There are many tutorial to get users IP address, for instance like this or this. The problem is that HTTP_XXX $_SERVER variables is easily spoofed. It’s not reliable because the user can fake it with a simple header addition.

The only real solution to retrieve the client IP address is using $_SERVER['REMOTE_ADDR'], unless your website is serving behind reverse proxy such as NGINX or TrafficServer, than you can safely use $_SERVER['HTTP_X_FORWARDED_FOR']