The simplest answer is $_SERVER["REMOTE_ADDR"] . It is usually considered quite safe.
However, if you provide access to command line commands through your script, this may not be enough. It may be possible to send a request to your script from outside through IP-spoofing. This may be enough to invoke a destructive command, although IP-spoofing usually means that an attacker will not receive a response. (This is a very esoteric scenario, and I know a little more about it than is possible.)
What can you do:
Instead of checking the IP address inside PHP, make sure that the page cannot be accessed from the outside using more stringent means, for example, by installing a hardware or software firewall that prevents any external access or configures the web server to listen only for local requests .
Instead of checking IP from PHP, secure the page using some password authentication.
Talk to a security expert (possibly at http://security.stackexchange.com ), explain your network setup and ask if IP spoofing is possible in your specific scenario.
Make your script accessible through the CLI , the local server command line, and not the web server. Put your script outside the web server root. (This option is likely to defeat your specific goal of having an interactive shell, though)
Or you, of course, can trust that no one will ever know. If this is for a private project with a low level of risk, then thinking about IP spoofing is probably too much conceived.