The $_SERVER array contains a lot of useful information from the web server
Here is a complete list of the entries in $_SERVER that come from CGI:
The name of the current script, relative to the document root
A string that identifies the server (e.g., “Apache/1.3.33 (Unix) mod_perl/1.26 PHP/ 5.0.4”)
The hostname, DNS alias, or IP address for self-referencing URLs
The version of the CGI standard being followed (e.g., “CGI/1.1”)
The name and revision of the request protocol (e.g., “HTTP/1.1”).
The server port number to which the request was sent (e.g., “80”).
The method the client used to fetch the document (e.g., “GET”)
Extra path elements given by the client (e.g., /list/users).
The value of PATH_INFO, translated by the server into a filename (e.g., /home/httpd/ htdocs/list/users).
The URL path to the current page, which is useful for self-referencing scripts (e.g., /~me/menu.php).
Everything after the ? in the URL (e.g., name=Fred+age=35).
The hostname of the machine that requested this page (e.g., “dialup-192-168-0-1.example.com (http://dialup-192-168-0-1.example.com)”). If there’s no DNS for the machine, this is blank and REMOTE_ADDR is the only information given
A string containing the IP address of the machine that requested this page (e.g., “192.168.0.250”).
If the page is password-protected, this is the authentication method used to protect the page (e.g., “basic”).
If the page is password-protected, this is the username with which the client authenticated (e.g., “fred”). Note that there’s no way to find out what password was used.
If the server is configured to use identd (RFC 931) identification checks, this is the username fetched from the host that made the web request (e.g., “barney”). Do not use this string for authentication purposes, as it is easily spoofed.
The content type of the information attached to queries such as PUT and POST (e.g., “x-url-encoded”)
The length of the information attached to queries such as PUT and POST (e.g., “3,952”)