I have a php based site that users log into using a username and password. They can only access the site from a certain location which I use $REMOTE_ADDR to check this as this location has a fixed IP.
I have been warned that it is easy to spoof this $REMOTE_ADDR variable, which from what I head read on various sites seems to be the case.
Has anyone got any tips that I could use to prevent a user from spoofing their IP to make the system think they are at the specific location?
Sorry, I'm waffling, how can I protect my site against spoofed $REMOTE_ADDR variables?
Thanks in advance