Soldiers3lite Posted April 7, 2010 Share Posted April 7, 2010 hello, ok, so I've tried several ways to get ip addresses from computers, I use it for a voting poll and I don't want users to vote more than once. So, I save all of the voter's IP address on the DB and I was looking for a way to get an 'authentic' IP from the client because the one that I use right now, does not work very well. The problem with this code is that it will take a 'general' IP from a network. I have four computers on my network and whenever try it voting with the other computer, it tells me that I have already voted. Meaning that the IP has been registered already. So, I went to whatismyip.com and tried to compare if the IPs of my computers were different, and that wasn't the case. Here is the code that I use: $ip=getenv(remote_addr); I know it is possible, maybe some other way to compare users against the database because I have seen it and I've tried using my different computers when I vote. Any help would be much appreciated! Thanks in advance Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted April 7, 2010 Share Posted April 7, 2010 Verification of IP for voting is really a bad idea. Some ISPs, like AOL, change the IP on EVERY request! Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 7, 2010 Share Posted April 7, 2010 getenv won't behave differently than $_SERVER superglobal in this case. Meh, put it in a function or strip it out, but this should work provided your internal proxy sends compliant headers. function getRealIpAddr() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip=$_SERVER['HTTP_CLIENT_IP']; }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } $trueip = getRealIpAddr(); Quote Link to comment Share on other sites More sharing options...
Soldiers3lite Posted April 7, 2010 Author Share Posted April 7, 2010 Verification of IP for voting is really a bad idea. Some ISPs, like AOL, change the IP on EVERY request! What would you suggest for this special case? Thanks! Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 7, 2010 Share Posted April 7, 2010 Verification of IP for voting is really a bad idea. Some ISPs, like AOL, change the IP on EVERY request! What would you suggest for this special case? Thanks! Nothing. Add a cookie, It's impossible to completely amend this problem. Lucky less than 1% of my site traffic is from AOL. Quote Link to comment Share on other sites More sharing options...
teamatomic Posted April 7, 2010 Share Posted April 7, 2010 There are devices that will keep the individual IP's in the header but mostly htats corporate where there is a block of real IP's assigned. For normal everyday home routing the IP sent is the IP assigned to the device doing the client end routing. As stated, IP restriction for voting is next to useless. A person with a dial-up back-up connection can simply reconnect and vote almost forever. Some cable and DSL providers will issue a new IP each time a router renews. Even if you could get the client IP you would still run into problems as the vast majority of home router use 192.168.1.X and start DHCP at .50 or .100 so it would not be long before you got collisions in the restrictions. The closest you can come is to make em register before they can vote. That way you can allow only one vote per account. HTH Teamatomic Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted April 13, 2010 Share Posted April 13, 2010 Lucky less than 1% of my site traffic is from AOL. Yes, but it only takes one person to abuse the voting, and to turn the vote upside-down! I like the idea of having a cookie, but cookies can always be deleted. You should probably try to do both an IP check and the cookie, that way you have about as much protection as possible (which still isn't perfect). Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 13, 2010 Share Posted April 13, 2010 Yes, but it only takes one person to abuse the voting, and to turn the vote upside-down! I like the idea of having a cookie, but cookies can always be deleted. You should probably try to do both an IP check and the cookie, that way you have about as much protection as possible (which still isn't perfect). Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 14, 2010 Share Posted April 14, 2010 Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times. Depends what you're voting for. I can always set up a script to vote every x amount of minutes. Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 14, 2010 Share Posted April 14, 2010 Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times. Depends what you're voting for. I can always set up a script to vote every x amount of minutes. Hell.... You could parse portion of PHP as an image (IE a pixel on the screen), and if it is in cache it could stop the ability to post (end the session,etc). I don't think someone would ever even think of an image allowing/disallowing the script. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 14, 2010 Share Posted April 14, 2010 PHP can detect if my browser cached the image or not? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.