Having experimented with REMOTE_ADDR, HTTP_X_FORWARDER_FOR,
HTTP_CLIENT_IP etc. I'm still unsure as to a foolproof method of
identifying clients WITHOUT having them log in to a site.
I can only assume that some combination of the above environment
variables and judicious use of small cookies is as near as I can get to
perfection, but I'm stumped if I can see how to do it.
I am aware that whatever routine will only (roughly) identify a machine
and not an actual human (can users be called human?), but that will have
to do.
As for sample code, I can only presume it would be something like:
// Step 1 - get all interesting IP addresses...
$ip1 = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;
$ip2 = isset($_SERVER['HPPT_CLIENT_IP']) ? $_SERVER['HPPT_CLIENT_IP'] :
null;
$ip3 = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : null;
// This may in fact be good enough...
$ip_md5 = md5(serialize(array($ip1, $ip2, $ip3)));
// Step 2 - get a cookie
$cookie = isset($_COOKIE[$ip_md5]) ? $_COOKIE[$ip_md5] : null;
if (is_null($cookie))
{
// set the cookie with something - probably just the $ip_md5 value?
}
Any suggestions etc. most appreciated.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
