A ver, este es el que yo puse:
Código PHP:
function getIp(){
if( isset( $_SERVER ['HTTP_X_FORWARDED_FOR'] ) ){
$ip = $_SERVER ['HTTP_X_FORWARDED_FOR'];
}elseif( isset( $_SERVER ['HTTP_VIA'] ) ){
$ip = $_SERVER ['HTTP_VIA'];
}elseif( isset( $_SERVER ['REMOTE_ADDR'] ) ){
$ip = $_SERVER ['REMOTE_ADDR'];
}else{
die();
}
return $ip;
}
Y se supone que cada una es:
$_SERVER['HTTP_X_FORWARDED_FOR'] contains the proxy behind the nat router
$_SERVER['REMOTE_ADDR'] is the isp proxy
Pero luego me encuentro este comentario:
Cita: Never ever trust the values that comes from $_SERVER.
HTTP_X_FORWARDED, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_FORWARDED, etc.. can be spoofed !
To get the ip of user, use only $_SERVER['REMOTE_ADDR'], otherwise the 'ip' of user can be easily changed by sending a HTTP_X_* header, so user can escape a ban or spoof a trusted ip.
Asi que no estoy muy seguro de ccomo evitar eso que tu pides.
Ademas, hay otros scripts mas enrevesados aun, como este:
Código PHP:
$realIP = "";
if (isSet($_SERVER["HTTP_X_FORWARDED_FOR"]) && strlen($_SERVER["HTTP_X_FORWARDED_FOR"])) {
echo "HTTP_X_FORWARDED_FOR: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . "<br>";
$realIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
}
if (isSet($_SERVER["HTTP_CLIENT_IP"]) && strlen($_SERVER["HTTP_CLIENT_IP"])) {
echo "HTTP_CLIENT_IP: " . $_SERVER["HTTP_CLIENT_IP"] . "<br>";
if ($realIP == "" || !preg_match ("#[^0-9.]#",$realIP)) $realIP = $_SERVER["HTTP_CLIENT_IP"];
}
if (isSet($_SERVER["HTTP_X_COMING_FROM"]) && strlen($_SERVER["HTTP_X_COMING_FROM"])) {
echo "HTTP_X_COMING_FROM: " . $_SERVER["HTTP_X_COMING_FROM"] . "<br>";
if ($realIP == "" || !preg_match ("#[^0-9.]#",$realIP)) $realIP = $_SERVER["HTTP_X_COMING_FROM"];
}
if (isSet($_SERVER["HTTP_COMING_FROM"]) && strlen($_SERVER["HTTP_COMING_FROM"])) {
echo "HTTP_COMING_FROM: " . $_SERVER["HTTP_COMING_FROM"] . "<br>";
if ($realIP == "" || !preg_match ("#[^0-9.]#",$realIP)) $realIP = $_SERVER["HTTP_COMING_FROM"];
}
if (isSet($_SERVER["HTTP_VIA"]) && strlen($_SERVER["HTTP_VIA"])) {
echo "HTTP_VIA: " . $_SERVER["HTTP_VIA"] . "<br>";
if ($realIP == "" || !preg_match ("#[^0-9.]#",$realIP)) $realIP = $_SERVER["HTTP_VIA"];
}
echo "REMOTE_ADDR: " . $_SERVER["REMOTE_ADDR"] . "<p>";
if ($realIP == "" || !preg_match ("#[^0-9.]#",$realIP)) $realIP = $_SERVER["REMOTE_ADDR"];
echo "REAL IP: $realIP";
Pero creo que si alguien quiere entrar desde un proxy, va a poder entrar (si podian acceder a paginas prohibidas en china a traves de proxys, me parece que van a poder acceder a las tuyas, porque lo que no inventen los chinos.... jejee)
P.D. Y ya como ultimo y mas sencillo, este que me he encontrado en php.net:
Código PHP:
<?php
if ($IP = getenv('HTTP_CLIENT_IP')) {}
elseif ($IP = getenv('HTTP_X_FORWARDED_FOR')) {}
elseif ($IP = getenv('HTTP_X_FORWARDED')) {}
elseif ($IP = getenv('HTTP_FORWARDED_FOR')) {}
elseif ($IP = getenv('HTTP_FORWARDED')) {}
else {
$IP = $_SERVER['REMOTE_ADDR'];
}
?>
evitar surfeadores 
