tags:

views:

203

answers:

4
Q: 

Getting Different IP each time

Hello,

I am creating a poll script for a facebook fan page:

http://www.facebook.com/apps/application.php?id=115400635147687&v=app_115400635147687

I am getting the IP using:

$_SERVER['REMOTE_ADDR']

But the problem is that each time I refresh the page, or make an ajax call, the IP is changed everytime. Someone told me that facebook has many IPs, proxies.

Basically I need to save the IP in database, so that once a user from certain IP has voted, he should not be able to do so again.

What is the solution or alternative to this??

+3  A: 

Blocking by IP is not really a reliable way of doing things (need to consider about people sharing the same public IP). Since it is a Facebook application, can't you instead block by the logged on Facebook account instead?

Amry  2010-04-23 07:15:23
@Amry: I have not been able to find the way to actually get the facebook id, since there is no logging required for that.
Sarfraz  2010-04-23 07:20:19
You can only get a user's Facebook profile information if the user explicitly allows your application to access it. Otherwise, all access to your application is essentially "anonymous" and Facebook goes to great lengths to ensure that you can't tell one user from another...
Dean Harding  2010-04-23 07:20:39
+2  A: 

I assume the IP at the top of the linked page is what you're dealing with. If we do a whois:

$ whois 69.63.181.250

OrgName:    Facebook, Inc.
OrgID:      THEFA-3
Address:    1601 S. California Ave
City:       Palo Alto
StateProv:  CA
PostalCode: 94304
Country:    US

NetRange:   69.63.176.0 - 69.63.191.255
CIDR:       69.63.176.0/20

We find that those IPs belong to Facebook's servers, not to your users.

If I understand what's happening correctly, when someone requests a page from your application, Facebook's servers request it from you on their behalf. In that case, you simply won't be able to get your users' IPs.

josh3736  2010-04-23 07:15:38
...and restricting by IP would stop legitimate users from voting as they may have their request handled by a proxy previously used by another user
Rowland Shaw  2010-04-23 07:41:15
+2  A: 

Note that when developing a fan page in Facebook, the Facebook servers essentially act as a proxy. That is, the user's browser asks Facebook for the page, then Facebook's servers make a request to your website to get the content. The Facebook server then rewrites all links and Javascript so that it any callbacks go through the Facebook servers first.

In the end, that means that you'll never see the user's "actual" IP address on your server: you'll only ever see Facebook's IP addresses.

This is done for privacy reasons, as I understand it. That is, the user will have to explicitly allow your application to access their profile before you will be able to get any "identifiable" information about them.

Dean Harding  2010-04-23 07:17:51
+1  A: 

I found the perfect solution finally. Basically when you do ajax post, you can get the user's id using:

$_POST['fb_sig_user']

Thanks to all of you for your answers. Have a good day/night ahead :)

Sarfraz  2010-04-23 08:20:21

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases