PHP implementation of restrictive IP voting program IP source Analysis _php Tips

This article analyses the restrictive IP voting program implemented by PHP. Share to everyone for your reference, specific as follows:

Received a polling campaign needs to do IP restrictions, each IP limit a certain amount of voting opportunities. I search the search engine keywords: PHP client IP, the result is basically the following:

if (getenv (' http_client_ip ') && strcasecmp (getenv (' http_client_ip '), ' unknown ')) {
   $onlineip = getenv (' Http_client_ip ');
} ElseIf (getenv (' http_x_forwarded_for ') && strcasecmp (getenv (' http_x_forwarded_for '), ' unknown ')) {
   $ Onlineip = getenv (' http_x_forwarded_for ');
} ElseIf (getenv (' remote_addr ') && strcasecmp (getenv (' remote_addr '), ' unknown ')) {
   $onlineip = getenv (' Remote_addr ');
} ElseIf (Isset ($_server[' remote_addr ']) && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], ' unknown ') {
   $onlineip = $_server[' remote_addr '];
}

This code is used in a wide range of "Discuz" forum software, as well as many open source PHP software, with a general idea of obtaining the ultimate client IP address (the IP address of the user who uses the proxy).

Because a lot of mature programs use this code to obtain the client IP address, so I also rest assured that the application in the program, fortunately, a colleague to remind, found that this code can not be used in the restricted IP voting procedures, because http_x_forwarded_for this can be forged, Just add x-forwarded-for to the request. The $_server[' http_x_forwarded_for ' on the server side receives the contents of this request header.

Below I use the procedure to explain:

http://localhost/i.php content is obtained through the above code to obtain the IP address, and print out.

Write the generation of the construction request, request this URL: Add the x-forwarded-for parameter in the request header:

$head = Array ();
$head [] = ' get/i.php http/1.1 ';
$head [] = ' host:localhost ';
$head [] = ' x-forwarded-for:255.255.255.255 ';
$head [] = ' connection:close ';
$head = Join ("RN", $head);
$head. = "Rnrn";
$fp = Fsockopen (' localhost ');
Fwrite ($fp, $head);
$response = Array ();
while ($buff = Fread ($fp, 4096)) {
   $response [] = $buff;
}
Print join (', $response);

By executing this code, it can be learned that the server side (localhost/i.php) prints 255.255.255.255.
Explains that this method of obtaining client IP is undesirable in voting activities that restrict IP, and the client's IP address can be forged. and the direct use of $_server[' REMOTE_ADDR '] Although not the user's final IP address, but the limited function is directly effective to achieve.

Of course, I can't say that the code is wrong. In some of the requirements of IP does not restrict, should be used, for example, in some sites with a lot of local Web sites, through the user access to the IP, direct jump to the user's area of the subsite and so on.

More about PHP Interested readers can view the site topics: "Php Curl Usage Summary", "PHP Socket Usage Summary", "PHP Network Programming Skills Summary", "PHP basic Grammar Introductory Course", "PHP operation Office Document skills Summary (including Word, Excel,access,ppt), "The PHP date and time usage summary", "PHP object-oriented Programming Introduction Tutorial", "PHP string (String) Usage Summary", "Php+mysql Database operation Introduction Tutorial" and "PHP common database Operation skill Summary"

I hope this article will help you with the PHP program design.