如何使用PHP获取客户端IP地址?
我想通过他/她的IP地址登录到我的网站的用户的记录。
当前回答
其中之一:
$ip = $_SERVER['REMOTE_ADDR'];
$ip = $_SERVER['HTTP_CLIENT_IP'];
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip = $_SERVER['HTTP_X_FORWARDED'];
$ip = $_SERVER['HTTP_FORWARDED_FOR'];
$ip = $_SERVER['HTTP_FORWARDED'];
其他回答
答案是使用$_SERVER变量。例如,$_SERVER["REMOTE_ADDR"]将返回客户端的IP地址。
正如所有其他人所说,你可以使用$_SERVER['REMOTE_ADDR'];获取客户端IP地址。
另外,如果你需要一个用户的更多信息,你可以使用这个:
<?php
$ip = '0.0.0.0';
$ip = $_SERVER['REMOTE_ADDR'];
$clientDetails = json_decode(file_get_contents("http://ipinfo.io/$ip/json"));
echo "You're logged in from: <b>" . $clientDetails->country . "</b>";
?>
客户端更具体的信息放在$clientDetails中。 $clientDetails->PostalCode/hostname/region/loc…
我用的是ipinfo。IO来获取额外的信息。
获取客户端IP地址,请使用getenv("REMOTE_ADDR")。
例如,
$ip_address = getenv("REMOTE_ADDR");
echo $ip_address;
如果你使用localhost调用你的服务器,它会输出::1。 因此,请使用直接服务器ip地址或域名调用您的服务器。
在PHP中,获取公共IP的最后一个选项应该始终是$_SERVER["REMOTE_ADDR"],因为有太多的安全原因。
下面是获取客户端已验证的IP地址的变通方法。
public static function getPublicIP() : string
{
$realIP = "Invalid IP Address";
$activeHeaders = [];
$headers = [
"HTTP_CLIENT_IP",
"HTTP_PRAGMA",
"HTTP_XONNECTION",
"HTTP_CACHE_INFO",
"HTTP_XPROXY",
"HTTP_PROXY",
"HTTP_PROXY_CONNECTION",
"HTTP_VIA",
"HTTP_X_COMING_FROM",
"HTTP_COMING_FROM",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"ZHTTP_CACHE_CONTROL",
"REMOTE_ADDR" #this should be the last option
];
#Find active headers
foreach ($headers as $key)
{
if (array_key_exists($key, $_SERVER))
{
$activeHeaders[$key] = $_SERVER[$key];
}
}
#Reemove remote address since we got more options to choose from
if(count($activeHeaders) > 1)
{
unset($activeHeaders["REMOTE_ADDR"]);
}
#Pick a random item now that we have a secure way.
$realIP = $activeHeaders[array_rand($activeHeaders)];
#Validate the public IP
if (filter_var($realIP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
return $realIP;
}
return $realIP;
}
正如您在这里看到的,$_SERVER["REMOTE_ADDR"]是IP的最后一个选项。在收到IP后,我们也验证IP,以确保质量和安全。
下面是一段代码,可以通过检查各种源来选择一个有效的IP。
首先,它检查'REMOTE_ADDR'是否是一个公共IP(并且不是您信任的反向代理之一),然后遍历其中一个HTTP头,直到找到一个公共IP并返回它。(PHP 5.2 +)
只要反向代理是可信的,或者服务器与客户端直接连接,它就应该是可靠的。
//Get client's IP or null if nothing looks valid
function ip_get($allow_private = false)
{
//Place your trusted proxy server IPs here.
$proxy_ip = ['127.0.0.1'];
//The header to look for (Make sure to pick the one that your trusted reverse proxy is sending or else you can get spoofed)
$header = 'HTTP_X_FORWARDED_FOR'; //HTTP_CLIENT_IP, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, HTTP_FORWARDED
//If 'REMOTE_ADDR' seems to be a valid client IP, use it.
if(ip_check($_SERVER['REMOTE_ADDR'], $allow_private, $proxy_ip)) return $_SERVER['REMOTE_ADDR'];
if(isset($_SERVER[$header]))
{
//Split comma separated values [1] in the header and traverse the proxy chain backwards.
//[1] https://en.wikipedia.org/wiki/X-Forwarded-For#Format
$chain = array_reverse(preg_split('/\s*,\s*/', $_SERVER[$header]));
foreach($chain as $ip) if(ip_check($ip, $allow_private, $proxy_ip)) return $ip;
}
return null;
}
//Check for valid IP. If 'allow_private' flag is set to truthy, it allows private IP ranges as valid client IP as well. (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
//Pass your trusted reverse proxy IPs as $proxy_ip to exclude them from being valid.
function ip_check($ip, $allow_private = false, $proxy_ip = [])
{
if(!is_string($ip) || is_array($proxy_ip) && in_array($ip, $proxy_ip)) return false;
$filter_flag = FILTER_FLAG_NO_RES_RANGE;
if(!$allow_private)
{
//Disallow loopback IP range which doesn't get filtered via 'FILTER_FLAG_NO_PRIV_RANGE' [1]
//[1] https://www.php.net/manual/en/filter.filters.validate.php
if(preg_match('/^127\.$/', $ip)) return false;
$filter_flag |= FILTER_FLAG_NO_PRIV_RANGE;
}
return filter_var($ip, FILTER_VALIDATE_IP, $filter_flag) !== false;
}
推荐文章
- 原则-如何打印出真正的sql,而不仅仅是准备好的语句?
- 如何从关联PHP数组中获得第一项?
- PHP/MySQL插入一行然后获取id
- 我如何排序一个多维数组在PHP
- 如何在PHP中截断字符串最接近于一定数量的字符?
- PHP错误:“zip扩展名和unzip命令都没有,跳过。”
- Nginx提供下载。php文件,而不是执行它们
- Json_encode()转义正斜杠
- 如何在PHP中捕获cURL错误
- Mac OS X中的环境变量
- 如何要求一个分叉与作曲家?
- 如何在php中创建可选参数?
- 在文本文件中创建或写入/追加
- 如何在Makefile中设置子进程的环境变量
- 为什么PHP的json_encode函数转换UTF-8字符串为十六进制实体?
