I'm making a form with PHP and I want to keep record of the User's IP Addresses. This is the snip-it of code I used:
<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />
When I open the code up in XAMPP and read the source, the value had an IP address different than what was mine:
<input type="hidden" name="ip" value="::1" />
Does this IP address normally happen when I use it in a localhost (XAMPP)?
If not, are there any alternatives into grabbing the user's IP address?
<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />
Don't do that. Get the request from $_SERVER when the form is submitted. Getting it when the form is generated and storing it in the form just gives people the opportunity to change it.
Does this IP address normally happen when I use it in a localhost (XAMPP)?
Yes. Getting the local IP (IPv6) address is normal when you request a page from localhost.
IP ::1 is "localhost" in IPv6 version. Your machine is configured with IPv6 - and hence you're getting this IP address. Probably, when you deploy your application on the live server, IPv6 will not be configured on the server and your app will get a more familiar IPv4 address (e.g. aaa.bbb.ccc.ddd).
On another note, $_SERVER['REMOTE_ADDR'] may not always contain the right address. It's better to use:
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_address = $_SERVER['REMOTE_ADDR'];
}
'::1' is the IPV6 version of localhost (or 127.0.0.1).
Open port 80 and visit the page from your IP Address. Should work fine then :).
1). You don't need to add <?php echo $_SERVER['REMOTE_ADDR']; ?> to form. In this case it's easy to forge it (actually it's easy any case). Better add IP to data on server side.
2) You can look also to $_SERVER['HTTP_X_FORWARDED_FOR'].
If user have a proxy, some of them (transparent proxies) place real user's IP there.
3) Just note: Data about IP's isn't trustworthy at all.
This is actually your IP. Albeit your IPv6 IP and not IPv4.
In IPv6, ::1 stands for localhost / 127.0.0.1.
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARTDED_FOR'] != '') {
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_address = $_SERVER['REMOTE_ADDR'];
}
This code returns ip of the client. If you think this is the server IP, you are probably right because your server is (presumably) hosted on your pc.
Since your client (the pc) and the server run on the same pc, they both have the same ip.
If you don't understand this, you should really do some research into ips, local ips and all that stuff.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我欲成王,谁敢阻挡 的文章《$_SERVER['REMOTE_ADDR'] not giving the rig》','https://www.manongdao.com/article-131211.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}