protected static function detectIP()
{
// Normally the $_SERVER superglobal is set
if (isset($_SERVER)) {
// Do we have an x-forwarded-for HTTP header (e.g. NginX)?
if (self::$allowIpOverrides && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
// Do we have a client-ip header (e.g. non-transparent proxy)?
if (self::$allowIpOverrides && array_key_exists('HTTP_CLIENT_IP', $_SERVER)) {
return $_SERVER['HTTP_CLIENT_IP'];
}
// Normal, non-proxied server or server behind a transparent proxy
return $_SERVER['REMOTE_ADDR'];
}
// This part is executed on PHP running as CGI, or on SAPIs which do
// not set the $_SERVER superglobal
// If getenv() is disabled, you're screwed
if (!function_exists('getenv')) {
return '';
}
// Do we have an x-forwarded-for HTTP header?
if (self::$allowIpOverrides && getenv('HTTP_X_FORWARDED_FOR')) {
return getenv('HTTP_X_FORWARDED_FOR');
}
// Do we have a client-ip header?
if (self::$allowIpOverrides && getenv('HTTP_CLIENT_IP')) {
return getenv('HTTP_CLIENT_IP');
}
// Normal, non-proxied server or server behind a transparent proxy
if (getenv('REMOTE_ADDR')) {
return getenv('REMOTE_ADDR');
}
// Catch-all case for broken servers, apparently
return '';
}
