2
yes - but it's only as good as the information passed to you. It can be easily spoofed. Most folks who are sitting behind a corporate firewall or proxy may actually denote the IP as 192.168.x.x and I've seen 127.0.0.1 <- which is crap.
It's in the header and usually passed as HTTP_CLIENT_IP, however you have to look at HTTP_X_FORWARDED_FOR and REMOTE_ADDR to determine if you have some type of proxying going on.