How to get the client IP address in PHP

Question

How can I get the client IP address using PHP   I want to keep record of the user who logged into my website through his her IP address

User · Answer

It should be contained in the   SERVER  REMOTE ADDR   variable

User · Answer

This function should work as expected  function Get User Ip          IP   false      if  getenv  HTTP CLIENT IP                   IP   getenv  HTTP CLIENT IP              else if getenv  HTTP X FORWARDED FOR                   IP   getenv  HTTP X FORWARDED FOR              else if getenv  HTTP X FORWARDED                   IP   getenv  HTTP X FORWARDED              else if getenv  HTTP FORWARDED FOR                   IP   getenv  HTTP FORWARDED FOR              else if getenv  HTTP FORWARDED                   IP   getenv  HTTP FORWARDED              else if getenv  REMOTE ADDR                   IP   getenv  REMOTE ADDR                 If HTTP X FORWARDED FOR    server ip     if    IP   amp  amp    IP    getenv  SERVER ADDR     amp  amp   getenv  REMOTE ADDR         filter var  IP  FILTER VALIDATE IP                    IP   getenv  REMOTE ADDR               if  IP                if  filter var  IP  FILTER VALIDATE IP                          IP   false                      else                IP   false            return  IP

User · Answer

Safe and warnings-aware snippet for getting the IP address    ip   filter input INPUT SERVER   HTTP CLIENT IP   FILTER VALIDATE IP         filter input INPUT SERVER   HTTP X FORWARDED FOR   FILTER VALIDATE IP           SERVER  REMOTE ADDR           0 0 0 0      Or other value fits  not defined  in your logic

User · Answer

I like this codesnippet   function getClientIP          if  isset   SERVER              if  isset   SERVER  HTTP X FORWARDED FOR                 return   SERVER  HTTP X FORWARDED FOR             if  isset   SERVER  HTTP CLIENT IP                 return   SERVER  HTTP CLIENT IP             return   SERVER  REMOTE ADDR               if  getenv  HTTP X FORWARDED FOR            return getenv  HTTP X FORWARDED FOR         if  getenv  HTTP CLIENT IP            return getenv  HTTP CLIENT IP         return getenv  REMOTE ADDR

User · Answer

My favourite solution is the way Zend Framework 2 uses  It also considers the   SERVER properties HTTP X FORWARDED FOR  HTTP CLIENT IP  REMOTE ADDR but it declares a class for it to set some trusted proxies and it returns one IP address not an array  I think this is the solution that comes closest to it   class RemoteAddress                  Whether to use proxy addresses or not                As default this setting is disabled - IP address is mostly needed to increase        security  HTTP   are not reliable since can easily be spoofed  It can be enabled        just for more flexibility  but if user uses proxy to connect to trusted services        it s his her own risk  only reliable field for IP address is   SERVER  REMOTE ADDR                   var bool             protected  useProxy   false                  List of trusted proxy IP addresses                var array             protected  trustedProxies   array                    HTTP header to introspect for proxies                var string             protected  proxyHeader    HTTP X FORWARDED FOR                                 Returns client IP address                 return string IP address              public function getIpAddress                  ip    this- gt getIpAddressFromProxy            if   ip                return  ip                        direct IP address         if  isset   SERVER  REMOTE ADDR                   return   SERVER  REMOTE ADDR                       return                           Attempt to get the IP address for a proxied client                see http   tools ietf org html draft-ietf-appsawg-http-forwarded-10 section-5 2         return false string             protected function getIpAddressFromProxy                 if    this- gt useProxy                 isset   SERVER  REMOTE ADDR     amp  amp   in array   SERVER  REMOTE ADDR     this- gt trustedProxies                           return false                      header    this- gt proxyHeader          if   isset   SERVER  header      empty   SERVER  header                  return false                        Extract IPs          ips   explode        SERVER  header               trim  so we can compare against trusted proxies properly          ips   array map  trim    ips              remove trusted proxy IPs          ips   array diff  ips   this- gt trustedProxies               Any left          if  empty  ips                 return false                        Since we ve removed any known  trusted proxy servers  the right-most            address represents the first IP we do not know about -- i e   we do            not know if it is a proxy server  or a client  As such  we treat it            as the originating IP              see http   en wikipedia org wiki X-Forwarded-For          ip   array pop  ips           return  ip                          See the full code here  https   raw githubusercontent com zendframework zend-http master src PhpEnvironment RemoteAddress php

User · Answer

Like the following   if    ip filter input INPUT SERVER   REMOTE ADDR   validate ip       false or empty  ip         exit    echo  ip      PS  if    ip filter input INPUT SERVER   REMOTE ADDR   FILTER VALIDATE IP FILTER FLAG NO PRIV RANGE FILTER FLAG NO RES RANGE       false        header  HTTP 1 0 400 Bad Request        exit      All headers beginning with  HTTP   or  X-  may be spoofed  respectively is user defined  If you want to keep track  use cookies  etc

User · Answer

The following function determine all possibilities and return the values in a comma separated format  ip  ip  etc     It has also an optional validation function as  first parameter that disabled by default  to validate the IP address against  private range and reserved range     lt  php echo GetClientIP true    function GetClientIP  validate   False       ipkeys   array     REMOTE ADDR      HTTP CLIENT IP      HTTP X FORWARDED FOR      HTTP X FORWARDED      HTTP FORWARDED FOR      HTTP FORWARDED      HTTP X CLUSTER CLIENT IP               Now we check each key against   SERVER if containing such value         ip   array      foreach   ipkeys as  keyword        if  isset   SERVER  keyword            if   validate            if  ValidatePublicIP   SERVER  keyword                 ip       SERVER  keyword                           else           ip       SERVER  keyword                         ip     empty  ip     Unknown    implode        ip       return  ip     function ValidatePublicIP  ip     if  filter var  ip  FILTER VALIDATE IP  FILTER FLAG NO PRIV RANGE   FILTER FLAG NO RES RANGE         return true        else       return false

User · Answer

A quick solution  error free  function getClientIP   string        keys array  HTTP CLIENT IP   HTTP X FORWARDED FOR   HTTP X FORWARDED   HTTP FORWARDED FOR   HTTP FORWARDED   REMOTE ADDR        foreach  keys as  k                if   empty   SERVER  k    amp  amp  filter var   SERVER  k   FILTER VALIDATE IP                         return   SERVER  k                       return  quot UNKNOWN quot

User · Answer

The following is the most advanced method I have found  and I have already tried some others in the past  It is valid to ensure to get the IP address of a visitor  but please note that any hacker could falsify the IP address easily    function get ip address             Check for shared Internet ISP IP     if   empty   SERVER  HTTP CLIENT IP     amp  amp  validate ip   SERVER  HTTP CLIENT IP               return   SERVER  HTTP CLIENT IP                  Check for IP addresses passing through proxies     if   empty   SERVER  HTTP X FORWARDED FOR                   Check if multiple IP addresses exist in var         if  strpos   SERVER  HTTP X FORWARDED FOR             false                 iplist   explode        SERVER  HTTP X FORWARDED FOR                 foreach   iplist as  ip                    if  validate ip  ip                       return  ip                                  else               if  validate ip   SERVER  HTTP X FORWARDED FOR                     return   SERVER  HTTP X FORWARDED FOR                        if   empty   SERVER  HTTP X FORWARDED     amp  amp  validate ip   SERVER  HTTP X FORWARDED             return   SERVER  HTTP X FORWARDED        if   empty   SERVER  HTTP X CLUSTER CLIENT IP     amp  amp  validate ip   SERVER  HTTP X CLUSTER CLIENT IP             return   SERVER  HTTP X CLUSTER CLIENT IP        if   empty   SERVER  HTTP FORWARDED FOR     amp  amp  validate ip   SERVER  HTTP FORWARDED FOR             return   SERVER  HTTP FORWARDED FOR        if   empty   SERVER  HTTP FORWARDED     amp  amp  validate ip   SERVER  HTTP FORWARDED             return   SERVER  HTTP FORWARDED            Return unreliable IP address since all else failed     return   SERVER  REMOTE ADDR              Ensures an IP address is both a valid IP address and does not fall within    a private network range      function validate ip  ip         if  strtolower  ip       unknown           return false          Generate IPv4 network address      ip   ip2long  ip           If the IP address is set and not equivalent to 255 255 255 255     if   ip     false  amp  amp   ip     -1               Make sure to get unsigned long representation of IP address            due to discrepancies between 32 and 64 bit OSes and            signed numbers  ints default to signed in PHP           ip   sprintf   u    ip               Do private network range checking         if   ip  gt   0  amp  amp   ip  lt   50331647              return false          if   ip  gt   167772160  amp  amp   ip  lt   184549375              return false          if   ip  gt   2130706432  amp  amp   ip  lt   2147483647              return false          if   ip  gt   2851995648  amp  amp   ip  lt   2852061183              return false          if   ip  gt   2886729728  amp  amp   ip  lt   2887778303              return false          if   ip  gt   3221225984  amp  amp   ip  lt   3221226239              return false          if   ip  gt   3232235520  amp  amp   ip  lt   3232301055              return false          if   ip  gt   4294967040              return false            return true

User · Answer

It should be contained in the   SERVER  REMOTE ADDR   variable

User · Answer

Here is a cleaner code sample of a good way to get the IP address of the user    ip     SERVER  HTTP CLIENT IP       SERVER  HTTP CLIENT IP        SERVER  HTTP X FORWARDED FOR       SERVER  HTTP X FORWARDED FOR       SERVER  REMOTE ADDR       Here is a shorter version that uses the elvis operator     SERVER  HTTP CLIENT IP          SERVER  HTTP X FORWARDED FOR         SERVER  REMOTE ADDR       Here is a version that uses isset to remove notices  thank you   shasi kanth     ip   isset   SERVER  HTTP CLIENT IP        SERVER  HTTP CLIENT IP     isset   SERVER  HTTP X FORWARDED FOR        SERVER  HTTP X FORWARDED FOR       SERVER  REMOTE ADDR

User · Answer

There are different types of users behind the Internet  so we want to catch the IP address from different portions  Those are   1    SERVER  REMOTE ADDR   - This contains the real IP address of the client  That is the most reliable value you can find from the user   2    SERVER  REMOTE HOST   - This will fetch the host name from which the user is viewing the current page  But for this script to work  hostname lookups on inside httpd conf must be configured   3    SERVER  HTTP CLIENT IP   - This will fetch the IP address when the user is from shared Internet services   4    SERVER  HTTP X FORWARDED FOR   - This will fetch the IP address from the user when he she is behind the proxy   So we can use this following combined function to get the real IP address from users who are viewing in diffrent positions      Function to get the user IP address function getUserIP          ipaddress           if  isset   SERVER  HTTP CLIENT IP              ipaddress     SERVER  HTTP CLIENT IP        else if isset   SERVER  HTTP X FORWARDED FOR              ipaddress     SERVER  HTTP X FORWARDED FOR        else if isset   SERVER  HTTP X FORWARDED              ipaddress     SERVER  HTTP X FORWARDED        else if isset   SERVER  HTTP X CLUSTER CLIENT IP              ipaddress     SERVER  HTTP X CLUSTER CLIENT IP        else if isset   SERVER  HTTP FORWARDED FOR              ipaddress     SERVER  HTTP FORWARDED FOR        else if isset   SERVER  HTTP FORWARDED              ipaddress     SERVER  HTTP FORWARDED        else if isset   SERVER  REMOTE ADDR              ipaddress     SERVER  REMOTE ADDR        else          ipaddress    UNKNOWN       return  ipaddress

User · Answer

Here s a simple one liner   ip     SERVER  HTTP X FORWARDED FOR       SERVER  HTTP CLIENT IP       SERVER  REMOTE ADDR      EDIT   Above code may return reserved addresses  like 10 0 0 1   a list of addresses of all proxy servers on the way  etc  To handle these cases use the following code   function valid ip  ip           for list of reserved IP addresses  see https   en wikipedia org wiki Reserved IP addresses     return  ip  amp  amp  substr  ip  0  4      127    amp  amp  substr  ip  0  4      127    amp  amp  substr  ip  0  3      10    amp  amp  substr  ip  0  2      0      ip   false     function get client ip            using explode to get only client ip from list of forwarders  see https   en wikipedia org wiki X-Forwarded-For     return        SERVER  HTTP X FORWARDED FOR     explode        SERVER  HTTP X FORWARDED FOR    2  0           SERVER  HTTP CLIENT IP     explode        SERVER  HTTP CLIENT IP    2  0        valid ip    SERVER  REMOTE ADDR            UNKNOWN      echo get client ip

User · Answer

SERVER  REMOTE ADDR   may not actually contain real client IP addresses  as it will give you a proxy address for clients connected through a proxy  for example   That may well be what you really want  though  depending what your doing with the IPs   Someone s private RFC1918 address may not do you any good if you re say  trying to see where your traffic is originating from  or remembering what IP the user last connected from  where the public IP of the proxy or NAT gateway might be the more appropriate to store   There are several HTTP headers like X-Forwarded-For which may or may not be set by various proxies  The problem is that those are merely HTTP headers which can be set by anyone  There s no guarantee about their content    SERVER  REMOTE ADDR   is the actual physical IP address that the web server received the connection from and that the response will be sent to  Anything else is just arbitrary and voluntary information  There s only one scenario in which you can trust this information  you are controlling the proxy that sets this header  Meaning only if you know 100  where and how the header was set should you heed it for anything of importance   Having said that  here s some sample code   if   empty   SERVER  HTTP CLIENT IP            ip     SERVER  HTTP CLIENT IP      elseif   empty   SERVER  HTTP X FORWARDED FOR            ip     SERVER  HTTP X FORWARDED FOR      else        ip     SERVER  REMOTE ADDR        Editor s note  Using the above code has security implications  The client can set all HTTP header information  ie    SERVER  HTTP      to any arbitrary value it wants  As such it s far more reliable to use   SERVER  REMOTE ADDR    as this cannot be set by the user   From  http   roshanbh com np 2007 12 getting-real-ip-address-in-php html

User · Answer

function get client ip          ipaddress           if  getenv  HTTP CLIENT IP             ipaddress   getenv  HTTP CLIENT IP        else if getenv  HTTP X FORWARDED FOR             ipaddress   getenv  HTTP X FORWARDED FOR        else if getenv  HTTP X FORWARDED             ipaddress   getenv  HTTP X FORWARDED        else if getenv  HTTP FORWARDED FOR             ipaddress   getenv  HTTP FORWARDED FOR        else if getenv  HTTP FORWARDED            ipaddress   getenv  HTTP FORWARDED        else if getenv  REMOTE ADDR             ipaddress   getenv  REMOTE ADDR        else          ipaddress    UNKNOWN       return  ipaddress

User · Answer

As all others said before you can use   SERVER  REMOTE ADDR    to get the client IP address   Also  if you need more information about a user  you can use this    lt  php      ip    0 0 0 0        ip     SERVER  REMOTE ADDR         clientDetails   json decode file get contents  http   ipinfo io  ip json         echo  You re logged in from   lt b gt      clientDetails- gt country     lt  b gt      gt    Client s more specific information goes in  clientDetails   You can fetch JSON items stored in  clientDetails variable this way   clientDetails- PostalCode hostname region loc     I m using ipinfo io to get extra information

User · Answer

ip        if   empty   SERVER  HTTP CLIENT IP              Check for IP address from shared Internet      ip     SERVER  HTTP CLIENT IP      elseif   empty   SERVER  HTTP X FORWARDED FOR              Check for the proxy user      ip     SERVER  HTTP X FORWARDED FOR      else        ip     SERVER  REMOTE ADDR      echo  ip

User · Answer

Just on this  and I m surprised it hasn t been mentioned yet  is to get the correct IP addresses of those sites that are nestled behind the likes of CloudFlare infrastructure  It will break your IP addresses  and give them all the same value  Fortunately they have some server headers available too  Instead of me rewriting what s already been written  have a look here for a more concise answer  and yes  I went through this process a long while ago too  https   stackoverflow com a 14985633 1190051

User · Answer

Function to get the client ip address function get ip       if   empty   SERVER  HTTP CLIENT IP            ip     SERVER  HTTP CLIENT IP      elseif   empty   SERVER  HTTP X FORWARDED FOR            ip     SERVER  HTTP X FORWARDED FOR      else        ip     SERVER  REMOTE ADDR      return  ip

User · Answer

echo   SERVER  REMOTE ADDR      http   php net manual en reserved variables server php

User · Answer

One of these          ip     SERVER  REMOTE ADDR         ip     SERVER  HTTP CLIENT IP         ip     SERVER  HTTP X FORWARDED FOR         ip     SERVER  HTTP X FORWARDED         ip     SERVER  HTTP FORWARDED FOR         ip     SERVER  HTTP FORWARDED

User · Answer

This is the method that I use  and it validates an IPv4 input      Get user IP address if   isset   SERVER  HTTP CLIENT IP     amp  amp    empty   SERVER  HTTP CLIENT IP            ip     SERVER  HTTP CLIENT IP      elseif   isset   SERVER  HTTP X FORWARDED FOR     amp  amp    empty   SERVER  HTTP X FORWARDED FOR            ip     SERVER  HTTP X FORWARDED FOR      else        ip    isset   SERVER  REMOTE ADDR         SERVER  REMOTE ADDR      0 0 0 0       ip   filter var  ip  FILTER VALIDATE IP    ip     ip     false     0 0 0 0     ip

User · Answer

The answer is to use   SERVER variable  For example    SERVER  REMOTE ADDR   would return the client s IP address

User · Answer

This function is compact and you can use it everywhere  But   Don t forget this  In this type of functions or code blocks there is not a guarantee for recording the user s real IP address because some users can use a proxy or another secure gateway for be invisible or cannot tracking  PHP function   function GetIP         if   getenv  HTTP CLIENT IP                ip   getenv  HTTP CLIENT IP          elseif   getenv  HTTP X FORWARDED FOR                ip   getenv  HTTP X FORWARDED FOR            if   strstr  ip                        tmp   explode       ip                ip   trim  tmp 0                    else            ip   getenv  REMOTE ADDR              return  ip      Usage    IP   GetIP    or directly GetIP

User · Answer

Whatever you do  make sure not to trust data sent from the client    SERVER  REMOTE ADDR   contains the real IP address of the connecting party  That is the most reliable value you can find    However  they can be behind a proxy server in which case the proxy may have set the   SERVER  HTTP X FORWARDED FOR    but this value is easily spoofed  For example  it can be set by someone without a proxy  or the IP can be an internal IP from the LAN behind the proxy   This means that if you are going to save the   SERVER  HTTP X FORWARDED FOR    make sure you also save the   SERVER  REMOTE ADDR   value  E g  by saving both values in different fields in your database   If you are going to save the IP to a database as a string  make sure you have space for at least 45 characters  IPv6 is here to stay and those addresses are larger than the older IPv4 addresses    Note that IPv6 usually uses 39 characters at most but there is also a special IPv6 notation for IPv4 addresses which in its full form can be up to 45 characters  So if you know what you are doing you can use 39 characters  but if you just want to set and forget it  use 45

User · Answer

SERVER  REMOTE ADDR   may not actually contain real client IP addresses  as it will give you a proxy address for clients connected through a proxy  for example   That may well be what you really want  though  depending what your doing with the IPs   Someone s private RFC1918 address may not do you any good if you re say  trying to see where your traffic is originating from  or remembering what IP the user last connected from  where the public IP of the proxy or NAT gateway might be the more appropriate to store   There are several HTTP headers like X-Forwarded-For which may or may not be set by various proxies  The problem is that those are merely HTTP headers which can be set by anyone  There s no guarantee about their content    SERVER  REMOTE ADDR   is the actual physical IP address that the web server received the connection from and that the response will be sent to  Anything else is just arbitrary and voluntary information  There s only one scenario in which you can trust this information  you are controlling the proxy that sets this header  Meaning only if you know 100  where and how the header was set should you heed it for anything of importance   Having said that  here s some sample code   if   empty   SERVER  HTTP CLIENT IP            ip     SERVER  HTTP CLIENT IP      elseif   empty   SERVER  HTTP X FORWARDED FOR            ip     SERVER  HTTP X FORWARDED FOR      else        ip     SERVER  REMOTE ADDR        Editor s note  Using the above code has security implications  The client can set all HTTP header information  ie    SERVER  HTTP      to any arbitrary value it wants  As such it s far more reliable to use   SERVER  REMOTE ADDR    as this cannot be set by the user   From  http   roshanbh com np 2007 12 getting-real-ip-address-in-php html

User · Answer

Here is the one-liner version getting the client s IP address       ip      SERVER  HTTP CLIENT IP         SERVER  HTTP X FORWARDED FOR         SERVER  REMOTE ADDR      Notes    By using    it suppresses the PHP notices  Value from HTTP X FORWARDED FOR may consist multiple addresses separated by comma  so if you prefer to get the first one  you can use the following method   current explode         SERVER  HTTP X FORWARDED FOR

User · Answer

Try this one      SERVER  REMOTE ADDR

User · Answer

function get client ip         foreach  array                   HTTP CLIENT IP                    HTTP X FORWARDED FOR                    HTTP X FORWARDED                    HTTP X CLUSTER CLIENT IP                    HTTP FORWARDED FOR                    HTTP FORWARDED                    REMOTE ADDR   as  key            if  array key exists  key    SERVER                 foreach  explode        SERVER  key   as  ip                     ip   trim  ip                   if   bool  filter var  ip  FILTER VALIDATE IP                                  FILTER FLAG IPV4                                   FILTER FLAG NO PRIV RANGE                                   FILTER FLAG NO RES RANGE                         return  ip                                                      return null      Or the compressed version   function get ip         foreach  array  HTTP CLIENT IP    HTTP X FORWARDED FOR    HTTP X FORWARDED    HTTP X CLUSTER CLIENT IP    HTTP FORWARDED FOR    HTTP FORWARDED    REMOTE ADDR   as  key            if  array key exists  key    SERVER      true                foreach  array map  trim   explode        SERVER  key    as  ip                    if  filter var  ip  FILTER VALIDATE IP  FILTER FLAG NO PRIV RANGE   FILTER FLAG NO RES RANGE      false                        return  ip

User · Answer

Here s a bit of code that should pick a valid IP by checking through various sources   First  it checks if  REMOTE ADDR  is a public IP or not  and not one of your trusted reverse proxies   then goes through one of the HTTP headers until it finds a public IP and returns it   PHP 5 2    It should be reliable as long as the reverse proxy is trusted or the server is directly connected with the client     Get client s IP or null if nothing looks valid function ip get  allow private   false        Place your trusted proxy server IPs here     proxy ip     127 0 0 1         The header to look for  Make sure to pick the one that your trusted reverse proxy is sending or else you can get spoofed     header    HTTP X FORWARDED FOR     HTTP CLIENT IP  HTTP X FORWARDED  HTTP FORWARDED FOR  HTTP FORWARDED      If  REMOTE ADDR  seems to be a valid client IP  use it    if ip check   SERVER  REMOTE ADDR     allow private   proxy ip   return   SERVER  REMOTE ADDR       if isset   SERVER  header              Split comma separated values  1  in the header and traverse the proxy chain backwards         1  https   en wikipedia org wiki X-Forwarded-For Format      chain   array reverse preg split    s   s       SERVER  header         foreach  chain as  ip  if ip check  ip   allow private   proxy ip   return  ip          return null       Check for valid IP  If  allow private  flag is set to truthy  it allows private IP ranges as valid client IP as well   10 0 0 0 8  172 16 0 0 12  192 168 0 0 16    Pass your trusted reverse proxy IPs as  proxy ip to exclude them from being valid  function ip check  ip   allow private   false   proxy ip           if  is string  ip     is array  proxy ip   amp  amp  in array  ip   proxy ip   return false     filter flag   FILTER FLAG NO RES RANGE     if   allow private            Disallow loopback IP range which doesn t get filtered via  FILTER FLAG NO PRIV RANGE   1         1  https   www php net manual en filter filters validate php     if preg match    127        ip   return false       filter flag    FILTER FLAG NO PRIV RANGE         return filter var  ip  FILTER VALIDATE IP   filter flag      false

User · Answer

Well  this can be simply done by using the GLOBAL variable named as   SERVER   The   SERVER is an array which has the attribute name REMOTE ADDR   Just assign it like this    userIp     SERVER  REMOTE ADDR      Or use it directly like echo   SERVER  REMOTE ADDR    or echo    SERVER  REMOTE ADDR

User · Answer

SERVER  REMOTE ADDR      Example   if   empty   SERVER  HTTP CLIENT IP            ip     SERVER  HTTP CLIENT IP      elseif   empty   SERVER  HTTP X FORWARDED FOR            ip     SERVER  HTTP X FORWARDED FOR      else        ip     SERVER  REMOTE ADDR

[php] How to get the client IP address in PHP

Examples related to php

Examples related to environment-variables

Examples related to ip-address