What are the possible return values ββfor $ _SERVER ['REMOTE_ADDR'] ;?
When writing a login module, I want to register the IP as an additional measure to check who is on the other side the same person on the other side.
I use $_SERVER['REMOTE_ADDR']
as one of many ways to get the IP address of a remote computer. Apart from IPv4 or IPv6 address, are there other values ββI should expect this to return?
source to share
There really isn't any extra security to validate IP addresses as they can be easily spoofed, and anyone with enough knowledge of intercepting POST transactions is likely to do so anyway.
In addition, you could potentially annoy legitimate users. Think about where the person might be in a location that has multiple free open Wi-Fi hotspots. When they land on your login page, they might be connected to the same access point, but by the time they log in, their machine might decide that another router is the best option and therefore their IP address will change. Believe it or not, this can get in the way of some (albeit very few) easily frustrated users.
To be honest, I just wouldn't bother. Using SSL, if possible, is usually the best way to avoid security issues like the description you describe. Good luck with your project.
source to share
According to the online PHP documentation, only the IP address should be returned.
http://us.php.net/manual/en/reserved.variables.server.php
"'REMOTE_ADDR':
The IP address from which the user is viewing the current page.
source to share
The value can be an IPv4 or IPv6 address. While you will probably only get the canonical values, remember that IP addresses can be written in several ways. 192.0.2.1
matches with 192.000.002.001
, 2001:db8::1
matches 2001:0db0:0000:0000:0000:0000:0000:0001
, etc. IPv4 addresses can even be written in IPv6 notation, for example ::ffff:192.0.2.1
or ::ffff:c000:0201
if the web server accepts IPv4 connections to IPv6 sockets, I see there are a lot on Linux systems.
Writing IP addresses shouldn't be a problem as long as you reserve enough space. In fact, using IP addresses for access control is getting more complicated these days. As large parts of the world have run out of new IPv4 addresses, you will find that ISPs have to use NAT on a large scale to keep new clients connected to the IPv4 Internet. These large-scale NATs will use a pool of public IPv4 addresses for perhaps thousands of clients. One IP address can be used by many clients, and one client can use different addresses from the pool.
There are other things that count with IPv6 IP tracking. The original IPv6 autoconfiguration mechanism was based on using the MAC address as part of the IPv6 address. Due to privacy concerns, most operating systems now use a (sort of) randomly generated interface identifier (usually the last 64 bits of the address) for outgoing connections, and these bits may / will change over time. Some operating systems (Mac OS X) even keep statistics on whether IPv4 or IPv6 is faster, and I've seen clients occasionally switch between IPv4 and IPv6.
And then you might have users roaming from one wireless access point or office network to another, thereby switching IP addresses.
So, I think that logging IP addresses might make sense depending on what you want to do with the data, but using them as (part of) a form of access control can cause more problems than it costs.
source to share