A program that restricts IP address voting cannot use the PHP code searched under the Internet to obtain the client IP address.

For programs that restrict IP voting, you cannot use the PHP code searched on the Internet to obtain the client IP address. if you want to repost the code to receive a voting activity, you need to restrict the IP address, each IP address limits voting opportunities. I searched for the keyword: PHP client IP address on the search engine. The result basically contains the following content :?? If (getenv ('http _ CLIEN restricted IP address voting program, you cannot use the PHP code searched online to obtain the client IP address to get the client IP address-reprint

IP address restrictions are required for a voting activity. each IP address limits voting opportunities. I searched for the keyword: PHP client IP address on the search engine. The result basically contains the following content :?

?

if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {         $onlineip = getenv('HTTP_CLIENT_IP');} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {         $onlineip = getenv('HTTP_X_FORWARDED_FOR');} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {         $onlineip = getenv('REMOTE_ADDR');} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {         $onlineip = $_SERVER['REMOTE_ADDR'];}

?

This code is used in a wide range of discuz forum software and many open-source PHP software. the general idea is to obtainFinalClient IP address (to obtain the IP address of the user accessing through proxy ).

???????? Many mature programs use this code to obtain the IP address of the client, so I can safely use it in the program. Fortunately, some colleagues reminded me later that, this code cannot be used in the voting program that restricts IP addresses, because HTTP_X_FORWARDED_FOR can be forged, as long as X-Forwarded-For is added to the request header. On the SERVER side, $ _ SERVER ['http _ X_FORWARDED_FOR '] receives the content of this request header.

???????? The following is a description of the program:

???????? Http: // localhost/I. php content is obtained through the above code and printed out.

???????? Write the construction request generation? request this URL: The X-Forwarded-For parameter is added to the request header.

$head = array();$head[] = 'GET /i.php HTTP/1.1';$head[] = 'Host: localhost';$head[] = 'X-Forwarded-For: 255.255.255.255' ;$head[] = 'Connection: Close' ;$head = join("\r\n",$head) ;$head .= "\r\n\r\n"; $fp = fsockopen('localhost', 80);fwrite($fp, $head); $response = array() ;while($buff = fread($fp, 4096)){         $response[] = $buff;}print join('',$response) ;

?

After executing this code, we can see that the server (localhost/I. php) prints 255.255.255.255.

It indicates that this method of obtaining the client IP address is not available in the voting activity of the restricted IP address, and the client IP address can be forged. And directly use? $ _ SERVER ['remote _ ADDR '] Although the obtained IP address is not the final IP address of the user, the restricted function is effective directly.

???????? Of course, it cannot be said that the code is wrong. In some requirements that do not limit the IP address, you should use it. for example, in some websites with many regional sub-websites, directly jump to the sub-website in the user's region.

?

?

?

?

?