I am totally confused about this one. A few months ago, I made a post asking how to record IP addresses with an order form. The solution I chose was this:

<?php
print "Your IP address is recorded with this transaction: $REMOTE_ADDR";
?>

and

<input type="hidden" name="ip" value="<?php echo($REMOTE_ADDR); ?>" />


It seemed to work just fine until recently. I have noticed that all of my signups have had the same IP! Including a test signup I did from my own computer. When I looked at the source, I noticed that the PHP stuff wasnt in there. Instead, this was:

Your IP address is recorded with this transaction: 12.252.36.118

and

<input type="hidden" name="ip" value="12.252.36.118" />

Well, I noticed that this is the IP that is coming through in my orders. So, I changed the coding back to have the php in there. I deleted the original order form on the server and uploaded the new one with the php. Then, I went to the page online and I couldnt believe what I saw. It changed the code back to the simple html code without the PHP.

This scares the crap out of me - do you think someone hacked into my server and put some script on there that is changing my code? Or is there some simple thing I am missing?

HELP!! :unhappy:

Any assistance would be greatly appreciated!!

Interesting... I use the exact same code in my php order form and never had a problem.

try this:

make a php file called: get_real_ip.php

in this file paste the following:

<?php
if (getenv(HTTP_X_FORWARDED_FOR))
{
//get past a proxy addy

$ip=getenv(HTTP_X_FORWARDED_FOR);
}
else
{
//normal ip addy
$ip=getenv(REMOTE_ADDR);
}
echo "$ip";
?>

end file: get_real_ip.php

now for the html do this:

<input type="hidden" name="ip" value="<?php include("get_real_ip.php"); ?>" />

David-WWH, your problem looks very strange, never heard anything like that, I also use the same code as you but no problem. Did you open your file and looked at the code or you used View Source in your browser?

Thanks for the responses folks.

Yes, I did look at the source code - it was fine on my computer but after uploading it and trying to use it, the code changes. This is why I fear a hacker may be causing this. U think this could be possible?

dreamrae.com, what code would I use to display the IP on the form?

Thanks again!

Best regards,
David Harris

$ip = getenv ("REMOTE_ADDR"); // get the ip number of the user

Thanks Fuel. I will try that. When I inserted that code in my html, I got an open_basedir restriction error with a whole bunch of text explaining the error. I am using a Plesk server and I am guessing this is because these files are in the /httpsdocs directory. Any ideas how to deal with this?

Thanks again for the help.

Does anyone have any idea at all why my html code is changing after I upload and use the page? :confused:

Hey Fuel,

This is not displaying the IP on my page. I tried it with and without the <?php tags - What can I be doing wrong? I am trying to display: "Your ip address is xxx.xxx.xxx.xxx" on the actual form, in case I wasnt clear before.

Well, to update, I guess it is not actually changing my code. I was doing a 'view source' and saw the code was different, but apparantly it created that page on the fly. When I actually looked at the code of the html page on the server, it was still intact. I didnt think a simple php thing like this would create a page on the fly - is this right?

My developers might shoot me if I am wrong, but I am pretty sure that php creates html pages. So, if you code in php and then do a "View Source" in Internet Explorer, you will never ever see the php code, just the html it produces.

I can't get my server to display the ip address when using:
<?php
print $REMOTE_ADDR";
?>

However, when I use:
<?php
print $HTTP_SERVER_VARS['REMOTE_ADDR'];
?>

or

print $_SERVER['REMOTE_ADDR'];

Found the problem - I needed register_globals = On but will keep it off for security reasons and use my code.

Originally posted by David-WWH
Well, to update, I guess it is not actually changing my code. I was doing a 'view source' and saw the code was different, but apparantly it created that page on the fly. When I actually looked at the code of the html page on the server, it was still intact. I didnt think a simple php thing like this would create a page on the fly - is this right?
That's why I asked you before. You'll never see php code if you use View Source. BTW, add Your ip address is <?php include("get_real_ip.php"); ?> to your signup page to display Your ip address is xxx.xxx.xxx.xxx

Should this be in PHP? It's obviously a user error and not a hacker. If this was a hacker replacing the script would have fixed the problem, the hacker would not have coded a cron job to change the code everytime or something similar.

Also, using the code to get the X_FORWARDED_FOR is not a great idea on its own - use both. If you use that with many proxy servers the IP you will get is an inside-use only class, ie 10.x.x.x, 192.168.x.x or 172.16.1-31.x. Thats a useless IP for logging - make sure you log both!