Rather Easy PHP Question

[user-7256]

Call me stupid, but how do you find the user's IP address through a proxy?

This is MY money on the line, so I need to make sure that users can't submit a form more than once and get more of my money fraudulently or through proxies.

I need one of the best IP finder scripts you can get me... free of course :tu:

$REMOTE_ADDR, yeah, I use that, but what about going PAST the proxy?

Any help appreciated,
-Matt

 

[Eric]

Wouldn't something like this work? Heh, I may do some searching, but anyway...

<?php

if($_SERVER['HTTP_X_FORWARDED_FOR'])
{
  echo $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
  echo $_SERVER['REMOTE_ADDR'];
}

?>

 

[wackyjoe]

getip() will return the most accurate client IP possible:

<?php
function validip($ip) {
   if (!empty($ip) && ip2long($ip)!=-1) {
       $reserved_ips = array (
       array('0.0.0.0','2.255.255.255'),
       array('10.0.0.0','10.255.255.255'),
       array('127.0.0.0','127.255.255.255'),
       array('169.254.0.0','169.254.255.255'),
       array('172.16.0.0','172.31.255.255'),
       array('192.0.2.0','192.0.2.255'),
       array('192.168.0.0','192.168.255.255'),
       array('255.255.255.0','255.255.255.255')
       );

       foreach ($reserved_ips as $r) {
           $min = ip2long($r[0]);
           $max = ip2long($r[1]);
           if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false;
       }
       return true;
   } else {
       return false;
   }
}

function getip() {
   if (validip($_SERVER["HTTP_CLIENT_IP"])) {
       return $_SERVER["HTTP_CLIENT_IP"];
   }
   foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
       if (validip(trim($ip))) {
           return $ip;
       }
   }
   if (validip($_SERVER["HTTP_X_FORWARDED"])) {
       return $_SERVER["HTTP_X_FORWARDED"];
   } elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) {
       return $_SERVER["HTTP_FORWARDED_FOR"];
   } elseif (validip($_SERVER["HTTP_FORWARDED"])) {
       return $_SERVER["HTTP_FORWARDED"];
   } elseif (validip($_SERVER["HTTP_X_FORWARDED"])) {
       return $_SERVER["HTTP_X_FORWARDED"];
   } else {
       return $_SERVER["REMOTE_ADDR"];
   }
}
?>

 

[user-7256]

Thanks, both! What does validip() do? Return true if it's a real IP address? Should I use both?

 

[wackyjoe]

yes use both

 

[user-7256]

Hey,

Thanks a lot for the scripts

However, I tried using my site with a proxy and it still wouldn't come up with the error message I was expecting...

The proxy I was using is www.freeproxy.us

Any ideas?

 

[Kate]

The bottom line is that some proxies are anonymous and some are not.
Proxies that reveal your actual IP via HTTP variables like HTTP_X_FORWARDED_FOR are not anonymous.
Therefore it is not always possible to check if a visitor is concealing their real IP.
It depends on how transparent or anonymous the proxy is.
Also some proxies may reveal the visitor IP in non-standard HTTP variables names, so they won't be noticed by your script but may appear at eye glance.

Some info here which you may find useful: http://www.stayinvisible.com/index.pl/anonymity_of_proxy

 

[user-7256]

Ah, thanks...

-Matt (Rep +)

 

[axilant]

I have a database with 189,471 working proxy ip addresses (Updated daily)

Willing to sell this list $325. This is probably the most efficient way to block a proxy.

Cody