SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Capture User's IP Address

    Is there a way to *reliably* capture a User's IP Address using PHP?

    If so, how is it done?

    Thanks,


    Debbie

  2. #2
    ¬.¬ shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    $_SERVER['REMOTE_ADDR'] That is all there is to it.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    $_SERVER['REMOTE_ADDR'] That is all there is to it.
    Hmmm...

    I don't have a good example right now, but could you help give me some context please?

    I am wrapping up a new release that allows Registered Users to Comment on Articles on my website. (Comments must be approved by me before they appear.)

    It seems like two things would be useful for "user forensics" on my website...

    1.) From which IP Address did a User originally register?

    2.) For each Comment, from which IP Address is a User Commenting?

    So in either case, what do I do with your snippet above?

    Do I do something like...
    Code:
    $currentIP = $_SERVER['REMOTE_ADDR']
    
    :
    :
    
    // Build query.
    $q = "INSERT INTO member(email, hash, first_name, activation_code, registrationIP, created_on)
    							VALUES(?, ?, ?, ?, ?, NOW())";

    Also, is there anyway that using that function would give a "False Positive" or a result that is somewhat misleading?


    Debbie

  4. #4
    SitePoint Enthusiast
    Join Date
    Dec 2008
    Posts
    63
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is very poor idea to identify users by IP addresses. You should better to set a unique value cookie instead.

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,046
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    Are you using this to easily publish a bunch of comments from known "trusted" users at one time? If that is the case I don't see any real harm in inaccuracy so long as xss is taken care of and what not. Generally speaking the IP address is not to be trusted and in no way identifies a unique user or even represents an actual users IP (heard of a proxy?). However, for your purposes I can't think of any harm. Just so long as your not automatically authenticating users based on IP… that would be huge security gap.
    The only code I hate more than my own is everyone else's.

  6. #6
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by oddz View Post
    Are you using this to easily publish a bunch of comments from known "trusted" users at one time? If that is the case I don't see any real harm in inaccuracy so long as xss is taken care of and what not. Generally speaking the IP address is not to be trusted and in no way identifies a unique user or even represents an actual users IP (heard of a proxy?). However, for your purposes I can't think of any harm. Just so long as your not automatically authenticating users based on IP… that would be huge security gap.
    My intent was to capture the Use's IP Address during Registration and every time he/seh Posts a Comment.

    That way if I have someone who is causing problems, I can look at the IP Address in aggregate and see if I can identify a pattern.

    Maybe the IP is in a country I am not favorable to (e.g. India or China)?

    Maybe the User's account was fine and based in Iowa, and now they appear to be a spammer in India? Could be a sign that the person in iowa's account was hacked?

    And so on.

    I'm no forensics expert, but I figured it can't hurt to capture it as I prepare my Release #2 website which allows Users to Create Accounts and Post Comments.

    Make sense?


    Debbie

  7. #7
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,046
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    I don't see any harm in that. Just remember that IP addresses can easily be spoofed before you alienate the entire area due to a spammer using a proxy.
    The only code I hate more than my own is everyone else's.

  8. #8
    Non-Member
    Join Date
    Jan 2012
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree with the others. It's too easy to hide or spoof ip addresses and so they are useless on their own to identify users that don't want to be identified. But even if a user has no bad intentions they could still be usng a legitimate hosting account that hands out a new dynamic ip address (as opposed to a static ip address) every time the user connects to the internet.

    If you want to store ip addresses that's fine and is straight forward, but the usefullness of doing so is debateable.

    And like oddz says. What if you get it wrong and make the wrong assumption based on ip addresses. You could be alienating legitimate users who in turn then could go and bad mouth you and a little while later you sit there wondering why the traffic on your site has dropped.

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lyndah View Post
    I agree with the others. It's too easy to hide or spoof ip addresses and so they are useless on their own to identify users that don't want to be identified. But even if a user has no bad intentions they could still be usng a legitimate hosting account that hands out a new dynamic ip address (as opposed to a static ip address) every time the user connects to the internet.

    If you want to store ip addresses that's fine and is straight forward, but the usefullness of doing so is debateable.

    And like oddz says. What if you get it wrong and make the wrong assumption based on ip addresses. You could be alienating legitimate users who in turn then could go and bad mouth you and a little while later you sit there wondering why the traffic on your site has dropped.
    So, then, how do sites like SitePoint keep accurately track of Users and Monitor Their Online Behavior?


    Debbie

  10. #10
    ¬.¬ shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    So, then, how do sites like SitePoint keep accurately track of Users and Monitor Their Online Behavior?


    Debbie
    They don't accurately track users and monitor their online behavior.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  11. #11
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    They don't accurately track users and monitor their online behavior.
    I'm sure SitePoint tracks my every move and post on this website.

    Maybe that is all a secret, but I was hoping someone could share some insight into what technologies/approaches they use to keep SitePoint clean and working like it should.


    Debbie

  12. #12
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    I'm sure SitePoint tracks my every move and post on this website.
    Maybe that is all a secret, but I was hoping someone could share some insight into what technologies/approaches they use to keep SitePoint clean and working like it should.
    Sitepoint is a glorified forum and article site. Thats pretty much all there is to it. Sure they can look for your IP address and unique cookies and even Etags but there is no 100% fool proof way to do what you are thinking they do. Sure, the forum might set and read cookies each time you go to a different page, article etc but thats the way the forum itself works, it doesn't mean that sitepoint is intentionally tracking your every move. I've never seen any such claim on sitepoint either.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  13. #13
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tangoforce View Post
    Sitepoint is a glorified forum and article site. Thats pretty much all there is to it. Sure they can look for your IP address and unique cookies and even Etags but there is no 100% fool proof way to do what you are thinking they do. Sure, the forum might set and read cookies each time you go to a different page, article etc but thats the way the forum itself works, it doesn't mean that sitepoint is intentionally tracking your every move. I've never seen any such claim on sitepoint either.
    Don't most large websites track where people are coming from and where they registered from and what pages they go to in order to fight Spammers?


    Debbie

  14. #14
    Twitter: @TimIgoe silver trophy TimIgoe's Avatar
    Join Date
    Feb 2005
    Location
    Blackpool, UK
    Posts
    1,056
    Mentioned
    27 Post(s)
    Tagged
    1 Thread(s)
    As well as the REMOTE_ADDR option, there is, in some cases an X_FORWARDED_FOR option. While this one doesn't always exist, it does sometimes get sent through when the user in question is behind a proxy server.

    This allows you to seperate out multiple users hidden behind one single proxy.

  15. #15
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,892
    Mentioned
    138 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Maybe that is all a secret, but I was hoping someone could share some insight into what technologies/approaches they use to keep SitePoint clean and working like it should.
    ~ 30 moderators (Advisors, Team Leaders and Admin) and Stop Forum Spam Now or Akismet; I'm not sure which, but one of two is enabled. Maybe even both?
    Most work is done by the moderators though; sure having some spam filters helps and stops the most obvious spam, but most work is still manual.
    Indicentially, Akismet is fairly easy to use in PHP, see http://www.achingbrain.net/stuff/php/akismet
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  16. #16
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Don't most large websites track where people are coming from and where they registered from and what pages they go to in order to fight Spammers?
    Some might attempt it but it doesn't mean that they're accurate. As mentioned previously, referrers can be forged along with ip addresses. Then you have to take into account proxy servers (X_FORWARDED_FOR in the _SERVER array IIRC) etc. Sometimes as cool as these features may be they're not worth the hassle as it opens up a minefield. Let me give you an example: I've got a download script that allows me to control the download speed, monitor how many downloads are paused/completed, disconnect downloads, pause them etc. Sure, it's technically very cool but it's basically a script cycling inside a loop which when run multiple times will use far more resources than Apache serving the file. I still use it but I'm more than aware that it could be problematic.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  17. #17
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,529
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ScallioXTX View Post
    ~ 30 moderators (Advisors, Team Leaders and Admin) and Stop Forum Spam Now or Akismet; I'm not sure which, but one of two is enabled. Maybe even both?
    Most work is done by the moderators though; sure having some spam filters helps and stops the most obvious spam, but most work is still manual.
    Indicentially, Akismet is fairly easy to use in PHP, see http://www.achingbrain.net/stuff/php/akismet
    Backing up for a moment...

    As the owner of a new website on the WWW, what kinds of things should I be capturing and monitoring when it comes to visitors to my website?

    My site has basic content, the ability to create a User Account, to log in and Comment on Articles, and to make purchases (i.e. e-commerce).

    I suppose spam in my Comments section could be an issue, but I think I am also concerned about where visitors are coming from and what they are trying to do on my website...


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •