I know that identifying the user IP address with
HTTP_SERVER_VAR S['REMOTE_ADDR'];
is reliant on the browser agent but I have stumpled upon the following
code which I have tried to understand but failed!
//
// Obtain and encode users IP
//
function encode_ip($dotq uad_ip)
{
$ip_sep = explode('.', $dotquad_ip);
return sprintf('%02x%0 2x%02x%02x', $ip_sep[0], $ip_sep[1],
$ip_sep[2], $ip_sep[3]);
}
if( getenv('HTTP_X_ FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SE RVER_VARS['REMOTE_ADDR']) ) ?
$HTTP_SERVER_VA RS['REMOTE_ADDR'] : ( (
!empty($HTTP_EN V_VARS['REMOTE_ADDR']) ) ?
$HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$entries = explode(',', getenv('HTTP_X_ FORWARDED_FOR') );
reset($entries) ;
while (list(, $entry) = each($entries))
{
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry,
$ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/',
'/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/',
'/^10\..*/', '/^224\..*/', '/^240\..*/');
$found_ip = preg_replace($p rivate_ip, $client_ip,
$ip_list[1]);
if ($client_ip != $found_ip)
{
$client_ip = $found_ip;
break;
}
}
}
}
else
{
$client_ip = ( !empty($HTTP_SE RVER_VARS['REMOTE_ADDR']) ) ?
$HTTP_SERVER_VA RS['REMOTE_ADDR'] : ( (
!empty($HTTP_EN V_VARS['REMOTE_ADDR']) ) ?
$HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
$user_ip = encode_ip($clie nt_ip);
It outputs the IP address in something that resembles a hex number? Is
it a more reliable way of identifying an IP?