Voodoo22
Reputation: 28
Securing IP check php
I have
$result = mysqli_query($mysqli,"SELECT * FROM ".MYSQLBTCTABLE." WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND date = '".date("Y-m-d")."' AND time = '".date("D")."'") or die(mysqli_error());
How can I secure the $_SERVER['REMOTE_ADDR'] so it checks not only the user ip/proxy but also the socks ip so they can't abuse my code by changing IP?
also I found this code:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Will it work so if I put WHERE ip = '".($ip)."'?
Upvotes: 0
Views: 185
Answers (1)
Alma Do
Reputation: 37365
You can not do that in common case
- You can't be sure if user is using proxy: it can be anonymous proxy
- You can't be sure if he is using computer device
- You can't be sure that he is human: it may be request via
cURLor similar stuff
So that's the reality of the Internet. You can not rely on any information that came from client side. If you're suspecting that user changed his IP address - then hide critical part behind authentication. Thus, you'll be able to identify user by his login in your web-application.
Upvotes: 2
Related Questions
- Check proxy using PHP
- PHP most accurate / safe way to get real user IP address in 2017
- Detecting proxies via PHP
- PHP IP Filtering
- php get ip from proxy
- PHP get real IP (proxy detection)
- How To Track the Real IP Address Behind the Proxy
- How to code feature on checking visitor IP address in PHP?
- I need get the IP address
- PHP Secure Remote Proxy Server Health