Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Website - Restrict Login - One Machine

Posted on 2009-06-27
8
Medium Priority
?
937 Views
Last Modified: 2013-12-23
We have a content management solution based on php. We have restricted multiple logins using sessions management. We would however want to introduce machine based logins.

How can this be done?

Thanks in advance.
0
Comment
Question by:Adwait Chitaley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727727
You could create a php script to register a machine.  It would use setcookie() to save a cookie. Then when that user returns you use $_COOKIES to retrieve the cookie data.  This is how those "remember me" checkboxes work on various web sites.  Note, though that if the user changes browsers or deletes his cookies he will have to re-register that machine.
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 24727729
You need to determine the IP address of the machines you want to restrict access to, and then use an if statement on the log in, for example
if ($_SERVER['REMOTE_ADDR']=='71.233.246.102')
{
   then do log in code
}

a fast way to detemine your machine IP addresses is go to those machines and go to the website:
http://whatismyipaddress.com/
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727794
Using IP address only works if you know that all your users have static IP addresses.  Most users have to pay their ISP extra for that feature.  Company networks tend not to use static IPs because it becomes an administrative headache.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 4

Expert Comment

by:termlimit
ID: 24732604
IP Address is not reliable, but at the same time is the only method (outside of grabbing a TCP/IP packet and reading the MAC address) to identify a client.  My bank uses a method such as this.  They do it by dropping the IP into a cookie.  If a user tries to login from a machine outside of their own (Same if IP changes from ISP) they are asked to re-identify themselves.  This is done with my bank through a text message to my phone with a special code that I then enter into the website.  You could do something similar to this for your situation.
0
 

Author Comment

by:Adwait Chitaley
ID: 24733863
Hello All,

Thanks for your responses till date.

I am looking forward to a more - hassle free - less administrative - machine identity based solution to identify my users through the web browser.

We cannot rely upon IP address... given the fact that IP is dynamically assigned. We were looking forward to restrict a login from one single machine only.

For this, we were contemplating a combination of solutions. For e.g... installing digital certificates on client machine + getting to know his machine's hardware part Info + Range of IP from where he's accessing ; coupled with his past logins = same customer and hence - login is permitted... kinda stuff.

How can I get to know any of his machine's info; let's say the harddisk, motherboard sr. no. etc. .from a web browser?

0
 
LVL 4

Accepted Solution

by:
termlimit earned 375 total points
ID: 24733942
The solution you are proposing is not going to be one that is guaranteed then.  If you allow a range of IP addresses, then technically a couple of machines could still logon.  The digital certificate is a good idea and is used in many places to verify identity.  This could be installed on multiple computers though.

Getting information about the user's computer is a bigger challenge since some users will come from Windows, Linux, Unix, Mac, or through multiple proxies.  If any of these happen most likely any software (which most likely would be done with something other than PHP) you run will break.  Possibly running a client side Java (not JavaScript) software, which can detect computer information would be a better solution than a PHP based system.  Or maybe develop the security applet in Java and have that communicate with PHP in real-time.

Remember any time you are going for absolute security it is hard to restrict access to one machine.  The bank that I have that does this sends a txt message to my phone when my IP address changes to verify me.  If you run software on the client machine it is susceptible to hacking and spoofing.  This holds true for IP verification, computer information validation, etc.

Hope this helps
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24740548
For some web servers, PHP will see the client certificate in $_SERVER.  You can give it a try.  Other information about the client PC, such as CPUID, is intentionally not returned to the web server for security reasons.

If security is that much of a concern in your application, identifying the computer may not be good enough.  Many users write their userids and passwords on post-it notes stuck to their monitor, or have a list of passwords in their top desk drawer.  Anyone who can walk up to such a computer will defeat your security.

Have you considered fingerprint ID or other biometric systems?  There are fingerprint systems that would allow you to store the login data in the fingerprint ID software.

A simpler solution would be to ask a personal question that only the user would know, i.e. the name of first pet, favorite high school teacher, etc.  
0
 

Author Closing Comment

by:Adwait Chitaley
ID: 31597483
The information was pertinent. However, my requirement was not fully satisfied.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question