
        }else{
                return  false;
        }
}

// The Internet allows the use of IP addresses 

function ipType($ip) {
    $iplist = explode(".", $ip);
    if ($iplist[0] >= 224 && $iplist[0] <= 239)
                return &#39;多播&#39;;
        if ($iplist[0] >= 240 && $iplist[0] <= 255)
        return &#39;保留&#39;;
    if (preg_match(&#39;/^198\.51\.100/&#39;, $ip))
        return &#39;TEST-NET-2,文档和示例&#39;;
    if (preg_match(&#39;/^203\.0\.113/&#39;, $ip))
        return &#39;TEST-NET-3,文档和示例&#39;;
    if (preg_match(&#39;/^192\.(18|19)\./&#39;, $ip))
        return &#39;网络基准测试&#39;;
    if (preg_match(&#39;/^192\.168/&#39;, $ip))
        return &#39;专用网络[内部网]&#39;;
    if (preg_match(&#39;/^192\.88\.99/&#39;, $ip))
        return &#39;ipv6to4中继&#39;;
    if (preg_match(&#39;/^192\.0\.2\./&#39;, $ip))
        return &#39;TEST-NET-1,文档和示例&#39;;
    if (preg_match(&#39;/^192\.0\.0\./&#39;, $ip))
        return &#39;保留(IANA)&#39;;
    if (preg_match(&#39;/^192\.0\.0\./&#39;, $ip))
        return &#39;保留(IANA)&#39;;
    if ($iplist[0] == 172 && $iplist[1] <= 31 && $iplist[1] >= 16)
        return &#39;专用网络[内部网]&#39;;
    if ($iplist[0] == 169 && $iplist[1] == 254)
        return &#39;链路本地&#39;;
    if ($iplist[0] == 127)
        return &#39;环回地址&#39;;
    if ($iplist[0] == 10)
        return &#39;专用网络[内部网]&#39;;
    if ($iplist[0] == 0)
        return &#39;本网络(仅作为源地址时合法)&#39;;
    return &#39;InterNet网地址&#39;;
}

The common functions to obtain IP on the Internet are as follows: 

public function get_real_ip() {
    static $realip;
    if (isset($_SERVER)) {
        if (isset($_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;])) {
            $realip = $_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;];
        } else if (isset($_SERVER[&#39;HTTP_CLIENT_IP&#39;])) {
            $realip = $_SERVER[&#39;HTTP_CLIENT_IP&#39;];
        } else {
            $realip = $_SERVER[&#39;REMOTE_ADDR&#39;];
        }
    } else {
        if (getenv(&#39;HTTP_X_FORWARDED_FOR&#39;)) {
            $realip = getenv(&#39;HTTP_X_FORWARDED_FOR&#39;);
        } else if (getenv(&#39;HTTP_CLIENT_IP&#39;)) {
            $realip = getenv(&#39;HTTP_CLIENT_IP&#39;);
        } else {
            $realip = getenv(&#39;REMOTE_ADDR&#39;);
        }
    }
    return $realip;
}

Difference between 'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'?

1.’REMOTE_ADDR’ is the remote IP, the default is from the tcp connection, the client’s IP. It can be said that it is most accurate and certain that it will only get the client IP directly connected to the server. If the other party accesses the Internet through a proxy server, it will be discovered. What is obtained is the proxy server IP.

For example: a->b(proxy)->c, if c passes 'REMOTE_ADDR', only b's IP can be obtained, but a's IP cannot be obtained.

2. ‘HTTP_X_FORWARDED_FOR’, ‘HTTP_CLIENT_IP’ In order to obtain the original user IP or proxy IP address in a large network. Extend the HTTP protocol. Entity header is defined.

HTTP_X_FORWARDED_FOR = clientip,proxy1,proxy2 All IPs are separated by ",". HTTP_CLIENT_IP In advanced anonymous proxy, this represents the proxy server IP. Since the http protocol extends an entity header, and this value is trusted by the incoming end, it is trusted that the incoming end inputs it according to the rule format. The following uses the example of x_forword_for to illustrate. Under normal circumstances, this value changes process.

Risk points:

These variables come from the http request: x-forword-for field, and client-ip field. A normal proxy server will, of course, pass in these values ​​according to rfc specifications. However, when a user directly constructs the x-forword-for value and sends it to the user, it is like there is a field that can write any value. And the server directly reads, or writes to the database, or displays. It will bring danger, just like the result of operating the data source without any filtering and testing on the input.

For the above getip function:

Except that the client can forge IP at will and can pass in IP in any format. This will cause two major problems. First, if you set up a certain page and impose IP restrictions. The other party can easily change the IP and continuously request the page. Secondly, if you use this kind of data directly, it will bring vulnerabilities such as SQL registration and cross-site attacks. As for the first one, you can set restrictions on the business, and it is best not to use IP restrictions. For the second one, this type can bring huge cyber risks. We must correct it.

This article explains how to obtain the client IP through php. For more related content, please pay attention to the php Chinese website.

Related recommendations:

Detailed explanation of the use of Session in php

The difference between die(), exit(), and return in php Introduction

#The difference between on condition and where condition in SQL

The above is the detailed content of Understand how to get client IP in php. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Related Article
Optimize PHP Code: Reducing Memory Usage & Execution TimeOptimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AM

TooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC

PHP Email: Step-by-Step Sending GuidePHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AM

PHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct

How to Send Email via PHP: Examples & CodeHow to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AM

The best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.

Advanced PHP Email: Custom Headers & FeaturesAdvanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AM

CustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr

Guide to Sending Emails with PHP & SMTPGuide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AM

Sending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.

What is the best way to send an email using PHP?What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPBest Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksPHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

How to fix KB5055518 fails to install in Windows 10?
1 months agoByDDD
How to fix KB5055523 fails to install in Windows 11?
1 months agoByDDD
Roblox: Grow A Garden - Complete Mutation Guide
3 weeks agoByDDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks agoByDDD
Show More

Hot Tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Show More

Hot Topics

Java Tutorial
1664
14
CakePHP Tutorial
1423
52
Laravel Tutorial
1317
25
PHP Tutorial
1268
29
C# Tutorial
1246
24
Show More