$_SERVER['REMOTE_ADDR'] not giving the right ip address

Question

I'm making a form with PHP and I want to keep record of the User's IP Addresses. This is the snip-it of code I used:

<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />

When I open the code up in XAMPP and read the source, the value had an IP address different than what was mine:

<input type="hidden" name="ip" value="::1" />

Does this IP address normally happen when I use it in a localhost (XAMPP)?
If not, are there any alternatives into grabbing the user's IP address?

Answer 1

IP ::1 is "localhost" in IPv6 version. Your machine is configured with IPv6 - and hence you're getting this IP address. Probably, when you deploy your application on the live server, IPv6 will not be configured on the server and your app will get a more familiar IPv4 address (e.g. aaa.bbb.ccc.ddd).

On another note, $_SERVER['REMOTE_ADDR'] may not always contain the right address. It's better to use:

if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip_address = $_SERVER['REMOTE_ADDR'];
}

Answer 2

<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />

Don't do that. Get the request from $_SERVER when the form is submitted. Getting it when the form is generated and storing it in the form just gives people the opportunity to change it.

Does this IP address normally happen when I use it in a localhost (XAMPP)?

Yes. Getting the local IP (IPv6) address is normal when you request a page from localhost.