I've looked around for an answer to this question, but the answers are always situational - so here's mine:
If a hacker is on a limited, local network, can they fake the IP in $_SERVER[‘REMOTE_ADDR’]? (and out of curiosity - how?)
I understand that when it comes to the internet, any variable such as this can be wrangled into whatever you want. But in a local, wired network that may not even be connected to the internet at all, can they fake this address? I'm assuming that Mr.MissionImpossible is crawling along the ceiling with a notebook and Ethernet cable into one of the switches. The response in this scenario won't matter - but running the PHP script should only be limited from certain location(s).
Thanks in advance!