Unique IP

asgsoft · May 9, 2006

I have a poll script but the only problem it has is that it will let me add more than one vote, I used a basic ip detection but that didn't work. Is there a way of getting the users real IP?

This is what I have right now:

PHP:

<?php
include 'config.php';
mysql_connect("$host", "$user", "$pass") or die(mysql_error()); 
mysql_select_db("$dbname") or die(mysql_error());
$ip = $_SERVER['REMOTE_ADDR'];
if (trim($ip) == '') {
	$ip = $_SERVER['HTTP_CLIENT_IP'];
}
if (trim($ip) == '') {
	$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}

$query = mysql_query("select * from vote where ip='$ip'");
$countbans = mysql_num_rows($query);
if($countbans > 0) {
include "results.php";
echo("You have Already Voted!");
}else{

$action = $_GET['action'];
if(!isset($action) || empty($action) || $action !== "addvote"){
echo("<form name='form1' method='post' action='?action=addvote'>
                    <table width='100%' border='0' cellspacing='2' cellpadding='0'>
                      <tr> 
                        <td colspan='2'><div align='left'>Do you like my site?</div></td>
                      </tr>
                      <tr> 
                        <td width='19%'><input type='radio' name='vote' value='ex'></td>
                        <td width='81%' bgcolor='#F4F4F4'>It's Excellent!</td>
                      </tr>
                      <tr> 
                        <td><input type='radio' name='vote' value='co'></td>
                        <td bgcolor='#F4F4F4'>Pretty Cool</td>
                      </tr>
                      <tr> 
                        <td><input type='radio' name='vote' value='ok'></td>
                        <td bgcolor='#F4F4F4'>OK</td>
                      </tr>
                      <tr> 
                        <td><input type='radio' name='vote' value='ha'></td>
                        <td bgcolor='#F4F4F4'>Hate It!</td>
                      </tr>
                      <tr> 
                        <td></td>
                        <td><input type='submit' name='Submit' value='Vote!'></td>
                      </tr>
                    </table>
                  </form>");
}elseif($action == "addvote"){
//show result
echo "<p><h4>Thank you For Voting</h4></p>";
$vote = $_POST['vote'];
include 'config.php';
$ip = $_SERVER['REMOTE_ADDR'];
if (trim($ip) == '') {
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
if (trim($ip) == '') {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} 
mysql_connect("$host", "$user", "$pass") or die(mysql_error()); 
mysql_select_db("$dbname") or die(mysql_error());
mysql_query("INSERT INTO `vote` (`vote` , `ip` ) VALUES ('$vote', '$ip')");
}
}
?>

MikeBigg · May 10, 2006

In what way didn't it work?

I think using IP address detection alone will not work 100%, primarily because of the way AOL uses proxies to route all their internet traffic. An AOL user is not guaranteed to have the same ip address for different images on a page, let alone two page requests.

There is also the issue of 2 people from the same IP address. Companies may well route all their employees through a single router with one IP address. Frequently the forwarded-for and client-ip fields will not be filled in as it is considered a security risk (even though IP addresses and machine names get sent out in email headers from the same organisations).

Using cookies as well may help.

I'd be very interested to see what you come up with in the end.

Regards,

Mike

JFS · May 10, 2006

Code:

function validip($ip) { 
   if (!empty($ip) && ip2long($ip)!=-1) { 
       $reserved_ips = array ( 
       array('0.0.0.0','2.255.255.255'), 
       array('10.0.0.0','10.255.255.255'), 
       array('127.0.0.0','127.255.255.255'), 
       array('169.254.0.0','169.254.255.255'), 
       array('172.16.0.0','172.31.255.255'), 
       array('192.0.2.0','192.0.2.255'), 
       array('192.168.0.0','192.168.255.255'), 
       array('255.255.255.0','255.255.255.255') 
       ); 

       foreach ($reserved_ips as $r) { 
           $min = ip2long($r[0]); 
           $max = ip2long($r[1]); 
           if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false; 
       } 
       return true; 
   } else { 
       return false; 
   } 
} 


function getip() { 
   if (validip($_SERVER["HTTP_CLIENT_IP"])) { 
       return $_SERVER["HTTP_CLIENT_IP"]; 
   } 
   foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) { 
       if (validip(trim($ip))) { 
           return $ip; 
       } 
   } 
   if (validip($_SERVER["HTTP_X_FORWARDED"])) { 
       return $_SERVER["HTTP_X_FORWARDED"]; 
   } elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) { 
       return $_SERVER["HTTP_FORWARDED_FOR"]; 
   } elseif (validip($_SERVER["HTTP_FORWARDED"])) { 
       return $_SERVER["HTTP_FORWARDED"]; 
   } elseif (validip($_SERVER["HTTP_X_FORWARDED"])) { 
       return $_SERVER["HTTP_X_FORWARDED"]; 
   } else { 
       return $_SERVER["REMOTE_ADDR"]; 
   } 
}

this gets you the real ip from the user and validat its, hope it helps

yeppers · May 11, 2006

Yes, in what way do you mean that you didn't get an IP?
This should work in php:

if($_SERVER[HTTP_X_FORWARD_FOR]){
$ip = $_SERVER[HTTP_X_FORWARD_FOR];
}else{
$ip = $_SERVER[REMOTE_ADDR];
}
echo $ip;

All the best, Rhett.

asgsoft · May 11, 2006

BillyConnite said:
Yes, in what way do you mean that you didn't get an IP?
This should work in php:

All the best, Rhett.

Does that mean I can get the actual IP even if they are behind a proxy and it only makes it one vote per PC?

Unique IP

More options

asgsoft

VIP Member

MikeBigg

Established Member

JFS

VIP Member

yeppers

VIP Member

asgsoft

VIP Member

Similar threads

We're social

New posts ➔

Auction activity ➔

How do you think a potential buyer first checks if your domain is for sale?

Polls of interest ➔

Hot this week ➔

Community favorite ➔

Hot this month ➔

Blog favorites

DandyCapital.com

CaseWork.com

ElectricScooties.com

kersplat.ai

stezos.com

LLMnation.com

SoCoin.org

nypy.xyz

GermSOS.com

trambox.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling