PHP - identification of individual users in one router (primary IP address)

Question

PHP - identification of individual users in one router (primary IP address)

Is it possible to find the IP address (or otherwise identify) each user on the same "router" or "main IP address"?

Update clarifying the question:

Use of the case: I would like to be able to track whether each of the N individual computer users has reached a possibly shared network on a page.

Currently, using other PHP IP discovery fragments in S / O, this seems to identify only all N separate computers on the network originating from the same IP address. This does not help solve the problem of identifying whether they come from different users on the same network or if the same user on the network gets to the page several times.

-

Note. Cookies are probably disabled.

+8

php

ina Mar 26 '15 at 1:59

source share

6 answers

Strom · Answer 1 · 2019-05-25T03:03:03+0000

There is no single way to guarantee the uniqueness of a user on the Internet.

It is impossible to determine the difference between the bot and the real user.

Taking into account current trends in computer vision and training to prevent the use of captcha, it may seem that captcha is no longer an effective tool for identifying bots.

For any PAT (port address translation) combined with NAT, the network structure hides internal computers. There may be variants of USERAGENT indicating unique computers inside (provided that they were not fake).

But a set of twenty computers cloned from the same OS source and for PAT will look almost identical, the ports will be different, given the randomization of source port mappings and when compiling using PAT translations, the PHP Internet web server will still be displayed as one computer.

Regardless of whether the user is the same, the information cannot be set:

Cookies only identify specific computers associated with specific browsers and specific users. If the user would like to triple or quadruple ... himself, he can launch different browsers (IE, Safari, FireFox, Chrome and Opera) or several logins on the same computer (not to mention curl, wget and many others). access methods). It is still not able to distinguish individual users posing as several.

There are other network factors, such as Tor exit points and proxies, which further complicate the paradigm.

Considering that people tend to the same viewing patterns, given enough data, this can be set as the probability that users are the same, but even this probability can never be reliable (not to mention random bot patterns).

Logging in has a greater effect on the “user problem”, if you require each user to have a verified email account, you are more likely to have one user to log in, especially if you exclude common public mail domains such as hotmail .com and gmail.com and more. Private domains are nearly impossible to validate by individual users. The percentage of trust increases with a well established / well-known private domain (e.g. mit.edu).

In conclusion, this goal of identifying a single user cannot be reasonably achieved with any certainty from clients over the Internet .

There are mitigation methods available, but none are reliable.

STW · Answer 2 · 2015-03-26T02:20:42+0000

Not consistent. When NAT is involved, it is best to avoid using IP addresses as a specific client identification; instead, consider using cookies to store the session identifier for each client and using this information to distinguish between hosts (or user agents) that use the same IP address.

user9754585 · Answer 3 · 2019-05-26T06:24:31+0000

This could not be true 4 years ago when this question was first asked. But now, most of the Internet has an IPv6 address. I know that most people now also have IPv4 addresses. I would check the connection by IPv6 address. With IPv6 addresses, each machine must receive different IP addresses, even if it is on the same network.

Use this code to make sure that you are working with an IPv6 address. And if you have, different devices must have different IP addresses.

 <?php //whether ip is from share internet if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip_address = $_SERVER['HTTP_CLIENT_IP']; } //whether ip is from proxy elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; } //whether ip is from remote address else { $ip_address = $_SERVER['REMOTE_ADDR']; } $ip_address = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334"; // Validate ip as IPv6 if (filter_var($ip_address , FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { echo("$ip_address is a valid IPv6 address"); } else { echo("$ip_address is not a valid IPv6 address"); } ?>

pala_ · Answer 4 · 2015-03-26T02:05:19+0000

Most web proxy ~~routing routers~~ put the source IP address in the X-Forwarded-For header. With PHP, you can access this sender address with:

 $_SERVER['HTTP_X_FORWARDED_FOR']

I should also note that this header may well contain several addresses, as the request goes through additional ~~routers proxies~~ . It's up to you what address you are really interested in.

It is also pretty trivial to create a header.

Shane · Answer 5 · 2015-03-26T02:38:54+0000

Your question is rather vague, and I can think of several different ways that can be interpreted ...

Given that you have several requests from people from the same external IP (i.e. they are on the same network), can you find their local IP address on this network? no . You can not.
Is it possible to find every machine on the local network (locally for the server)? yes - you can implement network discovery. The absolute simplest way would probably be to open the socket on all possible local IP addresses and see what happens, and judge based on this. The best method is likely to be PING for each potential host, but I don’t know of any system-specific way to do this, which means that you may need to do some research for yourself, which would be the best way.

If this does not answer your question, let me know what exactly you are trying to do, and I will adjust my answer.

Paddy hallihan · Answer 6 · 2019-05-27T13:13:42+0000

So, I have a log file to track my users on my site, and I'm doing something like this to get an IP:

 if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; }

As for different users on the same network, I am also trying to track the session id:

 $session_id = session_id();

Thus, even if the IP address is the same for several users, they must have different browsing sessions.

If you want to track the same user for several sessions, you can try to set a unique cookie, but even if it is a new session, the cookie still has to exist on this computer of the user (provided that they did not clear their cache and etc.), But as you said in your question, if cookies are disabled, this is not an option.

PHP - identification of individual users in one router (primary IP address)

More articles: