Unique IP

asgsoft · 05-09-2006, 01:35 PM

I have a poll script but the only problem it has is that it will let me add more than one vote, I used a basic ip detection but that didn't work. Is there a way of getting the users real IP?

This is what I have right now:

PHP Code:

  <?php

include 'config.php';

mysql_connect("$host", "$user", "$pass") or die(mysql_error()); 

mysql_select_db("$dbname") or die(mysql_error());

$ip = $_SERVER['REMOTE_ADDR'];

if (trim($ip) == '') {

    $ip = $_SERVER['HTTP_CLIENT_IP'];

}

if (trim($ip) == '') {

    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

}

 
$query = mysql_query("select * from vote where ip='$ip'");

$countbans = mysql_num_rows($query);

if($countbans > 0) {

include "results.php";

echo("You have Already Voted!");

}else{

 
$action = $_GET['action'];

if(!isset($action) || empty($action) || $action !== "addvote"){

echo("<form name='form1' method='post' action='?action=addvote'>

                    <table width='100%' border='0' cellspacing='2' cellpadding='0'>

                      <tr> 

                        <td colspan='2'><div align='left'>Do you like my site?</div></td>

                      </tr>

                      <tr> 

                        <td width='19%'><input type='radio' name='vote' value='ex'></td>

                        <td width='81%' bgcolor='#F4F4F4'>It's Excellent!</td>

                      </tr>

                      <tr> 

                        <td><input type='radio' name='vote' value='co'></td>

                        <td bgcolor='#F4F4F4'>Pretty Cool</td>

                      </tr>

                      <tr> 

                        <td><input type='radio' name='vote' value='ok'></td>

                        <td bgcolor='#F4F4F4'>OK</td>

                      </tr>

                      <tr> 

                        <td><input type='radio' name='vote' value='ha'></td>

                        <td bgcolor='#F4F4F4'>Hate It!</td>

                      </tr>

                      <tr> 

                        <td></td>

                        <td><input type='submit' name='Submit' value='Vote!'></td>

                      </tr>

                    </table>

                  </form>");

}elseif($action == "addvote"){

//show result

echo "<p><h4>Thank you For Voting</h4></p>";

$vote = $_POST['vote'];

include 'config.php';

$ip = $_SERVER['REMOTE_ADDR'];

if (trim($ip) == '') {

$ip = $_SERVER['HTTP_CLIENT_IP'];

}

if (trim($ip) == '') {

$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

} 

mysql_connect("$host", "$user", "$pass") or die(mysql_error()); 

mysql_select_db("$dbname") or die(mysql_error());

mysql_query("INSERT INTO `vote` (`vote` , `ip` ) VALUES ('$vote', '$ip')");

}

}

?>

MikeBigg · 05-10-2006, 03:19 AM

In what way didn't it work?

I think using IP address detection alone will not work 100%, primarily because of the way AOL uses proxies to route all their internet traffic. An AOL user is not guaranteed to have the same ip address for different images on a page, let alone two page requests.

There is also the issue of 2 people from the same IP address. Companies may well route all their employees through a single router with one IP address. Frequently the forwarded-for and client-ip fields will not be filled in as it is considered a security risk (even though IP addresses and machine names get sent out in email headers from the same organisations).

Using cookies as well may help.

I'd be very interested to see what you come up with in the end.

Regards,

Mike

JFS · 05-10-2006, 09:58 AM

Code:

function validip($ip) { 
   if (!empty($ip) && ip2long($ip)!=-1) { 
       $reserved_ips = array ( 
       array('0.0.0.0','2.255.255.255'), 
       array('10.0.0.0','10.255.255.255'), 
       array('127.0.0.0','127.255.255.255'), 
       array('169.254.0.0','169.254.255.255'), 
       array('172.16.0.0','172.31.255.255'), 
       array('192.0.2.0','192.0.2.255'), 
       array('192.168.0.0','192.168.255.255'), 
       array('255.255.255.0','255.255.255.255') 
       ); 

       foreach ($reserved_ips as $r) { 
           $min = ip2long($r[0]); 
           $max = ip2long($r[1]); 
           if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false; 
       } 
       return true; 
   } else { 
       return false; 
   } 
} 


function getip() { 
   if (validip($_SERVER["HTTP_CLIENT_IP"])) { 
       return $_SERVER["HTTP_CLIENT_IP"]; 
   } 
   foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) { 
       if (validip(trim($ip))) { 
           return $ip; 
       } 
   } 
   if (validip($_SERVER["HTTP_X_FORWARDED"])) { 
       return $_SERVER["HTTP_X_FORWARDED"]; 
   } elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) { 
       return $_SERVER["HTTP_FORWARDED_FOR"]; 
   } elseif (validip($_SERVER["HTTP_FORWARDED"])) { 
       return $_SERVER["HTTP_FORWARDED"]; 
   } elseif (validip($_SERVER["HTTP_X_FORWARDED"])) { 
       return $_SERVER["HTTP_X_FORWARDED"]; 
   } else { 
       return $_SERVER["REMOTE_ADDR"]; 
   } 
}

this gets you the real ip from the user and validat its, hope it helps

BillyConnite · 05-11-2006, 06:59 AM

Yes, in what way do you mean that you didn't get an IP?
This should work in php:

Quote:

if($_SERVER[HTTP_X_FORWARD_FOR]){
$ip = $_SERVER[HTTP_X_FORWARD_FOR];
}else{
$ip = $_SERVER[REMOTE_ADDR];
}
echo $ip;

All the best, Rhett.

asgsoft · 05-11-2006, 09:28 AM

Quote:

Originally Posted by BillyConnite

Yes, in what way do you mean that you didn't get an IP?
This should work in php:

All the best, Rhett.

Does that mean I can get the actual IP even if they are behind a proxy and it only makes it one vote per PC?

05-09-2006, 01:35 PM	#1 (permalink)
asgsoft NamePros Regular Join Date: Sep 2005 Location: At Home Posts: 846 45.10 NP$ (Donate)	Unique IP I have a poll script but the only problem it has is that it will let me add more than one vote, I used a basic ip detection but that didn't work. Is there a way of getting the users real IP? This is what I have right now: PHP Code: <?php include 'config.php'; mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error()); $ip = $_SERVER['REMOTE_ADDR']; if (trim($ip) == '') { $ip = $_SERVER['HTTP_CLIENT_IP']; } if (trim($ip) == '') { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } $query = mysql_query("select * from vote where ip='$ip'"); $countbans = mysql_num_rows($query); if($countbans > 0) { include "results.php"; echo("You have Already Voted!"); }else{ $action = $_GET['action']; if(!isset($action) \|\| empty($action) \|\| $action !== "addvote"){ echo("<form name='form1' method='post' action='?action=addvote'> <table width='100%' border='0' cellspacing='2' cellpadding='0'> <tr> <td colspan='2'><div align='left'>Do you like my site?</div></td> </tr> <tr> <td width='19%'><input type='radio' name='vote' value='ex'></td> <td width='81%' bgcolor='#F4F4F4'>It's Excellent!</td> </tr> <tr> <td><input type='radio' name='vote' value='co'></td> <td bgcolor='#F4F4F4'>Pretty Cool</td> </tr> <tr> <td><input type='radio' name='vote' value='ok'></td> <td bgcolor='#F4F4F4'>OK</td> </tr> <tr> <td><input type='radio' name='vote' value='ha'></td> <td bgcolor='#F4F4F4'>Hate It!</td> </tr> <tr> <td></td> <td><input type='submit' name='Submit' value='Vote!'></td> </tr> </table> </form>"); }elseif($action == "addvote"){ //show result echo "<p><h4>Thank you For Voting</h4></p>"; $vote = $_POST['vote']; include 'config.php'; $ip = $_SERVER['REMOTE_ADDR']; if (trim($ip) == '') { $ip = $_SERVER['HTTP_CLIENT_IP']; } if (trim($ip) == '') { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error()); mysql_query("INSERT INTO `vote` (`vote` , `ip` ) VALUES ('$vote', '$ip')"); } } ?> __________________ Free SEO and Domain tools \|Best Rugby Tactics Moves and Drills\| Your Source to expired domains & tips :rolleyes:

05-10-2006, 03:19 AM	#2 (permalink)
MikeBigg NamePros Member Join Date: May 2005 Posts: 85 135.00 NP$ (Donate)	In what way didn't it work? I think using IP address detection alone will not work 100%, primarily because of the way AOL uses proxies to route all their internet traffic. An AOL user is not guaranteed to have the same ip address for different images on a page, let alone two page requests. There is also the issue of 2 people from the same IP address. Companies may well route all their employees through a single router with one IP address. Frequently the forwarded-for and client-ip fields will not be filled in as it is considered a security risk (even though IP addresses and machine names get sent out in email headers from the same organisations). Using cookies as well may help. I'd be very interested to see what you come up with in the end. Regards, Mike __________________ The Great Car Park Charges Swindle - join the fight back Funny and Painful Video Clips upload2go.com :: Image and File Hosting Dubious Facts Rate Funny Pictures

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)