Getting User information in PHP
Written by admin on August 5th, 2008 in PHP Tutorials, Tutorials.
In the previous tutorial we showed you how to get a user’s IP using PHP. However there is a way that you can get vasts amount of information about the user in PHP. We will now teach you how to get all of this information.
Getting information about the website or visitor mainly depends on the $_SERVER variable. This is a pre-defined global variable in PHP that is always set and can be used anywhere. Below are the different types of information you can get from $_SERVER.
PHP_SELF : The filename of the currently executing script, relative to the document root. For instance, $_SERVER[’PHP_SELF’] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar.
GATEWAY_INTERFACE : What revision of the CGI specification the server is using; i.e. ‘CGI/1.1‘.
SERVER_ADDR : The IP address of the server under which the current script is executing.
SERVER_NAME : The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.
SERVER_SOFTWARE : Server identification string, given in the headers when responding to requests.
SERVER_PROTOCOL : Name and revision of the information protocol via which the page was requested; i.e. ‘HTTP/1.0‘;
REQUEST_METHOD : Which request method was used to access the page; i.e. ‘GET‘, ‘HEAD‘, ‘POST‘, ‘PUT‘.
REQUEST_TIME : The time stamp of the start of the request.
QUERY_STRING : The query string, if any, via which the page was accessed.
DOCUMENT_ROOT : The document root directory under which the current script is executing, as defined in the server’s configuration file.
HTTP_ACCEPT : Contents of the Accept: header from the current request, if there is one.
HTTP_ACCEPT_CHARSET : Contents of the Accept-Charset: header from the current request, if there is one. Example: ‘iso-8859-1,*,utf-8‘.
HTTP_ACCEPT_ENCODING : Contents of the Accept-Encoding: header from the current request, if there is one. Example: ‘gzip‘.
HTTP_ACCEPT_LANGUAGE : Contents of the Accept-Language: header from the current request, if there is one. Example: ‘en‘.
HTTP_CONNECTION : Contents of the Connection: header from the current request, if there is one. Example: ‘Keep-Alive‘.
HTTP_HOST : Contents of the Host: header from the current request, if there is one. Example: yourdomain.com
HTTP_REFERER : The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
HTTP_USER_AGENT : Contents of the User-Agent: header from the current request, if there is one. This is a string denoting the user agent being which is accessing the page. A typical example is: Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586).
HTTPS : Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.
REMOTE_ADDR : The IP address from which the user is viewing the current page. We already know this one!
REMOTE_HOST : The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.
REMOTE_PORT : The port being used on the user’s machine to communicate with the web server.
SCRIPT_FILENAME : The absolute pathname of the currently executing script.
SERVER_ADMIN : The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host.
SERVER_PORT : The port on the server machine being used by the web server for communication. For default setups, this will be ‘80‘; using SSL, for instance, will change this to whatever your defined secure HTTP port is. Normally Port 80 or 81.
SERVER_SIGNATURE : String containing the server version and virtual host name which are added to server-generated pages, if enabled.
PATH_TRANSLATED : Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.
SCRIPT_NAME : Contains the current script’s path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file.
REQUEST_URI : The URI which was given in order to access this page; for instance, ‘/index.html‘. Very useful for auto generating forms.
PHP_AUTH_DIGEST : When running under Apache as module doing Digest HTTP authentication this variable is set to the ‘Authorization’ header sent by the client (which you should then use to make the appropriate validation).
PHP_AUTH_USER : When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.
PHP_AUTH_PW : When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.
AUTH_TYPE : When running under Apache as module doing HTTP authenticated this variable is set to the authentication type.
It’s a long list isn’t it? Veriable with SERVER in them normally refer to current server settings or processes. REMOTE refers to users settings and processes. HTTP refers to any information about connection settings such as headers SSL etc. Most are self explanatory.
Some of these variables you may never use but it is nice to have them available to you. The most commonly used ones are REMOTE_ADDR, REQUEST_URI, PHP_SELF and HTTP_USER_AGENT. Lets see a few examples of these in action.
To see what browser a visitor is using we would use the following:
$_SERVER[’HTTP_USER_AGENT’]
This would produce something similar to: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
To see what page we are currently on we would use:
$_SERVER[’PHP_SELF’]
To get the current URL we are on we would use:
$_SERVER[’HTTP_HOST’]
However some variables such as HTTP_REFERER can be faked so this variable can not always be trusted.
Please post your comments if you require any help with $_SERVER variables.