IP Address

The_PHP_Newb

I can get the IP of the server the script is running on and the IP from the visitor using the following:

$_SERVER['SERVER_ADDR']; and $_SERVER["REMOTE_ADDR"];

Now, is it possible to get the IP of the server which referred the visitor? If so, can you point me in the right direction.

Thx.

dkruythoff

You'll have to dissect $_SERVER['HTTP_REFERER'] to get that.

The_PHP_Newb

Yes but from what I understand HTTP_REFERER isn't forced through the browser so depending on the browser, you might not get any value at all.

mtmosier

Quite right, and on top of that it can be forged, so don't count on it for any security related usage. But it is the only clue you get about where the user came from.

The_PHP_Newb

So I'm guessing there is no solution here? The situation is this... I'm using an iframe to call a script from my own server. The code we give customers is in an iframe format but since the script resides on our server, of course we get our own IP address even thought the iframe is placed on someone elses server.

Any way we can get the IP from the customer using the iframe?

This directly relates to getting the IP from the referring server. If not, is there a better method than iframe? I can't guarantee all customers will be using a PHP page so I need something that is compatible with all environments. The bottom line here is I need a method to A) call a script from our server and 😎 authenticate the person using the iframe (or other suggestion).

mtmosier

It would be helpful if you clearified what you were trying to do and your requirements a bit more.

As it is I'm picturing that you're trying to do some sort of single sign on type thing, and the customers you refer to are other websites using your service. Sounds like they embed an iframe in the html they serve to users which loads a login page from your server.

If thats true, then a couple of questions.

Is it acceptable to have your customers do any sort of backend work at all? Even if you don't require php, could they be required to do some computation using the language of their choice, asp, java, perl, etc?

What about the user being able to change the data. Say you could get the ip of the customer's server every time. What if a user could change that value? If a malicious user were to be able to change the ip to an ip of another one of your customers, would that be unacceptable?

The_PHP_Newb

It's a reseller system that brings content from our site to the resellers and I'm trying to lock the code to their server IP but of course the scripts are running on our server.

Solution found... we're going to issue another Zend encrypted file for the resellers and have things run through it then pass the IP in. This will actually create two pieces of security for us. I could explain more but it's a moot point by now.

Anyways, I appreciate your efforts to help!