How can I detect if the user is on localhost in PHP?

Question

In other words, how can I tell if the person using my web application is on the server it resides on? If I remember correctly, PHPMyAdmin does something like this for securi

Answer 1

It doesn't seem you should use $_SERVER['HTTP_HOST'], because this is the value in http header, easily faked.

You may use $_SERVER["REMOTE_ADDR"] too, this is the more secure value, but it is also possible to fake. This remote_addr is the address where Apache returns result to.