Solved

Website - Restrict Login - One Machine

Posted on 2009-06-27
8
925 Views
Last Modified: 2013-12-23
We have a content management solution based on php. We have restricted multiple logins using sessions management. We would however want to introduce machine based logins.

How can this be done?

Thanks in advance.
0
Comment
Question by:achitaley
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727727
You could create a php script to register a machine.  It would use setcookie() to save a cookie. Then when that user returns you use $_COOKIES to retrieve the cookie data.  This is how those "remember me" checkboxes work on various web sites.  Note, though that if the user changes browsers or deletes his cookies he will have to re-register that machine.
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 24727729
You need to determine the IP address of the machines you want to restrict access to, and then use an if statement on the log in, for example
if ($_SERVER['REMOTE_ADDR']=='71.233.246.102')
{
   then do log in code
}

a fast way to detemine your machine IP addresses is go to those machines and go to the website:
http://whatismyipaddress.com/
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24727794
Using IP address only works if you know that all your users have static IP addresses.  Most users have to pay their ISP extra for that feature.  Company networks tend not to use static IPs because it becomes an administrative headache.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:termlimit
ID: 24732604
IP Address is not reliable, but at the same time is the only method (outside of grabbing a TCP/IP packet and reading the MAC address) to identify a client.  My bank uses a method such as this.  They do it by dropping the IP into a cookie.  If a user tries to login from a machine outside of their own (Same if IP changes from ISP) they are asked to re-identify themselves.  This is done with my bank through a text message to my phone with a special code that I then enter into the website.  You could do something similar to this for your situation.
0
 

Author Comment

by:achitaley
ID: 24733863
Hello All,

Thanks for your responses till date.

I am looking forward to a more - hassle free - less administrative - machine identity based solution to identify my users through the web browser.

We cannot rely upon IP address... given the fact that IP is dynamically assigned. We were looking forward to restrict a login from one single machine only.

For this, we were contemplating a combination of solutions. For e.g... installing digital certificates on client machine + getting to know his machine's hardware part Info + Range of IP from where he's accessing ; coupled with his past logins = same customer and hence - login is permitted... kinda stuff.

How can I get to know any of his machine's info; let's say the harddisk, motherboard sr. no. etc. .from a web browser?

0
 
LVL 4

Accepted Solution

by:
termlimit earned 125 total points
ID: 24733942
The solution you are proposing is not going to be one that is guaranteed then.  If you allow a range of IP addresses, then technically a couple of machines could still logon.  The digital certificate is a good idea and is used in many places to verify identity.  This could be installed on multiple computers though.

Getting information about the user's computer is a bigger challenge since some users will come from Windows, Linux, Unix, Mac, or through multiple proxies.  If any of these happen most likely any software (which most likely would be done with something other than PHP) you run will break.  Possibly running a client side Java (not JavaScript) software, which can detect computer information would be a better solution than a PHP based system.  Or maybe develop the security applet in Java and have that communicate with PHP in real-time.

Remember any time you are going for absolute security it is hard to restrict access to one machine.  The bank that I have that does this sends a txt message to my phone when my IP address changes to verify me.  If you run software on the client machine it is susceptible to hacking and spoofing.  This holds true for IP verification, computer information validation, etc.

Hope this helps
0
 
LVL 1

Expert Comment

by:geomouchet
ID: 24740548
For some web servers, PHP will see the client certificate in $_SERVER.  You can give it a try.  Other information about the client PC, such as CPUID, is intentionally not returned to the web server for security reasons.

If security is that much of a concern in your application, identifying the computer may not be good enough.  Many users write their userids and passwords on post-it notes stuck to their monitor, or have a list of passwords in their top desk drawer.  Anyone who can walk up to such a computer will defeat your security.

Have you considered fingerprint ID or other biometric systems?  There are fingerprint systems that would allow you to store the login data in the fingerprint ID software.

A simpler solution would be to ask a personal question that only the user would know, i.e. the name of first pet, favorite high school teacher, etc.  
0
 

Author Closing Comment

by:achitaley
ID: 31597483
The information was pertinent. However, my requirement was not fully satisfied.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question