How to determine if a user is on a local host in PHP?

Newer OS users (Win 7, 8) may also require the inclusion of a remote IPV6 address in their white list:

 $whitelist = array('127.0.0.1', "::1"); if(!in_array($_SERVER['REMOTE_ADDR'], $whitelist)){ // not valid } 

It seems you should not use $_SERVER['HTTP_HOST'] , because this value in the http header is easily faked.

You can use $_SERVER["REMOTE_ADDR"] too, this is a safer value, but can also be faked. This remote_addr is the address where Apache returns the result.

If you want to have a whitelist / permission list that supports static IP addresses and dynamic names .

For example:

 $whitelist = array("localhost", "127.0.0.1", "devel-pc.ds.com", "liveserver.com"); if (!isIPWhitelisted($whitelist)) die(); 

This way you can set a list of names / IPs that will (probably) be discovered. Dynamic names add extra flexibility for access from multiple locations.

Here you have two common options: you can specify a name in the local hosts file or just use one dynamic name provider that can be found anywhere.

This CACHES function makes gethostbyname a very slow function.

For this doll, I implemented this function:

 function isIPWhitelisted($whitelist = false) { if ( isset($_SESSION) && isset($_SESSION['isipallowed']) ) { return $_SESSION['isipallowed']; } // This is the whitelist $ipchecklist = array("localhost", "127.0.0.1", "::1"); if ($whitelist) $ipchecklist = $whitelist; $iplist = false; $isipallowed = false; $filename = "resolved-ip-list.txt"; $filename = substr(md5($filename), 0, 8)."_".$filename; // Just a spoon of security or just remove this line if (file_exists($filename)) { // If cache file has less than 1 day old use it if (time() - filemtime($filename) <= 60*60*24*1) $iplist = explode(";", file_get_contents($filename)); // Read cached resolved ips } // If file was not loaded or found -> generate ip list if (!$iplist) { $iplist = array(); $c=0; foreach ( $ipchecklist as $k => $iptoresolve ) { // gethostbyname: It a VERY SLOW function. We really need to cache the resolved ip list $ip = gethostbyname($iptoresolve); if ($ip != "") $iplist[$c] = $ip; $c++; } file_put_contents($filename, implode(";", $iplist)); } if (in_array($_SERVER['REMOTE_ADDR'], $iplist)) // Check if the client ip is allowed $isipallowed = true; if (isset($_SESSION)) $_SESSION['isipallowed'] = $isipallowed; return $isipallowed; } 

For better reliability, you can replace $ _ SERVER ['REMOTE_ADDR'] for get_ip_address () , which @Pekka referred to in the post as "this issue of generosity"

How to compare $_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'] to determine if the client is on the same computer as the server?

Sorry, but all of these answers seem terrible to me. I would suggest rephrasing the question, because in a sense, all machines are "local."

The question should be; How to run different code paths depending on which machine it is running on.

In my opinion, the easiest way is to create a file called DEVMACHINE or whatever, and then just check

file_exists ('DevMachine')

Do not forget to exclude this file when uploading to a live hosting environment!

This solution does not depend on the network configuration, it cannot be faked and allows you to easily switch between "live-code" and "dev-code".