In other words, how can I tell if the person using my web application is on the server it resides on? If I remember correctly, PHPMyAdmin does something like this for security reasons.
+3
A:
$_SERVER["REMOTE_ADDR"] should tell you the user's IP. It's spoofable, though.
Check this bounty question for a very detailed discussion.
I think what you remember with PHPMyAdmin is something different: Many mySQL Servers are configured so that they can only be accessed from localhost for security reasons.
Pekka
2010-01-12 23:29:20
Wow, looks like there's a lot more to this question than I thought...
Richard Marquez
2010-01-12 23:43:26
It's worth noting that some MySQL servers are so configured by not binding to a public interface. Similarly, if you wanted to restrict a PHP application in the same way, you should consider serving it via an apache instance bound only to an internal interface.
Frank Farmer
2010-01-12 23:44:17
+4
A:
You can also use $_SERVER['HTTP_HOST'] for which domain name/host is the client requesting. This is much reliable because when the client needs to request, it will need to send the actual host like GET example.com in the HTTP headers.
$whitelist = array('localhost','127.0.0.1');
if(!in_array($whitelist,$_SERVER['HTTP_HOST'])){
// not valid
}
thephpdeveloper
2010-01-12 23:37:34