[英]Securing IP check php
I have 我有
$result = mysqli_query($mysqli,"SELECT * FROM ".MYSQLBTCTABLE." WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND date = '".date("Y-m-d")."' AND time = '".date("D")."'") or die(mysqli_error());
How can I secure the $_SERVER['REMOTE_ADDR']
so it checks not only the user ip/proxy but also the socks ip so they can't abuse my code by changing IP? 如何保护
$_SERVER['REMOTE_ADDR']
以便它不仅检查用户ip / proxy而且还检查socks ip,这样他们就不会通过更改IP来滥用我的代码?
also I found this code: 我也找到了这段代码:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Will it work so if I put WHERE ip = '".($ip)."'
? 它会工作,如果我把
WHERE ip = '".($ip)."'
?
You can not do that in common case 在常见情况下你不能这样做
cURL
or similar stuff cURL
或类似的东西请求 So that's the reality of the Internet. 这就是互联网的现实。 You can not rely on any information that came from client side.
您不能依赖来自客户端的任何信息。 If you're suspecting that user changed his IP address - then hide critical part behind authentication .
如果您怀疑用户更改了他的IP地址 - 那么隐藏身份验证背后的关键部分。 Thus, you'll be able to identify user by his login in your web-application.
因此,您将能够通过Web应用程序中的登录识别用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.