Originally posted by Jack Gable
Clearly if you run the program via some proxy serving you then that is IP address it will use.
My point exactly. The application on the serverside
can't know if the IP-address received
is in fact from the origin client. Thus, using IP-addresses to identify a user from a PHP server application is useless since it won't tell the application anything of worth.
The webserver receives page requests from the client using the HTTP protocol (part of TCP/IP). The webserver knows to which IP-address and port the response should be returned. The webserver initiates the PHP interpreter (if necessary) which in turn parses the PHP script (the application).
Now,
depending on the php settings the script may or may not be able to access information about the client. If the script can access the server variables (defined by the webserver based on the information passed from the client), those may or may not be correct because of proxies and the likes in between (there's even a special global variable in PHP's _SERVER array supposed to identify any proxies but even that one has proven invalid).
So, fact remains. As a developer of a PHP application you cannot be sure that you've got two distinct different users or not based on the information given by an IP-address and whatever else the client may "say" about itself. See?
---
You're talking about the fact that server logs will always contain information about each client, but not even that is necessarily true. There are literally thousands of relaying servers out there that won't log information (simply because it drags down their processing time). If you go out there and try to backtrack an origin client and you hit one of those servers, you won't be able to locate the client without much trouble. The Internet is, for all a PHP application can access, an anonymous network.