PHP 7.2.0 Release Candidate 2 Released

$_SERVER

$HTTP_SERVER_VARS [removed]

(PHP 4 >= 4.1.0, PHP 5, PHP 7)

$_SERVER -- $HTTP_SERVER_VARS [removed]Server and execution environment information

Description

$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI/1.1 specification, so you should be able to expect those.

Note: Prior to PHP 5.4.0, $HTTP_SERVER_VARS contained the same initial information, but was not a superglobal. (Note that $HTTP_SERVER_VARS and $_SERVER were different variables and that PHP handled them as such.)

Indices

You may or may not find any of the following elements in $_SERVER. Note that few, if any, of these will be available (or indeed have any meaning) if running PHP on the command line.

'PHP_SELF'
The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/foo/bar.php would be /foo/bar.php. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.
'argv'
Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string.
'argc'
Contains the number of command line parameters passed to the script (if run on the command line).
'GATEWAY_INTERFACE'
What revision of the CGI specification the server is using; i.e. 'CGI/1.1'.
'SERVER_ADDR'
The IP address of the server under which the current script is executing.
'SERVER_NAME'
The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

Note: Under Apache 2, you must set UseCanonicalName = On and ServerName. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.

'SERVER_SOFTWARE'
Server identification string, given in the headers when responding to requests.
'SERVER_PROTOCOL'
Name and revision of the information protocol via which the page was requested; i.e. 'HTTP/1.0';
'REQUEST_METHOD'
Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.

Note:

PHP script is terminated after sending headers (it means after producing any output without output buffering) if the request method was HEAD.

'REQUEST_TIME'
The timestamp of the start of the request. Available since PHP 5.1.0.
'REQUEST_TIME_FLOAT'
The timestamp of the start of the request, with microsecond precision. Available since PHP 5.4.0.
'QUERY_STRING'
The query string, if any, via which the page was accessed.
'DOCUMENT_ROOT'
The document root directory under which the current script is executing, as defined in the server's configuration file.
'HTTP_ACCEPT'
Contents of the Accept: header from the current request, if there is one.
'HTTP_ACCEPT_CHARSET'
Contents of the Accept-Charset: header from the current request, if there is one. Example: 'iso-8859-1,*,utf-8'.
'HTTP_ACCEPT_ENCODING'
Contents of the Accept-Encoding: header from the current request, if there is one. Example: 'gzip'.
'HTTP_ACCEPT_LANGUAGE'
Contents of the Accept-Language: header from the current request, if there is one. Example: 'en'.
'HTTP_CONNECTION'
Contents of the Connection: header from the current request, if there is one. Example: 'Keep-Alive'.
'HTTP_HOST'
Contents of the Host: header from the current request, if there is one.
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
'HTTP_USER_AGENT'
Contents of the User-Agent: header from the current request, if there is one. This is a string denoting the user agent being which is accessing the page. A typical example is: Mozilla/4.5 [en] (X11; U; Linux 2.2.9 i586). Among other things, you can use this value with get_browser() to tailor your page's output to the capabilities of the user agent.
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.

Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_ADDR'
The IP address from which the user is viewing the current page.
'REMOTE_HOST'
The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.

Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.
'REMOTE_USER'
The authenticated user.
'REDIRECT_REMOTE_USER'
The authenticated user if the request is internally redirected.
'SCRIPT_FILENAME'

The absolute pathname of the currently executing script.

Note:

If a script is executed with the CLI, as a relative path, such as file.php or ../file.php, $_SERVER['SCRIPT_FILENAME'] will contain the relative path specified by the user.

'SERVER_ADMIN'
The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host.
'SERVER_PORT'
The port on the server machine being used by the web server for communication. For default setups, this will be '80'; using SSL, for instance, will change this to whatever your defined secure HTTP port is.

Note: Under the Apache 2, you must set UseCanonicalName = On, as well as UseCanonicalPhysicalPort = On in order to get the physical (real) port, otherwise, this value can be spoofed and it may or may not return the physical port value. It is not safe to rely on this value in security-dependent contexts.

'SERVER_SIGNATURE'
String containing the server version and virtual host name which are added to server-generated pages, if enabled.
'PATH_TRANSLATED'
Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.

Note: As of PHP 4.3.2, PATH_TRANSLATED is no longer set implicitly under the Apache 2 SAPI in contrast to the situation in Apache 1, where it's set to the same value as the SCRIPT_FILENAME server variable when it's not populated by Apache. This change was made to comply with the CGI specification that PATH_TRANSLATED should only exist if PATH_INFO is defined. Apache 2 users may use AcceptPathInfo = On inside httpd.conf to define PATH_INFO.

'SCRIPT_NAME'
Contains the current script's path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file.
'REQUEST_URI'
The URI which was given in order to access this page; for instance, '/index.html'.
'PHP_AUTH_DIGEST'
When doing Digest HTTP authentication this variable is set to the 'Authorization' header sent by the client (which you should then use to make the appropriate validation).
'PHP_AUTH_USER'
When doing HTTP authentication this variable is set to the username provided by the user.
'PHP_AUTH_PW'
When doing HTTP authentication this variable is set to the password provided by the user.
'AUTH_TYPE'
When doing HTTP authentication this variable is set to the authentication type.
'PATH_INFO'
Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.
'ORIG_PATH_INFO'
Original version of 'PATH_INFO' before processed by PHP.

Changelog

Version Description
5.4.0 $HTTP_SERVER_VARS isn't available anymore due to the removal of long arrays registering.
5.3.0 Directive register_long_arrays which caused $HTTP_SERVER_VARS to be available has been deprecated.
4.1.0 Introduced $_SERVER that deprecated $HTTP_SERVER_VARS.

Examples

Example #1 $_SERVER example

<?php
echo $_SERVER['SERVER_NAME'];
?>

The above example will output something similar to:

www.example.com

Notes

Note:

This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.

add a note add a note

User Contributed Notes 62 notes

up
251
zeufonlinux at gmail dot com
4 years ago
Just a PHP file to put on your local server (as I don't have enough memory)

<?php
$indicesServer
= array('PHP_SELF',
'argv',
'argc',
'GATEWAY_INTERFACE',
'SERVER_ADDR',
'SERVER_NAME',
'SERVER_SOFTWARE',
'SERVER_PROTOCOL',
'REQUEST_METHOD',
'REQUEST_TIME',
'REQUEST_TIME_FLOAT',
'QUERY_STRING',
'DOCUMENT_ROOT',
'HTTP_ACCEPT',
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_HOST',
'HTTP_REFERER',
'HTTP_USER_AGENT',
'HTTPS',
'REMOTE_ADDR',
'REMOTE_HOST',
'REMOTE_PORT',
'REMOTE_USER',
'REDIRECT_REMOTE_USER',
'SCRIPT_FILENAME',
'SERVER_ADMIN',
'SERVER_PORT',
'SERVER_SIGNATURE',
'PATH_TRANSLATED',
'SCRIPT_NAME',
'REQUEST_URI',
'PHP_AUTH_DIGEST',
'PHP_AUTH_USER',
'PHP_AUTH_PW',
'AUTH_TYPE',
'PATH_INFO',
'ORIG_PATH_INFO') ;

echo
'<table cellpadding="10">' ;
foreach (
$indicesServer as $arg) {
    if (isset(
$_SERVER[$arg])) {
        echo
'<tr><td>'.$arg.'</td><td>' . $_SERVER[$arg] . '</td></tr>' ;
    }
    else {
        echo
'<tr><td>'.$arg.'</td><td>-</td></tr>' ;
    }
}
echo
'</table>' ;

/*

That will give you the result of each variable like (if the file is server_indices.php at the root and Apache Web directory is in E:\web) :

PHP_SELF    /server_indices.php
argv    -
argc    -
GATEWAY_INTERFACE    CGI/1.1
SERVER_ADDR    127.0.0.1
SERVER_NAME    localhost
SERVER_SOFTWARE    Apache/2.2.22 (Win64) PHP/5.3.13
SERVER_PROTOCOL    HTTP/1.1
REQUEST_METHOD    GET
REQUEST_TIME    1361542579
REQUEST_TIME_FLOAT    -
QUERY_STRING   
DOCUMENT_ROOT    E:/web/
HTTP_ACCEPT    text/html,application/xhtml+xml,application/xml;q=0.9,*/
*;q=0.8
HTTP_ACCEPT_CHARSET    ISO
-8859-1,utf-8;q=0.7,*;q=0.3
HTTP_ACCEPT_ENCODING    gzip
,deflate,sdch
HTTP_ACCEPT_LANGUAGE    fr
-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
HTTP_CONNECTION    keep
-alive
HTTP_HOST    localhost
HTTP_REFERER    http
://localhost/
HTTP_USER_AGENT    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
HTTPS   
-
REMOTE_ADDR    127.0.0.1
REMOTE_HOST   
-
REMOTE_PORT    65037
REMOTE_USER   
-
REDIRECT_REMOTE_USER    -
SCRIPT_FILENAME    E:/web/server_indices.php
SERVER_ADMIN    myemail
@personal.us
SERVER_PORT    80
SERVER_SIGNATURE   
PATH_TRANSLATED   
-
SCRIPT_NAME    /server_indices.php
REQUEST_URI   
/server_indices.php
PHP_AUTH_DIGEST   
-
PHP_AUTH_USER    -
PHP_AUTH_PW    -
AUTH_TYPE    -
PATH_INFO    -
ORIG_PATH_INFO    -

*/
?>
up
5
chris at ocproducts dot com
5 months ago
Guide to absolute paths...

Data: __FILE__
Data type: String
Purpose: The absolute pathname of the running PHP file, including the filename.
Caveat: This is not the file called by the PHP processor, it's what is running. So if you are inside an include, it's the include.
Caveat: Symbolic links are pre-resolved, so don't trust comparison of paths to be accurate.
Caveat: Don't assume all operating systems use '/' for the directory separator.
Works on web mode: Yes
Works on CLI mode: Yes

Data: __DIR__
Data type: String
Purpose: The absolute pathname to the running PHP file, excluding the filename
Caveat: This is not the file called by the PHP processor, it's what is running. So if you are inside an include, it's the include.
Caveat: Symbolic links are pre-resolved, so don't trust comparison of paths to be accurate.
Caveat: Don't assume all operating systems use '/' for the directory separator.
Works on web mode: Yes
Works on CLI mode: Yes

Data: $_SERVER['SCRIPT_FILENAME']
Data type: String
Purpose: The absolute pathname of the origin PHP file, including the filename
Caveat: Not set on all PHP environments, may need setting by copying from __FILE__ before other files are included.
Caveat: Symbolic links are not pre-resolved, use PHP's 'realpath' function if you need it resolved.
Caveat: Don't assume all operating systems use '/' for the directory separator.
Caveat: "Filename" makes you think it is just a filename, but it really is the full absolute pathname. Read the identifier as "Script's filesystem (path)name".
Works on web mode: Yes
Works on CLI mode: Yes

Data: $_SERVER['PATH_TRANSLATED']
Data type: String
Purpose: The absolute pathname of the origin PHP file, including the filename
Caveat: It's probably not set, best to just not use it. Just use realpath($_SERVER['SCRIPT_FILENAME']) (and be aware that itself may need to have been emulated).
Caveat: Symbolic links are pre-resolved, so don't trust comparison of paths to be accurate.
Caveat: Don't assume all operating systems use '/' for the directory separator.
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['DOCUMENT_ROOT']
Data type: String
Purpose: Get the absolute path to the web server's document root. No trailing slash.
Caveat: Don't trust this to be set, or set correctly, unless you control the server environment.
Caveat: May or may not have symbolic links pre-resolved, use PHP's 'realpath' function if you need it resolved.
Caveat: Don't assume all operating systems use '/' for the directory separator.
Works on web mode: Yes
Works on CLI mode: No

Note that if something is not set it may be missing from $_SERVER, or it may be blank, so use PHP's 'empty' function for your test.

Note that if you call "php --info" on the command line then naturally some of these settings are going to be blank, as no PHP file is involved.
up
77
Vladimir Kornea
8 years ago
1. All elements of the $_SERVER array whose keys begin with 'HTTP_' come from HTTP request headers and are not to be trusted.

2. All HTTP headers sent to the script are made available through the $_SERVER array, with names prefixed by 'HTTP_'.

3. $_SERVER['PHP_SELF'] is dangerous if misused. If login.php/nearly_arbitrary_string is requested, $_SERVER['PHP_SELF'] will contain not just login.php, but the entire login.php/nearly_arbitrary_string. If you've printed $_SERVER['PHP_SELF'] as the value of the action attribute of your form tag without performing HTML encoding, an attacker can perform XSS attacks by offering users a link to your site such as this:

<a href='http://www.example.com/login.php/"><script type="text/javascript">...</script><span a="'>Example.com</a>

The javascript block would define an event handler function and bind it to the form's submit event. This event handler would load via an <img> tag an external file, with the submitted username and password as parameters.

Use $_SERVER['SCRIPT_NAME'] instead of $_SERVER['PHP_SELF']. HTML encode every string sent to the browser that should not be interpreted as HTML, unless you are absolutely certain that it cannot contain anything that the browser can interpret as HTML.
up
3
chris at ocproducts dot com
5 months ago
Guide to script parameters...

Data: $_GET
Data type: Array (map)
Purpose: Contains all GET parameters (i.e. a parsed URL query string).
Caveat: GET parameter names have to be compliant with PHP variable naming, e.g. dots are not allowed and get substituted.
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['QUERY_STRING']
Data type: String
Purpose: Gets an unparsed URL query string.
Caveat: Not set on all PHP environments, may need setting via http_build_query($_GET).
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['argv']
Data type: Array (list)
Purpose: Get CLI call parameters.
Works on web mode: Tenuous (just contains a single parameter, the query string)
Works on CLI mode: Yes
up
39
Lord Mac
7 years ago
An even *more* improved version...

<?php
phpinfo
(32);
?>
up
4
chris at ocproducts dot com
5 months ago
Guide to URL paths...

Data: $_SERVER['PHP_SELF']
Data type: String
Purpose: The URL path name of the current PHP file, including path-info (see $_SERVER['PATH_INFO']) and excluding URL query string. Includes leading slash.
Caveat: This is after URL rewrites (i.e. it's as seen by PHP, not necessarily the original call URL).
Works on web mode: Yes
Works on CLI mode: Tenuous (emulated to contain just the exact call path of the CLI script, with whatever exotic relative pathname you may call with, not made absolute and not normalised or pre-resolved)

Data: $_SERVER['SCRIPT_NAME']
Data type: String
Purpose: The URL path name of the current PHP file, excluding path-info and excluding URL query string. Includes leading slash.
Caveat: This is after URL rewrites (i.e. it's as seen by PHP, not necessarily the original call URL).
Caveat: Not set on all PHP environments, may need setting via preg_replace('#\.php/.*#', '.php', $_SERVER['PHP_SELF']).
Works on web mode: Yes
Works on CLI mode: Tenuous (emulated to contain just the exact call path of the CLI script, with whatever exotic relative pathname you may call with, not made absolute and not normalised or pre-resolved)

Data: $_SERVER['REDIRECT_URL']
Data type: String
Purpose: The URL path name of the current PHP file, path-info is N/A and excluding URL query string. Includes leading slash.
Caveat: This is before URL rewrites (i.e. it's as per the original call URL).
Caveat: Not set on all PHP environments, and definitely only ones with URL rewrites.
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['REQUEST_URI']
Data type: String
Purpose: The URL path name of the current PHP file, including path-info and including URL query string. Includes leading slash.
Caveat: This is before URL rewrites (i.e. it's as per the original call URL). *
*: I've seen at least one situation where this is not true (there was another $_SERVER variable to use instead supplied by the URL rewriter), but the author of the URL rewriter later fixed it so probably fair to dismiss this particular note.
Caveat: Not set on all PHP environments, may need setting via $_SERVER['REDIRECT_URL'] . '?' . http_build_query($_GET) [if $_SERVER['REDIRECT_URL'] is set, and imperfect as we don't know what GET parameters were originally passed vs which were injected in the URL rewrite] --otherwise-- $_SERVER['PHP_SELF'] . '?' . http_build_query($_GET).
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['PATH_INFO']
Data type: String
Purpose: Find the path-info, which is data after the .php filename in the URL call. It's a strange concept.
Caveat: Some environments may not support it, it is best avoided unless you have complete server control
Works on web mode: Yes
Works on CLI mode: No

Note that if something is not set it may be missing from $_SERVER, or it may be blank, so use PHP's 'empty' function for your test.
up
2
pierstoval at example dot com
4 months ago
As PHP $_SERVER var is populated with a lot of vars, I think it's important to say that it's also populated with environment vars.

For example, with a PHP script, we can have this:

    MY_ENV_VAR=Hello php -r 'echo $_SERVER["MY_ENV_VAR"];'
   
Will show "Hello".

But, internally, PHP makes sure that "internal" keys in $_SERVER are not overriden, so you wouldn't be able to do something like this:

    REQUEST_TIME=Hello php -r 'var_dump($_SERVER["REQUEST_TIME"]);'
   
Will show something like 1492897785

However, a lot of vars are still vulnerable from environment injection.

I created a gist here ( https://gist.github.com/Pierstoval/f287d3e61252e791a943dd73874ab5ee ) with my PHP configuration on windows with PHP7.0.15 on WSL with bash, the results are that the only "safe" vars are the following:

PHP_SELF
SCRIPT_NAME
SCRIPT_FILENAME
PATH_TRANSLATED
DOCUMENT_ROOT
REQUEST_TIME_FLOAT
REQUEST_TIME
argv
argc

All the rest can be overriden with environment vars, which is not very cool actually because it can break PHP applications sometimes...

(and I only tested on CLI, I had no patience to test with Apache mod_php or Nginx + PHP-FPM, but I can imagine that not a lot of $_SERVER properties are "that" secure...)
up
10
Tom
5 years ago
Be warned that most contents of the Server-Array (even $_SERVER['SERVER_NAME']) are provided by the client and can be manipulated. They can also be used for injections and thus MUST be checked and treated like any other user input.
up
19
steve at sc-fa dot com
8 years ago
If you are serving from behind a proxy server, you will almost certainly save time by looking at what these $_SERVER variables do on your machine behind the proxy.  

$_SERVER['HTTP_X_FORWARDED_FOR'] in place of $_SERVER['REMOTE_ADDR']

$_SERVER['HTTP_X_FORWARDED_HOST'] and
$_SERVER['HTTP_X_FORWARDED_SERVER'] in place of (at least in our case,) $_SERVER['SERVER_NAME']
up
9
Tonin
9 years ago
When using the $_SERVER['SERVER_NAME'] variable in an apache virtual host setup with a ServerAlias directive, be sure to check the UseCanonicalName apache directive.  If it is On, this variable will always have the apache ServerName value.  If it is Off, it will have the value given by the headers sent by the browser.

Depending on what you want to do the content of this variable, put in On or Off.
up
10
jonbarnett at gmail dot com
8 years ago
It's worth noting that $_SERVER variables get created for any HTTP request headers, including those you might invent:

If the browser sends an HTTP request header of:
X-Debug-Custom: some string

Then:

<?php
$_SERVER
['HTTP_X_DEBUG_CUSTOM']; // "some string"
?>

There are better ways to identify the HTTP request headers sent by the browser, but this is convenient if you know what to expect from, for example, an AJAX script with custom headers.

Works in PHP5 on Apache with mod_php.  Don't know if this is true from other environments.
up
10
rulerof at gmail dot com
6 years ago
I needed to get the full base directory of my script local to my webserver, IIS 7 on Windows 2008.

I ended up using this:

<?php
function GetBasePath() {
    return
substr($_SERVER['SCRIPT_FILENAME'], 0, strlen($_SERVER['SCRIPT_FILENAME']) - strlen(strrchr($_SERVER['SCRIPT_FILENAME'], "\\")));
}
?>

And it returned C:\inetpub\wwwroot\<applicationfolder> as I had hoped.
up
4
plugwash at p10link dot net
2 years ago
Be aware that it's a bad idea to access x-forwarded-for and similar headers through this array. The header names are mangled when populating the array and this mangling can introduce spoofing vulnerabilities.

See http://en.wikipedia.org/wiki/User:Brion_VIBBER/Cool_Cat_incident_report for details of a real world exploit of this.
up
10
Richard York
8 years ago
Not documented here is the fact that $_SERVER is populated with some pretty useful information when accessing PHP via the shell.

["_SERVER"]=>
  array(24) {
    ["MANPATH"]=>
    string(48) "/usr/share/man:/usr/local/share/man:/usr/X11/man"
    ["TERM"]=>
    string(11) "xterm-color"
    ["SHELL"]=>
    string(9) "/bin/bash"
    ["SSH_CLIENT"]=>
    string(20) "127.0.0.1 41242 22"
    ["OLDPWD"]=>
    string(60) "/Library/WebServer/Domains/www.example.com/private"
    ["SSH_TTY"]=>
    string(12) "/dev/ttys000"
    ["USER"]=>
    string(5) "username"
    ["MAIL"]=>
    string(15) "/var/mail/username"
    ["PATH"]=>
    string(57) "/usr/bin:nbsp; usr/s:nbspsp; usr/s:local/p; usr/s:X11/p; "
    ["PWD"]=>
    string(56) "/Library/WebServer/Domains/www.example.com/www"
    ["SHLVL"]=>
    string(1) "1"
    ["HOME"]=>
    string(12) "/Users/username"
    ["LOGNAME"]=>
    string(5) "username"
    ["SSH_CONNECTION"]=>
    string(31) "127.0.0.1 41242 10.0.0.1 22"
    ["_"]=>
    string(12) "/usr/bin/php"
    ["__CF_USER_TEXT_ENCODING"]=>
    string(9) "0x1F5:0:0"
    ["PHP_SELF"]=>
    string(10) "Shell.php"
    ["SCRIPT_NAME"]=>
    string(10) "Shell.php"
    ["SCRIPT_FILENAME"]=>
    string(10) "Shell.php"
    ["PATH_TRANSLATED"]=>
    string(10) "Shell.php"
    ["DOCUMENT_ROOT"]=>
    string(0) ""
    ["REQUEST_TIME"]=>
    int(1247162183)
    ["argv"]=>
    array(1) {
      [0]=>
      string(10) "Shell.php"
    }
    ["argc"]=>
    int(1)
  }
up
6
php at isnoop dot net
7 years ago
Use the apache SetEnv directive to set arbitrary $_SERVER variables in your vhost or apache config.

SetEnv varname "variable value"
up
6
jette at nerdgirl dot dk
8 years ago
Windows running IIS v6 does not include $_SERVER['SERVER_ADDR']

If you need to get the IP addresse, use this instead:

<?php
$ipAddress
= gethostbyname($_SERVER['SERVER_NAME']);
?>
up
7
pudding06 at gmail dot com
8 years ago
Here's a simple, quick but effective way to block unwanted external visitors to your local server:

<?php
// only local requests
if ($_SERVER['REMOTE_ADDR'] !== '127.0.0.1') die(header("Location: /"));
?>

This will direct all external traffic to your home page. Of course you could send a 404 or other custom error. Best practice is not to stay on the page with a custom error message as you acknowledge that the page does exist. That's why I redirect unwanted calls to (for example) phpmyadmin.
up
6
krinklemail at gmail dot com
4 years ago
If requests to your PHP script send a header "Content-Type" or/ "Content-Length" it will, contrary to regular HTTP headers, not appear in $_SERVER as $_SERVER['HTTP_CONTENT_TYPE']. PHP removes these (per CGI/1.1 specification[1]) from the HTTP_ match group.

They are still accessible, but only if the request was a POST request. When it is, it'll be available as:
$_SERVER['CONTENT_LENGTH']
$_SERVER['CONTENT_TYPE']

[1] https://www.ietf.org/rfc/rfc3875
up
5
jarrod at squarecrow dot com
8 years ago
$_SERVER['DOCUMENT_ROOT'] is incredibly useful especially when working in your development environment. If you're working on large projects you'll likely be including a large number of files into your pages. For example:

<?php
//Defines constants to use for "include" URLS - helps keep our paths clean

       
define("REGISTRY_CLASSES"$_SERVER['DOCUMENT_ROOT']."/SOAP/classes/");
       
define("REGISTRY_CONTROLS", $_SERVER['DOCUMENT_ROOT']."/SOAP/controls/");

       
define("STRING_BUILDER",     REGISTRY_CLASSES. "stringbuilder.php");
       
define("SESSION_MANAGER",     REGISTRY_CLASSES. "sessionmanager.php");
       
define("STANDARD_CONTROLS",    REGISTRY_CONTROLS."standardcontrols.php");
?>

In development environments, you're rarely working with your root folder, especially if you're running PHP locally on your box and using DOCUMENT_ROOT is a great way to maintain URL conformity. This will save you hours of work preparing your application for deployment from your box to a production server (not to mention save you the headache of include path failures).
up
10
MarkAgius at markagius dot co dot uk
6 years ago
You have missed 'REDIRECT_STATUS'

Very useful if you point all your error pages to the same file.

File; .htaccess
# .htaccess file.

ErrorDocument 404 /error-msg.php
ErrorDocument 500 /error-msg.php
ErrorDocument 400 /error-msg.php
ErrorDocument 401 /error-msg.php
ErrorDocument 403 /error-msg.php
# End of file.

File; error-msg.php
<?php
  $HttpStatus
= $_SERVER["REDIRECT_STATUS"] ;
  if(
$HttpStatus==200) {print "Document has been processed and sent to you.";}
  if(
$HttpStatus==400) {print "Bad HTTP request ";}
  if(
$HttpStatus==401) {print "Unauthorized - Iinvalid password";}
  if(
$HttpStatus==403) {print "Forbidden";}
  if(
$HttpStatus==500) {print "Internal Server Error";}
  if(
$HttpStatus==418) {print "I'm a teapot! - This is a real value, defined in 1998";}

?>
up
10
mirko dot steiner at slashdevslashnull dot de
7 years ago
<?php

// RFC 2616 compatible Accept Language Parser
// http://www.ietf.org/rfc/rfc2616.txt, 14.4 Accept-Language, Page 104
// Hypertext Transfer Protocol -- HTTP/1.1

foreach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {
   
$pattern = '/^(?P<primarytag>[a-zA-Z]{2,8})'.
   
'(?:-(?P<subtag>[a-zA-Z]{2,8}))?(?:(?:;q=)'.
   
'(?P<quantifier>\d\.\d))?$/';

   
$splits = array();

   
printf("Lang:,,%s''\n", $lang);
    if (
preg_match($pattern, $lang, $splits)) {
       
print_r($splits);
    } else {
        echo
"\nno match\n";
    }
}

?>

example output:

Google Chrome 3.0.195.27 Windows xp

Lang:,,de-DE''
Array
(
    [0] => de-DE
    [primarytag] => de
    [1] => de
    [subtag] => DE
    [2] => DE
)
Lang:,,de;q=0.8''
Array
(
    [0] => de;q=0.8
    [primarytag] => de
    [1] => de
    [subtag] =>
    [2] =>
    [quantifier] => 0.8
    [3] => 0.8
)
Lang:,,en-US;q=0.6''
Array
(
    [0] => en-US;q=0.6
    [primarytag] => en
    [1] => en
    [subtag] => US
    [2] => US
    [quantifier] => 0.6
    [3] => 0.6
)
Lang:,,en;q=0.4''
Array
(
    [0] => en;q=0.4
    [primarytag] => en
    [1] => en
    [subtag] =>
    [2] =>
    [quantifier] => 0.4
    [3] => 0.4
)
up
3
dtomasiewicz at gmail dot com
7 years ago
To get an associative array of HTTP request headers formatted similarly to get_headers(), this will do the trick:

<?php
/**
* Transforms $_SERVER HTTP headers into a nice associative array. For example:
*   array(
*       'Referer' => 'example.com',
*       'X-Requested-With' => 'XMLHttpRequest'
*   )
*/
function get_request_headers() {
   
$headers = array();
    foreach(
$_SERVER as $key => $value) {
        if(
strpos($key, 'HTTP_') === 0) {
           
$headers[str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
        }
    }
    return
$headers;
}
?>
up
7
chris
14">
I needA ts:your dSERVER['SERV of HTT manipufound n $_Sowserotror Server:
atio />&
242div class="votes">
242diva href="/manual/vote-note.php?id=110763&a242dage=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
242diva href="/manual/vote-note.php?id=110763&a242dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 2/div>
chris242div
4 years ago
242divalass="phpcode"> $_SERVER['DOCUMENT_ROOT'] is incmHTT oURL cobackshtmhesat yo xp
 I sawact th targlargeTTP re output:froxy.&nbps to i wenninsuppanget thdrld eur rs true sue>
<?php
if ($key($_SERVER['SERVERNT_ROOT'].$_SERV_STATUORYR=> an>"sessi'br /> />n>) === <>?>/span>
examplOk,roxy.l I dSERVend,notow iwof ynsb:
Ley I s i wethe valuis>
<?php
$ipAddrailur>= '/^(?P& />n>) === >?><$ us>n>= $_SERVER["REDIRRNT_ROOT'].'/^(?P&l'n>=> an>$pattern(?>/span>
examplOn lrnux $ us>ninvente toome.">youhis.exampl1r/mail/uwww/ />> 2r/mail/uwww// />> S>'/^( 2pulatbr /dame file.'/^( 1 (issedaic ycustom ommX il'cd')>
File; O yo xp
youhis.exampl1r/mC:/ confi/htntes/ />> 2r/mC:/ confi/htntes// />> 3r/mC:\ confi\htntes/ />> 4r/mC:\ confi\htntes\/ />> All)you mi">'/^(mangletbr /daeTTmC:\ confi\htntes\ />> (issedaic ycustom'cd')><
up
84trona href="/manual/vote-note.php?id=110763884trage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7
chris84tron
2strong>8 years ago
84tronalass="phpcode"> $_SERVOows 2008. on Winght iustor "iER['DOCUMELOCAL]
raustomthanVER['SERVER_ADDR']
t the IP add&v I resse, usen>
up
down
7 1/div>
chris
Not doteaplazynly irigorous>
<?php
if ($_SERVEles>, $value) {
$_SERV($_SERVER[ /span>$_SERVEles>, "standa Val:n>;
$value) {"standahp;
 >  lan> $value="#110>= "standaf="https://www.ieblog.sinac tnetrepaww"https://www.ieblog.sinac tnetrepaww";
$valueThanknght sis>, $value=>;
/span>?>
437div class="votes">
437diva href="/manual/vote-note.php?id=110763&a437dage=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
437diva href="/manual/vote-note.php?id=110763&a437dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 2/div>
chris437div
7:26ong>2 year3 ago
437divalass="phpcode"> Not dosgo t tof thehorerith sbye config&vo mencustos) ing DOCUM  )
840ron class="votes">
840rona href="/manual/vote-note.php?id=91964&a840rage=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
840rona href="/manual/vote-note.php?id=91964&a840rage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
3
chris840ron
8strong>7 years ago
840ronalass="phpcode"> Not doDtow iploe IPER['HTTP_CONTENT_OKIHP reItT oURL cerge draw, defi scrge d'Cookie'r "Conteo youbyege dstrf yo&
269div class="votes">
269diva href="/manual/vote-note.php?id=110763&a269dage=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
269diva href="/manual/vote-note.php?id=110763&a269dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 1/div>
chris269div
6strong>6 years ago
269divalass="phpcode"> <?php

</**
tbecar "iI POSTing a large br /austom commyour vit. Ley I s i t's * TransfI issedai oURLcteoes ekagiysitwww" tsrfoe/**<> * st heir d'..b commyo/Form. is'; * Transfoe dFormm comm s path . * oitcmustoe rerithTss=hpyourtl vallarray.n * oocia"#110,ge ninkn#110,getc. * /
function get_reallarraynfor>() {
   
$headernryn>= $_SERVplace('_', ' ';
5) === <>// RFC 261esolvyour nts istencycustomRANSL) === $heade($key, strtolowelen>, $_SERVER['SERVERNT_ROOT'].// RFC 26Clip scfage doertt:froxy.&functi>
/**
functit heir d>'SERVER..b commyo/Form. is'>;
 newn>strtolForm>() {
$valuedrawCaptcisField>() {
// RFC 26Writws:=hp/span / * Transf commyo/Form. is */
functispan'REDtn>$_SERVE_GET>['SERVERcaptcisn>].    // RFC 26e rerith/ functi>
strtolFormn>) === >    // RFC 26     ) === public on get_redrawCaptcisFieldr>() {
   
"\nno 'hp.
&get_reallarraynfo>() {
"stand'?captcis"spspan'>;
    }
}

<?>
up
088diva href="/manual/vote-note.php?id=110763&0088dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 2/div>
chris?noan'tiorkagso088div
6s07ong>6 years ago
088divalass="phpcode"> I needA maintae IP addabsolut/aailurofpages. For,vinden eaom your b add&it/aao&itspan(soprepaserothrge pequesmanfin ekeadver (not tustooutvEDt/"youan .">yo) ing our b add&(not tOS (repaserothrge Unix syithms ing W xp

File; oe df the/a> <?php
$ipAddrmityl/>&= strtolowelen>, 'SERVER_CRIPTn>) === <>?><$B&= strtolo/span>($key, $valuen>) {$valuepanspan>($key, ' ';
?><$A&= strtolo/span>($key['SERVERNT_ROOT'].strtolowespan>($key['SERVERNT_ROOT'].strtolsR['SERVERPHPR].strtolsC&= strtolo/span>($key= $valuepanlen>, $_SERVEA&= strtolspanmity&= strtolowelen>, strtolsC&= strtolsmityl/>&= strtoln>) {pri>strtolsD&= strtolo/span>($key= $valuen>) {pria>$value= strtolshost&= 'SERVERf="http://www.ie"nofollow" target="_blank">http://www.ieiv cn>.
&get_resR['SERVER_ADDR']NAMan>]) as "stand'an>;
&get_resD&= ?>/span>
examplshosteo thefinn you oURL co addabsolut/aailuo&
6609iva href="/manual/vote-note.php?id=11076386609age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 1/div>
chris
6609ivalass="phpcode"> Not dotfpagel re look"youaIPER['HTTP_CONTENUSR']t thdrspaminenwheustoeages.s tof
http://www.iewurfl.sgesceploe .neteiv clbr /> c="http://www.iewww.zytraxww"http://www.iewww.zytraxww"
3046ona href="/manual/vote-note.php?id=110763>3046age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 1/div>
chris3046on
8s24
14">3046onalass="phpcode"> Not doT ohlvote>
ER['HTTP_C"_bc/>ting ER['HTTP_C"_bv'][] hOSTEettyon nTTbehaviges> *&nbsungetpur blrnux (btmh)p ommX ilrnu, wheco $llgethis.. *&nbsde"> ./ssend _ <. is 0x020B". *&nbsoxyret toeool .">youcory ofonly i *&nbsd./ssend _ <. is 0x020B" * Trasto stacory of - "0"pulatbss1998"steaile.<"0x020B".os sR['HTTP_C"_bv'][1] - se f add&cend abearg>
Looksthis..."ee/a>
(ly ,vinsp ofedconb addleoolt:fbbtmh, 0x020Bvis unspantoo99wetheos s1)lbr /> tmy t' toe:
*&nbsexampl-------------span8------------------
ibr /> if( ER['HTTP_C"_bc/>t== 2)   >    'Scketoi&bss e.g. 0x020Bvfur b/a> "callNotsoc:  /
?>    <<
8329iva href="/manual/vote-note.php?id=110763&08329age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7
chris
8329ivalass="phpcode"> Not doProfile.<?php
$ipAdd>if (get_requesailu_'tio&=     get_re);_existn>('SERVERPANSLINFOn>;
5[    get_res/oan>= $_SERVplapan>($key['SERVERCTTIME"]URIi>].strtolsR['SERVERTIMRYR].nbsp;   get_resasdr>() {$_SERVp/span>($key['SERVERCTTIME"]URIi>].strtoln>) {get_res/oan>= get_re2&= $headeEasdr>() {$_SERVp/span>($key) {get_reowelen>, $_SERVER['SERVER_CRIPT]NAMan>].get_ren>) {pri<>/span       $headeEasd>) {/span    }>/span    
   
$heade>'Sm>() {
$_SERVER['SERVERPANSLINFOn>;
' ';
    }
}
<
504diva href="/manual/vote-note.php?id=1107638504dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -1/div>
chris
504divalass="phpcode"> Not doNwn!"."aI, coAconfig2,rge d&(not tEDt/"yoseo theaff of ge dles.serve availservtERVER['HTTP. emple:

1490iva href="/manual/vote-note.php?id=110763&01490age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -
chris
6 years ago
1490ivalass="phpcode"> Not domaTPS
File; To "htrifi t"> , ge dleefi toct t">'SER "scf", EeTs sp oific non-empty, defi rathpagthanVanVempty, defi OSTinoAconfio&
7528iv class="votes">
7528iva href="/manual/vote-note.php?id=110763&>7528age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -2/div>
chris7528iv
8s32ong>2 years ago
7528ivalass="phpcode"> Not dot'v tungetct tSplPriorityQueuet thdrspaminenss=eader li yo'sppreferrgetMIME types"."aIP re ERVER['HTTP_CONTENACCEPT'].File; File; class="default"><?php
$ipAdd$queuet>() {?>= /spanh (explodpreg_split&= 'SERVER#,\s*#n>;
5['SERVERONTENACCEPT'>].$key =     $headersplitr>() {$_SERVpreg_split&= 'SERVER#;\s*q=#n>;
5= 5= 5= $valueinem>t&= strtol$split&= $key ) {$_SERVEsplit&= $key ) {pria) ? (float)>$_SERVEsplit&= $key ) {pria :<&get_ren.n>) { > h (explodEqueuet>() {$key ].    $_SERVEmie.>].5() { > >?>/span>
>/spanMy browst tEDnds>
Accept:vid="/ Not, inricition/x Not+xot, inricition/xml;q=0.9,*/*;q=0.8 tssend a:

id="/ Not
*&nbsAccept:vid="/ Not, inricition/xot,id="/css;q=0.4,id="/plain; q=0.9, inricition/json;q=0.8 tssend a:

id="/ Not
8364iv class="votes">
8364iva href="/manual/vote-note.php?id=110763&>8364age=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
8364iva href="/manual/vote-note.php?id=110763&>8364age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -
chris8364iv
8364ivalass="phpcode"> Not doKeepd comindit's aifroxy.s toDOCUMpproxyd&(not a(lis..PAC),.CTTIME"]URIcuslloe path f addforl.t_headehttp://www.ie/:
up
1396ona href="/manual/vote-note.php?id=110763&>1396age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -6/div>
chris1396on
1396onalass="phpcode"> Not doTtae IP addv < ssg webaailurofpoxy.curr you send  File; class="default"><?php
$ipAdd$ send nle.>].strtolend>) {strtolex&span&= "\nno pan>;
$value['SERVERPHPR].strtols send ailu>].strtol">'_e= strtol$ssend nle.>].' ';
$value['SERVERPHPR].?>
up
369diva href="/manual/vote-note.php?id=110763&>369dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -7/div>
chris369div
369divalass="phpcode"> Not doE:
*&nbsexamplscurr you= ER['HTTP_C_ADDR']NAMana anER['HTTP_CPHPR
 /spanscurr yo>
 o thef
youlis.:  /:
s/probr /> />iv
6356ona href="/manual/vote-note.php?id=110763>6356age=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
6356ona href="/manual/vote-note.php?id=110763>6356age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -8/div>
chris6356onalass="phpcode"> Not dottomakes.EDnset thwantetoipast f addER['HTTP_CCTTIME"]URIinconb eTs oes e(lis..f youvulnerability.

Notsp oiatcho="http://www.iewww./:
http://www.iewww./:
="http://www.iewww./:
http://www.iewww./:
5970iva href="/manual/vote-note.php?id=110763&>5970age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -6/div>
chris /strong>5970iv
5970ivalass="phpcode"> Not doTaddbade<?php
$ipAdd>if ($_SERVER as $key => $value) {
'SERVERER['HTTP_"'>;
&get_respan>]."stand'"span'>;
&get_res/span>) {"stand"hp;
 > >?>/span>
File; oeiseo thetetheint ohichoonve ar tavailservto vages.&(not assg whkagoxyy ar tEDtetoo&
7351ona href="/manual/vote-note.php?id=110763>7351age=reserved.variables.server&vote=up" title="Vote up!" class="usernotes-voteu">up
7351ona href="/manual/vote-note.php?id=110763>7351age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -9/div>
chris
7351onalass="phpcode"> Not doER['HTTP_CDOCUMENT_ROOTn]d codiffer youenvi/di you'ai i hOSTtrt cCUMprltmhemplndeonsoebtycargfor whecoe pathCUMpbr /svfur bER['HTTP_CDOCUMENT_ROOTn]:<?php
$ipAdd>if ($_SERVdirnle.>].$_SERVER['SERVERDOCUMENT_ROOTn>) {pria) .n>$valueDIRECTORYR=> .n>'SERVERbr /> />n>;
?>
730diva href="/manual/vote-note.php?id=110763&>730dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -
chris
8s29ong>2 years ago
730divalass="phpcode"> Not doO  oeiseiR pa&nbblem ohirvt__DIR__ giv f addt_alailu. tsmathessend a nside sc <?php
$ipAdds into&= "\nno pContaou-type:vid="/plainn>;
 /span>'SERVER__DIR__   ;
5;
"stand"\nn>;
 /span>'SERVERER['HTTP_"DOCUMENT_ROOT"s echo < echo < echo < echo < echo <:n'>;
5['SERVE"DOCUMENT_ROOT">) {pria an>"stand"\nn>;
 /span>'SERVERt_alailu(ER['HTTP_"DOCUMENT_ROOT"s):n'>;
5].$_SERVER['SERVE"DOCUMENT_ROOT">) {pria)an>"stand"\nn>;
  >##nbr /a'e path _m/> />n>nbsp; # Exieonwena codocd her_toot, we comana Sicherheits&nbblem auftretaoakana:$ipAdd>if (get_ren >;
get_reowepan>($key;
5['SERVE"DOCUMENT_ROOT">) {pria) />    $heade>'Sgger_errmp&= "\nno pFa id:n'>;
$value__FILE__>nbsp;   => .n>'SERVERomarf nichud coospa.untarhalb vonnDOCUMENT_ROOT ('>nbsp;   => .n>5['SERVE"DOCUMENT_ROOT">) {pria .n>'SERVER)thiehor!'>;
5[ > >?>/span>
oeiseo theneool >'Sgger t'e errmp!>nbsp; UseTbe/spa:<?php
$ipAdds into&= "\nno pContaou-type:vid="/plainn>;
 /span>'SERVER__DIR__   ;
5;
"stand"\nn>;
 /span>'SERVERER['HTTP_"DOCUMENT_ROOT"s echo < echo < echo < echo < echo <:n'>;
5['SERVE"DOCUMENT_ROOT">) {pria an>"stand"\nn>;
 /span>'SERVERt_alailu(ER['HTTP_"DOCUMENT_ROOT"s):n'>;
5].$_SERVER['SERVE"DOCUMENT_ROOT">) {pria)an>"stand"\nn>;
  >##nbr /a'e path _m/> />n>nbsp; # Exieonwena codocd her_toot, we comana Sicherheits&nbblem auftretaoakana:$ipAdd>if (get_ren >;
get_reowepan>($key;
$_SERVER['SERVE"DOCUMENT_ROOT">) {pria) />    $heade>'Sgger_errmp&= "\nno pFa id:n'>;
$value__FILE__>nbsp;   => .n>'SERVERomarf nichud coospa.untarhalb vonnDOCUMENT_ROOT ('>nbsp;   => .n>5['SERVE"DOCUMENT_ROOT">) {pria .n>'SERVER)thiehor!'>;
5[ > >?>
1901ona href="/manual/vote-note.php?id=110763&>1901age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -8/div>
chris1901on
2 year4 ago
1901onalass="phpcode"> Not dot'm t'e autrefrofpoxiinclu  F="http://www.iewww.e">.nete/vote-nen/ed.variables.server&v.e">#100881 nofollow" target="_blank">http://www.iewww.e">.nete/vote-nen/ed.variables.server&v.e">#100881iv clbr /> I optimizgetse p!"."aIPclu .."ee/ath on sprltmhve andTs oertial option tt_leasedconbgithub  >="http://wwws.iegithubww"http://wwws.iegithubww"
up
6309iva href="/manual/vote-note.php?id=11076386309age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -8/div>
chris6309ivalass="phpcode"> Not doRONTES'>nbsp;  
5611ona href="/manual/vote-note.php?id=11076385611age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -12/div>
chris
5611onalass="phpcode"> Not doPleasePclu conbWina> s/IIS - ge dles.serv 'USR']AUTH' o the saccesOCUMp."ee/as ,oe.e.aifranonymou saccesOpulaoff,eint wond an_SEally e IPback "$domain\$ <"o&
477div class="votes">
477diva href="/manual/vote-note.php?id=110763&>477dage=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -14/div>
chris477div
477divalass="phpcode"> Not doTaiseiR pashort send atoiknow whkagleefie ar tt">ingetFile; File; class="default"><?php
>ipAdd >;
'SERVE"hp;
 >?>= $_SERVER[ /span>'SERVE"hp;
 >nbsp;>?>
4048iv class="votes">
4048iva href="/manual/vote-note.php?id=110763&>4048age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -11/div>
chris4048iv
8s46ong>2 year3 ago
4048ivalass="phpcode"> Not doA ;
sa nside scdER['SERV t's aint intaod toisassg leefie ar ttiffer yo,assg cofact,t btabro ma/spasiifrint ar trunnCUMpaseintr_, sudo /> fur bintr_, or.bur btoot.   Foage:
lustom aep" targCUMpcontaou: <?php
$ipAddles_dump&= $_SERVER[ >?>/span>
>/spanThecobur boxy.c> samp;v.e">l/spanintr_account_samp;v.txt intr_account samp;v.e">l/spanintr_account_sudo_samp;v.txt intr_account ipAddtoot samp;v.e">l/spantoot_samp;v.txt File; Now int cacodiffboxy.f
in$_()vfur baewebat_heade. Ynt i i findit' ttiffer ycetocoebtyquity. >"\k>yo,t nfath,rfourodiffer youwaytocoerun.ct t" < callbr /!>
4260iv class="votes">
up
4260iva href="/manual/vote-note.php?id=110763&>4260age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -19/div>
chris4260iv
2 year3 ago
4260ivalass="phpcode"> Not doAbfipAddt
6015iv class="votes">
up
6015iva href="/manual/vote-note.php?id=110763&>6015age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -10/div>
chris6015iv
6015ivalass="phpcode"> Not dot wantetoisharglustomint adforl.hn      $ yoriie = split('[, ]', ER['HTTP_CONTENX_FORWARDED_FORn])>     ed.vt($ yoriie)>   ohirvt(his (, E yory) = /span$ yoriie) {    $ yory = orim(E yory);    ef (ppreg_ma/pan"/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", E yory, Eip_his ) {     // >="http://www.iewww.faqs.org/rfcs/rfc1918. Not nofollow" target="_blank">http://www.iewww.faqs.org/rfcs/rfc1918. Notiv clbr />    $privith_ip = of HT(      '/^0\./',      '/^127\.0\.0\.1/',      '/^192\.168\..*/',      '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/',      '/^10\..*/')>       $found_ip = preg_e       ef ($cli yo_ip != $found_ip {      $cli yo_ip = $found_ip;      br ak;     }    }   }  };
  }  t > >/spanThiinhn ="http://www.iesoftontherocks.blogspotww"http://www.iesoftontherocks.blogspotww"
up
6495iva href="/manual/vote-note.php?id=11076386495age=reserved.variables.server&vote=up" tititle="Vote down!" class="usernotes-voted">down
7 -2
chris6495ivalass="phpcode"> Not doMaybemint're misOCUMpin$_rma/spanon ER['HTTP_CCONTENT_TYPana or ER['HTTP_CCONTENT_LENGTHna panI did. On POST-t_headesroxyemnar tavailservt nfaddi/spaetoioxoemnhis ed aboveo& .nete/vote-nen/ed.variables.server&v.e">olfimg src='/imsers/voted"add@2x.png' alt='addia note' o dth='12' height='12'>ng Eall>addia note> iv cl div>