Get Visitor IP address is not working using PHP - php

I an trying to get visitor ip address to my WordPress site . to do this I write a function getcustomerip() but it showing nothing . can someone help me to what I am doing wrong.
function getcustomerip(){
// Get real visitor IP behind CloudFlare network
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
$_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
$client = #$_SERVER['HTTP_CLIENT_IP'];
$forward = #$_SERVER['HTTP_X_FORWARDED_FOR'];
$remote = $_SERVER['REMOTE_ADDR'];
if(filter_var($client, FILTER_VALIDATE_IP)){
$ip = $client;
}elseif(filter_var($forward, FILTER_VALIDATE_IP)){
$ip = $forward;
}else{
$ip = $remote;
}
return $ip;
}

Related

Prevents bots, and stay in current URL if User is real

I have a script on my website, to prevents bots, it works fine but since i modified it to make changes i had a lot of errors, i'm not good at php.
<?php
error_reporting();
session_start();
$config_antibot['apikey'] = '________________________';
$config_antibot['bot'] = 'https://google.com';
$config_antibot['real'] = 'https://mywebsite.com';
class Antibot
{
function apikey($api_key){
$this->apikey = $api_key;
}
function get_client_ip()
{
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
$_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
$client = #$_SERVER['HTTP_CLIENT_IP'];
$forward = #$_SERVER['HTTP_X_FORWARDED_FOR'];
$remote = $_SERVER['REMOTE_ADDR'];
if(filter_var($client, FILTER_VALIDATE_IP))
{
$ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
$ip = $forward;
}
else
{
$ip = $remote;
}
return $ip;
}
function httpGet($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
return $response;
}
function check(){
$ip = $this->get_client_ip();
$respons = $this->httpGet("https://antibot.pw/api/v2-blockers?ip=".$ip."&apikey=".$this->apikey."&ua=".urlencode($_SERVER['HTTP_USER_AGENT']));
$json = json_decode($respons,true);
if($json['is_bot'] == 1 || $json['is_bot'] == true){
return true;
}else{
return false;
}
}
}
$Antibot = new Antibot;
$Antibot->apikey( $config_antibot['apikey'] );
if($Antibot->check() == true){
die(header("location: ".$config_antibot['bot']));
}else{
die(header("location: ".$config_antibot['real']));
}
?>
The lines that i tried to change
Line 7
$config_antibot['real'] = 'https://mywebsite.com';
Line 63
die(header("location: ".$config_antibot['real']));
Line 7 If the visitor is real not a bot it redirected to my website, but this redirect is causing a problem and affecting the nature of my website
Because when users sign up and get link mywebsite.com/user/02331/index?ref=02331 via email to activate their account, the user is redirected to mywebsite.com the user cannot not check mywebsite.com/user/02331/index?ref=02331 to complete registration
i change in line 63 to
die( header("HTTP/1.1 401 Unauthorized") );
exit();
}
But that doesn't seem to work for me, is there a way to let the user stay on the current url that the user is browsing if the user is real and not a bot?
What you're trying to create is a middleware (https://laravel.com/docs/8.x/middleware for laravel), or chain of responsibility (https://en.wikipedia.org/wiki/Chain-of-responsibility_pattern). Depending on how you have it structured at the moment, this could mean you need to change the entire architecture of your code, which obviously isn't a great solution.
Ideally, you would have a router or some such that you can call here:
}else{
Route::get( ... );
// die(header("location: ".$config_antibot['real']));
}
You don't need to die() into the next portion of your site, you just need the page that they want to load to appear instead of the redirect. This could be done in any number of ways, but the die() portion is probably the least best option of them.

problem when consulting ip through API php

I am using the service of http://ipinfo.io, I use the following code to consult information of my location through my IP, however, in localhost it works correctly but in the production server no, instead of throwing me the ip from the user, it returns the IP of the server from where the query is made.
I want it to detect the ip of the visitor, not the ip from where the request is made
class ipController{
private $token="XXXXXX";
public function __construct(){
$handle = curl_init();
$url = "http://ipinfo.io?token=".$this->token;
// Set the url
curl_setopt($handle, CURLOPT_URL, $url);
// Set the result output to be a string.
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($handle);
//var_dump($output);
curl_close($handle);
$datos = json_decode($output);
var_dump($datos);
//Se setean las propiedades
$this->ip = $datos->ip;
$this->hostname = $datos->hostname;
$this->city = $datos->city;
$this->region = $datos->region;
$this->country = $datos->country;
$this->loc = $datos->loc;
$this->postal = $datos->postal;
$this->org = $datos->org;
}
}
You were getting the server IP address because you were sending your
request with curl and when using the curl, the sever does the
request with its own IP.
In order to get the visitor's IP address you have to use the $_SERVER['REMOTE_ADDR'] or the $_SERVER['REMOTE_HOST'] variables, but this does not return the correct IP address of the visitor sometimes, so you can use the below function to the get the correct IP of the user
function get_ip_address() {
$ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP']))
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_X_FORWARDED']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_FORWARDED']))
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if(isset($_SERVER['REMOTE_ADDR']))
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
Then you can just get the ip info with the url this way
$ip = get_ip_address();
$url = "http://ipinfo.io/$ip?token=$token";
//you can the get the data with
$data = url_get_contents($url);
//curl function to send your request
function url_get_contents($Url) {
if (!function_exists('curl_init')){
die('CURL is not installed!');
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $Url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
According to the docs you need to put the ip address in the endpoint. Just the token gives your own ip address which is the server
https://ipinfo.io/developers#ip-address-parameter
ipinfo.io/$visitors_ip?token=$TOKEN
I'd assume it is php making the request to ipinfo hence why you get the servers details

How to use Nginx secure_link to stream from remote server

I would need to get secure link in nginx working where I got the data on another server.
I'm using one server setup with nginx secure_link as follows:
location ~ \.mp4$ {
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri$remote_addr secretkey";
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 410;
}
Using PHP to build the url.
function buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp)
{
$expires = time() + $ttl;
$md5 = md5("$expires$path$userIp $secret", true);
$md5 = base64_encode($md5);
$md5 = strtr($md5, '+/', '-_');
$md5 = str_replace('=', '', $md5);
return $baseUrl . $path . '?md5=' . $md5 . '&expires=' . $expires;
}
$secret = 'secretkey';
$baseUrl = 'domain here';
$path = '/videos' . $video->id . '.mp4';
$ttl = 3600;
$userIp = $_SERVER["HTTP_CF_CONNECTING_IP"]; // since behind cloudflare
$vidurl = buildSecureLink($baseUrl, $path, $secret, $ttl, $userIp);
This works just fine when data is in the same server. But if I try to use secure_link with the same settings in nginx to stream from that remote server (naturally with PHP part updated with correct $baseUrl and path), it simply doesn't work.
Is there any way to use secure_link where the actual data (video in this case) is on another server?
My mistake. Got it working.
Forgot to add the following to the nginx conf which is needed to get the real user ip with Cloudflare: https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-
Compared the nginx headers to figure it out and noticed the IP provided was wrong.

how to get public ip of the client in php

I have to get public IP of the remote system in php.
I have tried
$_SERVER['REMOTE_ADDR']
getenv('REMOTE_ADDR');
but is always returning the private IP. Help to fix it.
Try this:
$ip = !empty($_SERVER['HTTP_CLIENT_IP']) ? $_SERVER['HTTP_CLIENT_IP'] : (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
Warning: you should extend it and sanitize, since headers can be easily manipulated.
private function getIP()
{
$client = #$_SERVER['HTTP_CLIENT_IP'];
$forward = #$_SERVER['HTTP_X_FORWARDED_FOR'];
$remote = $_SERVER['REMOTE_ADDR'];
if(filter_var($client, FILTER_VALIDATE_IP))
{
$ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
$ip = $forward;
}
else
{
$ip = $remote;
}
return $ip;
}
echo getIP();

php, get client ip address

I have two php files in a same directory of a server (http://www.xxxx.com/php/),
1) write_json.php
$address['http_client'] = $_SERVER['HTTP_CLIENT_IP'];
$address['http_x_forwarded_for'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
$address['http_x_forwarded'] = $_SERVER['HTTP_X_FORWARDED'];
$address['http_forwarded_for'] = $_SERVER['HTTP_FORWARDED_FOR'];
$address['http_forwarded'] = $_SERVER['HTTP_FORWARDED'];
$address['remote_addr'] = $_SERVER['REMOTE_ADDR'];
header('Content-Type: application/json');
echo json_encode($address);
2) get_ip.php
$json_url = $_SERVER['SERVER_NAME'] . '/php/write_json.php';
$json_string = '';
$ch = curl_init($json_url);
$options = array(CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => array('Content-type: application/json'),
CURLOPT_POSTFIELDS => $json_string);
curl_setopt_array($ch, $options);
$json_string = curl_exec($ch);
echo $json_string;
get_ip.php calls write_json.php
if we suppose the client IP is : 76.2.35.46 and the server one is : 80.59.3.23
when I call http://www.xxxx.com/php/get_ip.php on a client browser
It shows me the Server IP not the client IP like this :
{
http_client: null,
http_x_forwarded_for: null,
http_x_forwarded: null,
http_forwarded_for: null,
http_forwarded: null,
remote_addr: "80.59.3.23"
}
How can I get the client IP instead of the server one ?
You are calling write_json via curl from the server... that is, the server is actually requesting the write_json file, so write_json is seeing the request come from the server. Why not just use an include rather than a curl call?
Not possible this way. You need to get the client ip first then send it as posted data to server via curl.
Trying to get client IP use following function that will return client IP
// Function to get the client IP address
function get_client_ip() {
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
After getting IP in a variable then send

Categories