How can I get the MAC and the IP address of a connected client in PHP?

I need to know the MAC and the IP address of the connect clients, how can I do this in PHP?

Server IP

You can get the server IP address from $_SERVER['SERVER_ADDR'].

Server MAC address

For the MAC address, you could parse the output of netstat -ie in Linux, or ipconfig /all in Windows.

Client IP address

You can get the client IP from $_SERVER['REMOTE_ADDR']

Client MAC address

The client MAC address will not be available to you except in one special circumstance: if the client is on the same ethernet segment as the server.

So, if you are building some kind of LAN based system and your clients are on the same ethernet segment, then you could get the MAC address by parsing the output of arp -n (linux) or arp -a (windows).

Edit: you ask in comments how to get the output of an external command - one way is to use backticks, e.g.

$ipAddress=$_SERVER['REMOTE_ADDR'];
$macAddr=false;

#run the external command, break output into lines
$arp=`arp -a $ipAddress`;
$lines=explode("\n", $arp);

#look for the output line describing our IP address
foreach($lines as $line)
{
   $cols=preg_split('/\s+/', trim($line));
   if ($cols[0]==$ipAddress)
   {
       $macAddr=$cols[1];
   }
}

But what if the client isn't on a LAN?

Well, you're out of luck unless you can have the client volunteer that information and transmit via other means.

The MAC address of a client (in the sense of the computer that issued the HTTP request) is overwritten by every router between the client and the server.

Client IP is conveniently provided to the script in $_SERVER['REMOTE_ADDR']. In some scenarios, particularly if your web server is behind a proxy (i.e. a caching proxy) $_SERVER['REMOTE ADDR'] will return the IP of the proxy, and there will be an extra value, often $_SERVER['HTTP_X_FORWARDED_FOR'], that contains the IP of the original request client.

Sometimes, particularly when you're dealing with an anonymizing proxy that you don't control, the proxy won't return the real IP address, and all you can hope for is the IP address of the proxy.

I don't think you can get MAC address in PHP, but you can get IP from $_SERVER['REMOTE_ADDR'] variable.

For windows server I think u can use this:

<?php
echo exec('getmac');
?>

All you need to do is to put arp into diferrent group.

Default:

-rwxr-xr-x 1 root root 48K 2008-11-11 18:11 /usr/sbin/arp*

With command:

sudo chown root:www-data /usr/sbin/arp

you will get:

-rwxr-xr-x 1 root www-data 48K 2008-11-11 18:11 /usr/sbin/arp*

And because apache is a daemon running under the user www-data, it's now able to execute this command.

So if you now use a PHP script, e.g.:

<?php
$mac = system('arp -an');
echo $mac;
?>

you will get the output of linux arp -an command.

You can get MAC Address or Physical Address using this code

$d = explode('Physical Address. . . . . . . . .',shell_exec ("ipconfig/all"));  
$d1 = explode(':',$d[1]);  
$d2 = explode(' ',$d1[1]);  
return $d2[1];

I used explode many time because shell_exec ("ipconfig/all") return complete detail of all network. so you have to split one by one. when you run this code then you will get
your MAC Address 00-##-##-CV-12 //this is fake address for show only.

Use this class (https://github.com/BlakeGardner/php-mac-address)

This is a PHP class for MAC address manipulation on top of Unix, Linux and Mac OS X operating systems. it was primarily written to help with spoofing for wireless security audits.

In windows, If the user is using your script locally, it will be very simple :

<?php
// get all the informations about the client's network
 $ipconfig =   shell_exec ("ipconfig/all"));  
 // display those informations   
 echo $ipconfig;
/*  
  look for the value of "physical adress"  and use substr() function to 
  retrieve the adress from this long string.
  here in my case i'm using a french cmd.
  you can change the numbers according adress mac position in the string.
*/
 echo   substr(shell_exec ("ipconfig/all"),1821,18); 
?>

You can use the following solution to solve your problem:

$mac='UNKNOWN';
foreach(explode("\n",str_replace(' ','',trim(`getmac`,"\n"))) as $i)
if(strpos($i,'Tcpip')>-1){$mac=substr($i,0,17);break;}
echo $mac;

Perhaps getting the Mac address is not the best approach for verifying a client's machine over the internet. Consider using a token instead which is stored in the client's browser by an administrator's login.

Therefore the client can only have this token if the administrator grants it to them through their browser. If the token is not present or valid then the client's machine is invalid.

too late to answer but here is my approach since no one mentioned this here:
why not a client side solution ?
a javascript implementation to store the mac in a cookie (you can encrypt it before that)
then each request must include that cookie name, else it will be rejected.
to make this even more fun you can make a server side verification
from the mac address you get the manifacturer (there are plenty of free APIs for this)
then compare it with the user_agent value to see if there was some sort of manipulation:
a mac address of HP + a user agent of Safari = reject request.

// Turn on output buffering  
ob_start();  

//Get the ipconfig details using system commond  
system('ipconfig /all');  

// Capture the output into a variable  
$mycomsys=ob_get_contents();  

// Clean (erase) the output buffer  
ob_clean();  

$find_mac = "Physical"; 
//find the "Physical" & Find the position of Physical text  
   
$pmac = strpos($mycomsys, $find_mac);  
// Get Physical Address  
   
$macaddress=substr($mycomsys,($pmac+36),17);  
//Display Mac Address  
   
echo $macaddress;  

This works for me on Windows, as ipconfig /all is Windows system command.

We can get MAC address in Ubuntu by this ways in php

$ipconfig =   shell_exec ("ifconfig -a | grep -Po 'HWaddr \K.*$'");  
    // display mac address   
 echo $ipconfig;

Getting MAC Address Using PHP: (Tested in Ubuntu 18.04) - 2020 Update

Here's the Code:

<?php
    $mac = shell_exec("ip link | awk '{print $2}'");
    preg_match_all('/([a-z0-9]+):\s+((?:[0-9a-f]{2}:){5}[0-9a-f]{2})/i', $mac, $matches);
    $output = array_combine($matches[1], $matches[2]);
    $mac_address_values =  json_encode($output, JSON_PRETTY_PRINT);   
    echo $mac_address_values
?>

Output:

{
    "lo": "00:00:00:00:00:00",
    "enp0s25": "00:21:cc:d4:2a:23",
    "wlp3s0": "84:3a:4b:03:3c:3a",
    "wwp0s20u4": "7a:e3:2a:de:66:09"
}

This one works for me:

<?php
  
// PHP code to get the MAC address of Server
$MAC = exec('getmac');
  
// Storing 'getmac' value in $MAC
$MAC = strtok($MAC, ' ');
  
// Updating $MAC value using strtok function, 
// strtok is used to split the string into tokens
// split character of strtok is defined as a space
// because getmac returns transport name after
// MAC address   
echo "MAC address of Server is: $MAC";
?>

Source: https://www.geeksforgeeks.org/how-to-get-the-mac-and-ip-address-of-a-connected-client-in-php/

under linux using iptables you can log to a file each request to web server with mac address and ip. from php lookup last item with ip address and get mac address.

As stated remember that the mac address is from last router on the trace.

You can do this easily using openWRT. If yo use a captive portal you can mix php and openWRT and make a relation between the IP and the mac.

You can write a simple PHP code using:

 $localIP = getHostByName(getHostName()); 

Later, using openWRT you can go to /tmp/dhcp.leases, you will get something with the form:

 e4:a7:a0:29:xx:xx 10.239.3.XXX DESKTOP-XXX 

There, you have the mac, the IP address and the hostname.