I don't think there is more precise way to determine the visitor than by the IP address, and it sucks indeed.

You can't rely on the cookies, can't rely on what's in 'HTTP_USER_AGENT' ... as said: registration could be a solution - but it's an annoyance for the visitors - although you can try OpenID service.



NOTE:
The HTTP_X_FORWARDED_FOR can contain more IPs, so this is what I use:

function getIP()
{
        static $clientIP;
        
        if (isset($clientIP)) return $clientIP;
        
        if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
                $forwarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
                $ipaddr = $forwarded;
                
                $i = 0;
while (($pos = strrpos($forwarded, ',', $i)) !== false) { // nekdy jich muze byt vice
                        $ipaddr = substr($forwarded, $pos+1);
                        if (!$ipaddr) {
                                $forwarded = substr($forwarded, 0, $pos);
} elseif (preg_match('/^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)(?:[.](?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)){3}$/', $ipaddr)) {
                                return $clientIP = $ipaddr;
                        }
                }
        }
        
        return $clientIP = $_SERVER['REMOTE_ADDR'];
}


I doubt you find better solution than what you use now, but let me know if so,

Martin




Ian napsal(a):
Hi,
I am busy building an application that requires one time voting and to get
around the user deleting a cookie that I set im keeping a hash on my side
which I then try match before allowing anything.

This is how I currently generate my hash:
        /* Get vars */
        $browser = $_SERVER['HTTP_USER_AGENT'];
        $ip = $_SERVER['REMOTE_ADDR'];
        $real_client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
        if(!empty($real_client_ip))
                $name = gethostbyaddr($real_client_ip);
        else
                $name = gethostbyaddr($ip);

        /* Return generated hash */
        return md5($browser.$ip.$real_client_ip.$name);

Now thats not ideal because you can just change your user agent and vote
again - but IP isnt good enough either because in South Africa due to the
poor internet we all connect to international sites via a series of
Transparent proxies which makes everyone seem to come from one IP.

Anyone had to deal with this in the past and does anyone have any
suggestions/ideas as to how I could better this setup?

Many thanks in advance,
Ian


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to