I used to use a similar hack to get around ICQ server-side verifications. Very convenient when I wanted to test alpha/beta builds that I was not invited to :-)
Indy, which ships with Delphi, has a TIdStack.ResolveHost()
function, and a separate TIdDNSResolver
component, which can both be used to get the domain's IP(s). It also has a TIdStack.LocalAddresses
property to retreive the local IPv4 addresses. Or you can just use the socket API gethostbyname()
or getaddrinfo()
functions directly, along with platform-specific APIs to enumerate the local IPs, like the GetAdaptersAddresses()
function on Windows.
However, rather than having the PHP script simply echo plain-text back to your app, a much more secure option that does not require you to verify IPs is to have your app create a dynamically generated nonce value and send it to the PHP script, then have the script process it, hash it, whatever as needed using an algorithm that only you know, and then send it back to the app. The app can perform the same algorithm and compare the results. Unless someone takes the time to reverse engineer your app, they will not be able to reproduce your algorithm or fake its results with their custom Xampp scripts.
Even better, use SSL/TLS to encrypt your connection to your domain server, and give your domain server an SSL certificate that your app can verify before it exchanges any data with your PHP script. If you do just this much, you can continue using the plain-text echo since SSL/TLS will verify you are connected to your domain for you.