HMV.co.in

October 4, 2008

Getting real IP address in PHP

Filed under: php — Tags: , , , — Harsha M V @ 2:36 am

Are you using $_SERVER['REMOTE_ADDR'] to find the the client’s IP address in PHP? Well dude, you might be amazed to know that it may not return the true IP address of the client at all time. If your client is connected to the Internet through Proxy Server then $_SERVER['REMOTE_ADDR'] in PHP just returns the the IP address of the proxy server not of the client’s machine. So here is a simple function in PHP to find the real IP address of the client’s machine. There are extra Server variable which might be available to determine the exact IP address of the client’s machine in PHP, they are HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR.

Function to find real IP address in PHP

function getRealIpAddr()

{
  if (!empty($_SERVER['HTTP_CLIENT_IP']))
  //check ip from share internet
  {
    $ip=$_SERVER['HTTP_CLIENT_IP'];
  }
  elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
  //to check ip is pass from proxy
  {
    $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
  }
  else
  {
    $ip=$_SERVER['REMOTE_ADDR'];
  }
  return $ip;
}

In this PHP function, first attempt is to get the direct IP address of client’s machine, if not available then try for forwarded for IP address using HTTP_X_FORWARDED_FOR. And if this is also not available, then finally get the IP address using REMOTE_ADDR.

Source:  http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html

September 22, 2008

Validate e-mail addresses using PHP

Filed under: php — Tags: , , — Harsha M V @ 6:05 pm

<?php
$email = 'test@domain.com';

if(verify_email($email)){

// E-mail address looks to be in the proper format
// lets check the MX records

if(verify_email_dns($email)){

// E-mail passed both checks
echo 'Success - E-mail address appears to be valid.';

} else {

// E-mail is invalid, no MC record
echo 'Error - E-mail domain does not have an MX record.';

}

} else {

// E-mail inst formatted correctly
// so we don't even check its MX record
echo 'Error - E-mail address appears to be invalid.';

}

// Our function to filter our bogus formatted addresses
function verify_email($email){

if(!preg_match('/^[_A-z0-9-]+((\.|\+)[_A-z0-9-]+)*@[A-z0-9-]+(\.[A-z0-9-]+)*(\.[A-z]{2,4})$/',$email)){
return false;
} else {
return $email;
}
}

// Our function to verify the MX records
function verify_email_dns($email){

// This will split the email into its front
// and back (the domain) portions
list($name, $domain) = split('@',$email);

if(!checkdnsrr($domain,'MX')){

// No MX record found
return false;

} else {

// MX record found, return email
return $email;

}
}
?>

some good practices

Filed under: php — Tags: , , , , , , , , , , , , , , — Harsha M V @ 5:49 pm
  1. Use ip2long() and long2ip() to store IP addresses as integers instead of strings in a database. This will reduce the storage space by almost a factor of four (15 bytes for char(15) vs. 4 bytes for the integer), make it easier to calculate whether a certain address falls within a range, and speed-up searches and sorts (sometimes by quite a bit).
  2. Partially validate email addresses by checking that the domain name exists with checkdnsrr(). This built-in function checks to ensure that a specified domain name resolves to an IP address. A simple user-defined function that builds on checkdnsrr() to partially valid email addresses can be found in the user comments section in the PHP docs. This is handy for catching those occasional folks who think their email address is ‘joeuser@wwwphp.net’ instead of ‘joeuser@php.net’.
  3. Automatically print a nicely formatted copy of a page’s source code with highlight_file().This function is handy for when you need to ask for some assistance with a script in a messageboard, IRC, etc. Obviously, some care must be taken not to accidently show your source when it contains DB connection information, passwords, etc.
  4. Prevent potentially sensitive error messages from being shown to users with the error_reporting(0) function. Ideally error reporting should be completely disabled on a production server from within php.ini. However if you’re on a shared webhost and you aren’t given your own php.ini, then your best bet is to add error_reporting(0); as the first line in each of your scripts (or use it with require_once().) This will prevent potentially sensitive SQL queries and path names from being displayed if things go awry.
  5. Use gzcompress() and gzuncompress() to transparently compress/decompress large strings before storing them in a database. These built-in functions use the gzip algorithm and can compress plaintext up to 90%. I use these functions almost everytime I read/write to a BLOB field within PHP. The only exception is when I need full text indexing capabilities.

Blog at WordPress.com.