I am running a PHP-based Browsergame. My actual banning system gets the ip using this function which I found to be very good.
function get_real_ip()
{
$client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : '';
$x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '';
if (!empty($client_ip))
{
$ip_expl = explode('.',$client_ip);
$referer = explode('.',$remote_addr);
if($referer[0] != $ip_expl[0])
{
$ip=array_reverse($ip_expl);
$return=implode('.',$ip);
}
else
{
$return = $client_ip;
}
}
else if (!empty($x_forwarded_for))
{
if(strstr($x_forwarded_for,','))
{
$ip_expl = explode(',',$x_forwarded_for);
$return = end($ip_expl);
}
else
{
$return = $x_forwarded_for;
}
}
else
{
$return = $remote_addr;
}
unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl);
return $return;
}
Now the problem is, that I still can't get the correct ip, a user still keeps on loggin on. So how does he do that and how to prevent him to register again and again?