[SOLVED] php ip script bugged?

[darkfreaks]

okay so i have an ip script that checks a text file for known country adresses and returns the name of the country however if i try to implement this into a block script it always returns the IP as united states and i am uncertain why i am using $_SERVER[REMOTE_ADDR] for the IP in my script. i assume it is a bug in the script yes ???

[cunoodle2]

From what I've read all of the items in the "$_SERVER" array can be fairly easily changed so I don't know that you necessarily can trust that...

 

SECURITY RISK !

 

Never ever trust the values that comes from $_SERVER.

 

HTTP_X_FORWARDED, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_FORWARDED, etc.. can be spoofed !

 

To get the ip of user, use only $_SERVER['REMOTE_ADDR'], otherwise the 'ip' of user can be easily changed by sending a HTTP_X_* header, so user can escape a ban or spoof a trusted ip.

 

Are you always testing it from home?  Are you in the US?  Can you hard code a foreign IP into your page that you can use to test it out to give the page the impression you are in Europe or whatever country it is that you are trying to block?  (hope that makes sense)

[darkfreaks]

nope i hard coded a UK IP into the script and it told me it was United States

[darkfreaks]

also here is the PHP IP class

countryfromip.inc.php:

<?php 
/** 
* This class generates the country name and its flag from its IP address 
* 
* 
* @author Rochak Chauhan 
*/ 

class CountryFromIP { 

     private $CountryIPDatabase = 'CountryIPDatabase.txt'; 
     private $ip = ''; 

    /** 
     * Function to validate IP ( please modify it according to your needs) 
     * 
     * @param $ip - string 
     * 
     * @return boolean 
     */ 
    public function ValdateIP($ip) { 
        $ipArray = explode(',',$ip); 

        if(count($ipArray) != 4) { 
            echo "<font color='red' size='3'> <b>ERROR: </b> Invalid IP</font>"; 
            return false; 
        } 
        else { 
            return true; 
        } 
    } 

    /** 
     * Function to return Country name from the IPDatabase 
     * 
     * @param $ip string 
     *  
     * @return string - name of the country, false otherwise 
     */ 
    public function GetCountryName($ip) { 
        $this->ip = $ip; 
        $ip = sprintf("%u", ip2long($ip)); 
     
        $csvArray = file($this->CountryIPDatabase); 
     
        for($i=0; $i<count($csvArray); $i++) { 
            $arrayOfLine = explode(',', $csvArray[$i]); 
            if($ip >= $arrayOfLine[0] && $ip <= $arrayOfLine[1] ) { 
                return $countryName = $arrayOfLine[2]; 
            } 
        } 
        return false; 
    } ?>

 

Main.php:

<?php
$ip="81.111.61.96";
require_once('CountryFromIP.inc.php');
//$ip = $_SERVER['REMOTE_ADDR'];
$object = new CountryFromIP(); 
$countryName =  $object->GetCountryName($ip);//always returns united states
?>

[BK87]

the code seems to explode IP's by commas not by periods...

...

try this..

 

$ip=str_replace(",",".",$_SERVER["REMOTE_ADDR"]);

 

 

[darkfreaks]

ok this is what is happening the $ip variable is not matching the pulled info from the text file can anyone help me on this ???

[PFMaBiSmAd]

You would need to post the line from the file it is supposed to match.

[darkfreaks]

this is the function that pulls the info and matches it to the $ip variable

 

public function GetCountryName($ip) { 
        $this->ip = $ip; 
        $ip = sprintf("%u", ip2long($ip)); 
     
        $csvArray = file($this->CountryIPDatabase); 
     
        for($i=0; $i<count($csvArray); $i++) { 
            $arrayOfLine = explode(',', $csvArray[$i]); 
            if($ip >= $arrayOfLine[0] && $ip <= $arrayOfLine[1] ) { 
                return $countryName = $arrayOfLine[2]; 
            } 
        } 
        return false; 
    } 

 

something is off in this function because its just printing united states as the country even if the IP is british  ???

[PFMaBiSmAd]

So what have you done to troubleshoot what is in $ip, $arrayOfLine[0], and $arrayOfLine[1] to find out why it is not working, since you obviously are going to ignore the suggestion to post the actual data involved that someone else would need to be able to help you.

[darkfreaks]

ok i pulled an example from the text file maybe it will explain more.

 

3560939996,3560939999,GERMANY

 

the $ip variable is just pulling $_SERVER[REMOTE_ADDR]

[PFMaBiSmAd]

That code works for me using an IP of 212.63.161.221, which falls into the corresponding range of 3560939996,3560939999.

 

Your code likely has a problem reading the file in so nothing is being compared. So, I'll ask again, what have you done to troubleshoot what it is actually doing?

[darkfreaks]

ok this is what i have on main.php

 

<?php
require_once('CountryFromIP.inc.php');
$ip=str_replace(",",".",$_SERVER["REMOTE_ADDR"]);
$object = new CountryFromIP(); 
$countryName =  $object->GetCountryName($ip); 
if($countryName ="UNITED STATES"){
?>
html code here
<?php } ?>
<?php if($countryName!=="UNITED STATES"){?>
more html code here
<?php }?>

[cunoodle2]

In your code...

<?php
if($countryName ="UNITED STATES"){
?>
html code here
<?php } ?>
<?php if($countryName!=="UNITED STATES"){?>
?>

 

That first "if" will ALWAYS be true cause its just checking to see if united states was assigned to the variable of $countryName.  Add a second "=" and go from there.

[darkfreaks]

now it only returns the second IF :-\

[cunoodle2]

echo the $countryName to the screen to see what it says.  Also why does the second If have "!==" versus "!=" ??

[darkfreaks]

countryname returns united states

 

ip returns logged ip

 

also i changed it to != and no different :-X

 

 

[cunoodle2]

Is it case sensitive?

 

how about?...

 

<?php
if(strtolower($countryName) == "united states"){
?>
html code here
<?php } ?>
<?php if(strtolower($countryName) != "united states"){?>
?>

[darkfreaks]

no i highly doubt thats the case since the echoed out variable prints UNITED STATES just like it does in the file

 

anyone else got any ideas ???

[cunoodle2]

Well that's basically telling me that the variable is NOT equal to "UNITED STATES" then.  If that were the case then the first one would work.  Is there possibly a white space at the beginning or end?

 

Just to prove me wrong please try the following code...

 

<?php
if(trim(strtolower($countryName)) == "united states"){
?>
html code here
<?php } ?>
<?php if(trim(strtolower($countryName)) != "united states"){?>

[cunoodle2]

If my post does not work then print the value to the screen and view the page source.  See if there is like a "\ " escape character or something in between the words.  I had a major issue with an IF statement awhile back and it was all because of that.  If that is the case then try escaping slashes and comparing again.

[darkfreaks]

nope nothing

[darkfreaks]

anone got any brilliant ideas why it is telling me $countryname does not match UNITED STATES even though i have made sure it does ???

[cunoodle2]

Are you sure there is nothing else in the middle there that is somehow changing the value?  Perhaps a function call or something along those lines?

 

There HAS to be something because basically what we are looking at here is an actual "Bug" with an "IF" statement and I'm betting that there is NOT one like this.  It has to be your code somewhere.

 

Try this code on a temp page or something just to see...

<?php
require_once('CountryFromIP.inc.php');
$ip=str_replace(",",".",$_SERVER["REMOTE_ADDR"]);
$object = new CountryFromIP(); 
$countryName =  $object->GetCountryName($ip); 

echo "<b>Country name info: </b>:<br />\n";
echo "Length: ".strlen($countryName)."<br />\n";
echo "Value:--".$countryName."--<br />\n";

if($countryName == "UNITED STATES")
{
   $echo "IS United States<br />\n";
} 

if($countryName != "UNITED STATES")
{
  $echo "NOT United States<br />\n";
}
?>

 

What are the exact results that it shows on the screen?

[darkfreaks]

Country name info: :

Length: 15

Value:UNITED STATES

 

 

i count 13 characters why is it producing 15 ???

 

[darkfreaks]

ok i needed to use trim() problem fixed for now