This extends the problem...
Perhaps a lookup on md5(REMOTE_ADDR + CLIENT_IP + FORWARDED_FOR) on a database, plus verification via the cookie?
Sheesh - it just keeps getting worse... :)
Alan McFarlane wrote:
Having experimented with REMOTE_ADDR, HTTP_X_FORWARDER_FOR, HTTP_CLIENT_IP etc. I'm still unsure as to a foolproof method of identifying clients WITHOUT having them log in to a site.
I can only assume that some combination of the above environment variables and judicious use of small cookies is as near as I can get to perfection, but I'm stumped if I can see how to do it.
I am aware that whatever routine will only (roughly) identify a machine and not an actual human (can users be called human?), but that will have to do.
As for sample code, I can only presume it would be something like:
// Step 1 - get all interesting IP addresses...
$ip1 = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;
$ip2 = isset($_SERVER['HPPT_CLIENT_IP']) ? $_SERVER['HPPT_CLIENT_IP'] : null;
$ip3 = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : null;
// This may in fact be good enough...
$ip_md5 = md5(serialize(array($ip1, $ip2, $ip3)));
// Step 2 - get a cookie
$cookie = isset($_COOKIE[$ip_md5]) ? $_COOKIE[$ip_md5] : null;
if (is_null($cookie))
{
// set the cookie with something - probably just the $ip_md5 value?
}
Any suggestions etc. most appreciated.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
