Website - Restrict Login - One Machine

We have a content management solution based on php. We have restricted multiple logins using sessions management. We would however want to introduce machine based logins.

How can this be done?

Thanks in advance.
Adwait ChitaleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

geomouchetCommented:
You could create a php script to register a machine.  It would use setcookie() to save a cookie. Then when that user returns you use $_COOKIES to retrieve the cookie data.  This is how those "remember me" checkboxes work on various web sites.  Note, though that if the user changes browsers or deletes his cookies he will have to re-register that machine.
0
nanharbisonCommented:
You need to determine the IP address of the machines you want to restrict access to, and then use an if statement on the log in, for example
if ($_SERVER['REMOTE_ADDR']=='71.233.246.102')
{
   then do log in code
}

a fast way to detemine your machine IP addresses is go to those machines and go to the website:
http://whatismyipaddress.com/
0
geomouchetCommented:
Using IP address only works if you know that all your users have static IP addresses.  Most users have to pay their ISP extra for that feature.  Company networks tend not to use static IPs because it becomes an administrative headache.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

termlimitCommented:
IP Address is not reliable, but at the same time is the only method (outside of grabbing a TCP/IP packet and reading the MAC address) to identify a client.  My bank uses a method such as this.  They do it by dropping the IP into a cookie.  If a user tries to login from a machine outside of their own (Same if IP changes from ISP) they are asked to re-identify themselves.  This is done with my bank through a text message to my phone with a special code that I then enter into the website.  You could do something similar to this for your situation.
0
Adwait ChitaleyAuthor Commented:
Hello All,

Thanks for your responses till date.

I am looking forward to a more - hassle free - less administrative - machine identity based solution to identify my users through the web browser.

We cannot rely upon IP address... given the fact that IP is dynamically assigned. We were looking forward to restrict a login from one single machine only.

For this, we were contemplating a combination of solutions. For e.g... installing digital certificates on client machine + getting to know his machine's hardware part Info + Range of IP from where he's accessing ; coupled with his past logins = same customer and hence - login is permitted... kinda stuff.

How can I get to know any of his machine's info; let's say the harddisk, motherboard sr. no. etc. .from a web browser?

0
termlimitCommented:
The solution you are proposing is not going to be one that is guaranteed then.  If you allow a range of IP addresses, then technically a couple of machines could still logon.  The digital certificate is a good idea and is used in many places to verify identity.  This could be installed on multiple computers though.

Getting information about the user's computer is a bigger challenge since some users will come from Windows, Linux, Unix, Mac, or through multiple proxies.  If any of these happen most likely any software (which most likely would be done with something other than PHP) you run will break.  Possibly running a client side Java (not JavaScript) software, which can detect computer information would be a better solution than a PHP based system.  Or maybe develop the security applet in Java and have that communicate with PHP in real-time.

Remember any time you are going for absolute security it is hard to restrict access to one machine.  The bank that I have that does this sends a txt message to my phone when my IP address changes to verify me.  If you run software on the client machine it is susceptible to hacking and spoofing.  This holds true for IP verification, computer information validation, etc.

Hope this helps
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
geomouchetCommented:
For some web servers, PHP will see the client certificate in $_SERVER.  You can give it a try.  Other information about the client PC, such as CPUID, is intentionally not returned to the web server for security reasons.

If security is that much of a concern in your application, identifying the computer may not be good enough.  Many users write their userids and passwords on post-it notes stuck to their monitor, or have a list of passwords in their top desk drawer.  Anyone who can walk up to such a computer will defeat your security.

Have you considered fingerprint ID or other biometric systems?  There are fingerprint systems that would allow you to store the login data in the fingerprint ID software.

A simpler solution would be to ask a personal question that only the user would know, i.e. the name of first pet, favorite high school teacher, etc.  
0
Adwait ChitaleyAuthor Commented:
The information was pertinent. However, my requirement was not fully satisfied.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.