In this guide you will be shown several examples on how to use from Maxmind the geoip.dat and geoip.inc file with PHP.
So first before you begin you must go to Maxmind.com and get the appropriate PHP files you will need.
Files:
- GeoIP.dat (Listed under Binary)
- geoip.inc (In the Apache directory)
- Notepad ++ (If you haven’t got a good code editor
)
A note about PHP sessions
Later in the example we will be using PHP sessions. ($_SESSION) global variables. If you are not starting a session already in your script then you will have to put
session_name("geo"); // Optional, but the default cookie name then will be PHPSESSID which is longer..
session_start();
In the start of your script.
Basic use
This example shows you the basic use of Maxmind with PHP. What will happen is that the script will get their remote IP address then feed it to geoip and then return their two letter ISO 3166-1 alpha-2 country code , For example United Kingdom will be GB , United States will be US , and Canada would be CA.
session_name("geo");
session_start();
// Load geoip.inc
include('geoip/geoip.inc');
// Open Geo IP binary data file
$gi = geoip_open('geoip/geoip.dat',GEOIP_STANDARD);
// translate their ip to a country code
$country = geoip_country_code_by_addr($gi, $addr);
// close the geo database geoip_close($gi);
// Now do stuff with $country
?>
In that example you may take $country and do anything with it in PHP that you are you trying to accomplish using the their 2 letter country code. For example if someone from Russia visited your site with that code on it. $country would be become $country = “RU”; or if a German from Germany came, it would become $country = “DE”; and so on. You could then detect their country code and change the language of the site, redirect to them another subdomain in their language, block them from your content.
Echoing back their Country using an Associative Array
In this example you could store all the ISO 3166-1 Alpha-2 codes in an Associative Array then print out their country.
session_name("geo");
session_start();
// Get their IP address
$addr = $_SERVER['REMOTE_ADDR'];
// Load geoip.inc
include('geoip/geoip.inc');
// Open Geo IP binary data file
$gi = geoip_open('geoip/geoip.dat',GEOIP_STANDARD);
// translate their ip to a country code
$country = geoip_country_code_by_addr($gi, $addr);
// close the geo database geoip_close($gi);
$iso3166 = array('US'=>'United States','DE'=>'Germany','GB'=>'United Kingdom');
echo "Your are from {$iso3166[$country]}";
?>
In that example if the person visiting was from Britain it would echo from PHP “You are from United Kingdom”. However if that is all you planing to do with it. You would be better using the Geoip function geoip_country_name_by_addr(); which will return “United Kingdom” rather then geoip_country_code_by_addr(); returning “GB”. You would also be better off saving it in a SESSION to avoid having to do a lookup on each pageview, what a waste of CPU as you can imagine.
Saving their Country name to PHP SESSION
For sake of continuity I will use in this example still the function geoip_country_code_by_addr(); and will we save their Country Code to a session cookie. Then we will program the Geoip to skip the lookup if the session is found. This requires cookies, however it degrades gracefully without them. So you will not have a infinite redirect loop in PHP happening.
session_name("geo");
session_start();
//Assume they not been checked yet
$geoSession = true;
if(isset($_SESSION['geo'])){
// They already been checked no sense to look them again. Set to false.
$geoSession = false;
}
if($geoSession != false) {
$addr = $_SERVER['REMOTE_ADDR'];
// If were here its their first visit. Check for their Geo Location.
include('geoip/geoip.inc');
// Open Geo IP binary data file
$gi = geoip_open('geoip/geoip.dat',GEOIP_STANDARD);
// translate their ip to a country code
$country = geoip_country_code_by_addr($gi, $addr);
// close the geo database
geoip_close($gi);
$iso3166 = array('US'=>'United States','DE'=>'Germany','GB'=>'Britain');
$_SESSION['geo'] = $iso3166[$country];
}
Blocking Countries with Geoip
In this example we accomplish banning a whole region from accessing your site. But also borrow the Session logic from the code above to keep them off your site without wasting your valuable CPU looking them over again if they happen to keep visiting the site.
session_name("geo");
session_start();
//Assume they not been checked yet
$geoSession = true;
if(isset($_SESSION['geo'])){
// They already been checked no sense to look them again. Set to false.
$geoSession = false;
switch($_SESSION['geo']){
case 'bad':
header("Cache-Control: no-cache");
header("Location: http://www.google.com");
exit;
break;
case 'good':
// do nothing
break;
}
}
if($geoSession != false) {
// If were here its their first visit. Check for their Geo Location.
//Grab IP
$addr = $_SERVER['REMOTE_ADDR'];
// open geoip.inc
include('geoip/geoip.inc');
// Open Geo IP binary data file
$gi = geoip_open('geoip/geoip.dat',GEOIP_STANDARD);
// translate their ip to a country code
$country = geoip_country_code_by_addr($gi,$addr);
// close the geo database
geoip_close($gi);
// Fill with two letter country code
$banned_country = array('XX','XX');
// If there from a banned country
if(in_array($country,$banned_country)) {
$_SESSION['geo'] = 'bad';
session_write_close();
header("Location: http://www.goaway.com");
// All done
exit;
}
// If there from a not banned country
if(!in_array($country, $banned_country)) {
$_SESSION['geo'] = "good";
}
}
And there you have several examples to use Maxmind’s Geoip with PHP.
Security TIP:
If your application depends on security by setting a cookie in plaintext saying “country=XX;” (Where xx is their 2 letter country code) you should think about using sessions instead of $_COOKIE as its very to easy to spoof a cookie by putting this javascript code for example in their browser url bar and setting the cookie.
.