遗留问题
1、正則表達式
2、
HTTP_CLIENT_IP:可通過http頭偽造
HTTP_X_FORWARDED_FOR:可通過http頭偽造
REMOTE_ADDR:可能是用戶真實IP也可能是代理IP
服務(wù)端獲取IP地址 http://www.taoyiz.com/util/ip 其代碼如下:
$s_onlineip = getenv(‘HTTP_CLIENT_IP’);
echo “HTTP_CLIENT_IP:”.$s_onlineip.”<br/>\n”;
$s_onlineip = getenv(‘HTTP_X_FORWARDED_FOR’);
echo “HTTP_X_FORWARDED_FOR:”.$s_onlineip.”<br/>\n”;
$s_onlineip = getenv(‘REMOTE_ADDR’);
echo “REMOTE_ADDR:”.$s_onlineip.”<br/>\n”;
$s_onlineip = $_SERVER['REMOTE_ADDR'];
echo “\$_SERVER['REMOTE_ADDR']:”.$s_onlineip.”<br/>\n”;
客戶端代碼:
偽造IP測試:
$url = ‘http://www.taoyiz.com/util/ip’;
$data_string = ‘test=test’;
$URL_Info?? ?=?? ?parse_url($url);
$request = ”;
if (!isset($URL_Info["port"]))
$URL_Info["port"]=80;
$request.=”POST “.$URL_Info["path"].” HTTP/1.1\n”;
$request.=”Host: “.$URL_Info["host"].”\n”;
$request.=”Referer: “.$URL_Info["host"].”\n”;
$request.=”Content-type: application/x-www-form-urlencoded\n”;
$request.=”X-Forwarded-For:192.168.1.4\n”;//HTTP_X_FORWARDED_FOR的值
$request.=”client_ip:192.168.1.5\n”;//HTTP_CLIENT_IP的值
$request.=”Content-length: “.strlen($data_string).”\n”;
$request.=”Connection: close\n”;
$request.=”\n”;
$request.=$data_string.”\n”;
$fp = fsockopen($URL_Info["host"] $URL_Info["port"]);
fputs($fp $request);
$result = ”;
while(!feof($fp)) {
$result .= fgets($fp 1024);
}
fclose($fp);
echo $result;
輸出:
HTTP_CLIENT_IP:192.168.1.5
HTTP_X_FORWARDED_FOR:192.168.1.4
REMOTE_ADDR:127.0.0.1
$_SERVER['REMOTE_ADDR']:127.0.0.1
代理IP測試:
$cUrl = curl_init();
curl_setopt($cUrl CURLOPT_URL $url);
curl_setopt($cUrl CURLOPT_RETURNTRANSFER 1);
curl_setopt($cUrl CURLOPT_HEADER 1);
curl_setopt($cUrl CURLOPT_USERAGENT “Mozilla/99.99″);
//curl_setopt($cUrl CURLOPT_TIMEOUT 10);
curl_setopt($cUrl CURLOPT_PROXY ’125.77.194.103:80′);
$c = curl_exec($cUrl);
curl_close($cUrl);
echo $c;
輸出:
HTTP_CLIENT_IP:
HTTP_X_FORWARDED_FOR:
REMOTE_ADDR:125.77.194.103
$_SERVER['REMOTE_ADDR']:125.77.194.103
?
《新程序員》:云原生和全面數(shù)字化實踐50位技術(shù)專家共同創(chuàng)作,文字、視頻、音頻交互閱讀總結(jié)
- 上一篇: php中的魔术函数以及魔术常量
- 下一篇: define函数