功能:获取用户真实IP地址,代理服务器内网IP,防HTTP_CDN_FORWARDED_FOR注入
function getIP() {
if (isset($_SERVER["HTTP_CDN_SRC_IP"])) {
$realip = $_SERVER["HTTP_CDN_SRC_IP"];
} else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/',$_SERVER['HTTP_X_FORWARDED_FOR'])) {
$realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
$realip = $_SERVER['HTTP_CLIENT_IP'];
} else {
$realip = $_SERVER['REMOTE_ADDR'];
}
//如果是代理服务器,有可能返回两个IP,这是取第一个即可
if (stristr($realip, ','))
$realip = strstr($realip, ',', true);
return (str_replace('#', '', $realip));
}
关于注入漏洞,可以查看:http://www.cnblogs.com/chengmo/archive/2013/05/29/php.html)