Curl and PHP: Client IP address gets changed

peppy · March 11, 2011, 1:57am

Greetings,

I am building a counter/security application of sorts that uses Curl and PHP. When a visitor comes to my site, the script is supposed to pass their IP address, browser headers, referring URLs and user agent through the Curl script, record data and perform security analysis.

Everything works fine except in the output of the script, it records my server’s IP address instead. This is a problem because I lose all the IP information from my clients

My question is how do I pass the client’s IP address through Curl without it being altered?

Thanks

Mandes · March 11, 2011, 8:48am

Its difficult to tell where your problem lies withou some code

peppy · March 13, 2011, 4:17am

Here is my basic curl code:


session_start();
$url = "http://www.mysite.com/target-page.php";
$header = "Location: ".$url;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, $header);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch);
curl_close($ch);

After the code runs, target-page.php is supposed to record the IP address of the visitor. Instead it records the IP address of my server running curl.

I’m not sure how “sockets” work but is there a way to create a connection between target-page.php and the client (for example, the target-page.php collects client IP information and sends information back to the client?)

AnthonySterling · March 13, 2011, 8:01am

There’s no need for sockets.

You already have access to the users information, you just need to capture/send in a manageable way.


<?php
function get_server_var($key){
  return !empty($_SERVER[$key]) ? $_SERVER[$key] ? null ;
}

$params = array(
  'remote-address'  => get_server_var('REMOTE_ADDR'),
  'user-agent'      => get_server_var('HTTP_USER_AGENT'),
  'referrer'        => get_server_var('HTTP_REFERER')
);

$handle = curl_init(sprintf(
  'http://www.example.org/tracker.php?%s',
  http_build_query($params)
));

curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($handle);

In ‘tracker.php’ you can access the $_GET superglobal to obtain the remote users information. Although, I’m guessing you’re wanting some additional behaviour here…

peppy · March 13, 2011, 11:07pm

Thanks for the help Anthony.

Unfortunately, I am getting this error right after the “null” part of the script:
Parse error: syntax error, unexpected ‘;’ on line 3"

tangoforce · March 13, 2011, 11:16pm

It’s a tenary thing. One of those ? marks should be a colon :.

peppy · March 13, 2011, 11:27pm

Ah, I got the script working now and I see what it is doing. I was actually able to do the equivalent using session variables in some of my earlier attempts

What if we take this a step further though and tracker.php is on an external third party site out of my control (such as a counter and API)? If we use “REMOTE_ADDR” on tracker.php, the IP still shows up as my server.

tangoforce · March 14, 2011, 12:05am

Correct because your server has become the client to that site and its script. I think you might be able to convince it your a proxy or mirror using the HTTP_X_FORWARDED_FOR header but you’ll need to look into that.

AnthonySterling · March 14, 2011, 7:51am

Yes, sorry about that. As pointed out by tangoforce, the second question mark should have been a colon.

There’s nothing you can do about that I’m afraid, unless of course the remote server permits (and supplies for) this functionality.

What exactly are you trying to do here, what underlying problem are you trying to solve?