Jump to content

Get Real Ip from client

Soldiers3lite

By Soldiers3lite
in PHP Coding Help

 Share

Recommended Posts

Soldiers3lite Newbie

Soldiers3lite

Posted
Posted

hello,

 

ok, so I've tried several ways to get ip addresses from computers, I use it for a voting poll and I don't want users to vote more than once. So, I save all of the voter's IP address on the DB and I was looking for a way to get an 'authentic' IP from the client because the one that I use right now, does not work very well.

 

The problem with this code is that it will take a 'general' IP from a network. I have four computers on my network and whenever try it voting with the other computer, it tells me that I have already voted. Meaning that the IP has been registered already. So, I went to whatismyip.com and tried to compare if the IPs of my computers were different, and that wasn't the case.

 

Here is the code that I use:

 

    $ip=getenv(remote_addr);

 

 

 

I know it is possible, maybe some other way to compare users against the database because I have seen it and I've tried using my different computers when I vote.

Any help would be much appreciated!

 

Thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/197934-get-real-ip-from-client/
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

getenv won't behave differently than $_SERVER superglobal in this case. Meh, put it in a function or strip it out, but this should work provided your internal proxy sends compliant headers.

 

function getRealIpAddr() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
      $ip=$_SERVER['REMOTE_ADDR'];    
    }
    return $ip;
}

$trueip = getRealIpAddr();

oni-kun Member

oni-kun

Posted
Posted

Verification of IP for voting is really a bad idea. Some ISPs, like AOL, change the IP on EVERY request!

 

What would you suggest for this special case?

 

Thanks!

 

Nothing. Add a cookie, It's impossible to completely amend this problem. Lucky less than 1% of my site traffic is from AOL.

teamatomic Newbie

teamatomic

Posted
Posted

There are devices that will keep the individual IP's in the header but mostly htats corporate where there is a block of real IP's assigned. For normal everyday home routing the IP sent is the IP assigned to the device doing the client end routing. As stated, IP restriction for voting is next to useless. A person with a dial-up back-up connection can simply reconnect and vote almost forever. Some cable and DSL providers will issue a new IP each time a router renews. Even if you could get the client IP you would still run into problems as the vast majority of home router use 192.168.1.X and start DHCP at .50 or .100 so it would not be long before you got collisions in the restrictions.

 

The closest you can come is to make em register before they can vote. That way you can allow only one vote per account.

 

 

HTH

Teamatomic

sKunKbad Advanced Member

sKunKbad

Posted
Posted

Lucky less than 1% of my site traffic is from AOL.

 

Yes, but it only takes one person to abuse the voting, and to turn the vote upside-down!

 

I like the idea of having a cookie, but cookies can always be deleted. You should probably try to do both an IP check and the cookie, that way you have about as much protection as possible (which still isn't perfect).

oni-kun Member

oni-kun

Posted
Posted

Yes, but it only takes one person to abuse the voting, and to turn the vote upside-down!

 

I like the idea of having a cookie, but cookies can always be deleted. You should probably try to do both an IP check and the cookie, that way you have about as much protection as possible (which still isn't perfect).

 

Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times.

 

 

Ken2k7 Member

Ken2k7

Posted
Posted

Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times.

Depends what you're voting for. I can always set up a script to vote every x amount of minutes.

oni-kun Member

oni-kun

Posted
Posted

Very true, but as TeamAtomic suggested registration is the only tried and true method. You could simply disallow a subrange of an IP to vote for, say, 5 minutes. It would only affect the small amount of AOL customers, and there's no way someone would wait 200 minutes to vote 40 times.

Depends what you're voting for. I can always set up a script to vote every x amount of minutes.

 

Hell.... You could parse portion of PHP as an image (IE a pixel on the screen), and if it is in cache it could stop the ability to post (end the session,etc). I don't think someone would ever even think of an image allowing/disallowing the script.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.