How to get the client's IP address?

You know that. You want (or need) to log some user activity and his/her IP address is very often one of the most requested values.

The most reliable value you can get is in system variable $_SERVER['REMOTE_ADDR'].
However, the user can be behind a proxy server and it may have set the $_SERVER['HTTP_X_FORWARDED_FOR'] variable. But be aware, this value is easily spoofed!
So, if you are going to save the $_SERVER['HTTP_X_FORWARDED_FOR'], make sure you save the value from the $_SERVER['REMOTE_ADDR'] variable too.
But sometimes you can find other server variables with the IP address (e.g. from shared internet etc.). Other possibilities are: 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED', HTTP_X_FORWARDED_FOR', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED'
Anyway you should validate the IP address every time. For the validation you can use a filter_var php function.
How to get and validate user's IP? See an example of these functions:
function isValidIPAddress($ipAddress){
 if (filter_var($ipAddress, FILTER_VALIDATE_IP,
  return false;
 return true;

function getIPAddress() {
 $possibilities = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR',
                         'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP',
                         'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED',
 foreach ($possibilities as $key) {
  if (array_key_exists($key, $_SERVER) === true) {
   foreach (explode(',', $_SERVER[$key]) as $ipAddress) {
    $ipAddress = trim($ipAddress);
    if (isValidIPAddress($ipAddress)) {
     return $ipAddress;
 return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false;