I have a competition scripted in PHP, vote based. From one IP, one person can vote for someone one time. I have a log of all IP addresses that voted, but I see something strange. Some IP addresses appear to be like for="ip_address:port", while others are just ip_address, and I see that one ip address, formatted with for="..." appear to be there multiple times, just with different ports. Can someone please explain it to me? How users do this, should I ban them from competition for this?
I use this function to get user IP address:
function get_client_ip_env() {
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
Also, if anyone know some good reference and manual with all predefined variables in PHP, please share it with me.
IP addresses HTTP headers can easily be spoofed and a lot of users (mainly mobile users on for example a wifi connection) have lease times on IP addresses that are very short, thus enabling them to vote again.
That said you can combine options, for example check IP address and set a cookie to make it harder to get around.
If you set a port with the ip address then it will not match your database records/list of IP addresses. Should you ban them for that? I can't answer that.
Most of your checking method is based on what the request says is the IP address, like the HTTP headers, which are easily spoofed. Don't trust them or accept that your poll is not going to get accurate results.
If you really want a fair voting system that allows one vote per person you will need to use something else then IP address to identify the user.
try this, it may helpfull for you
<?php
//for example
$ip = "216.58.196.68:8989";
$ip = strstr("$ip",':',true); //get text before :
echo $ip;
//it echo only 216.58.196.68
?>