User can only login through their own pc in php

3
votes

i have developed one site on which students can login and view online class. now my client wants that, user only can view class, if they are login through their own pc or by the pc they first time login or also the pc for which they are approved to view class.

if username and password also right but machine is different, user can not login to system and shows error that please login from your pc.

i read about ip and cookie, but in both case my requirement does not match. cause ip can be change and cookie can be deleted from system.

i also try to do it by mac address but not getting mac address of user in php script yet.

i hope you all understand, what i mean. i am finding answer for this from 3 day, still not getting any idea about this.

if anyone have a idea, how to do it. reply me asap.

1
phplogin-control
Not sure if this is a clever idea, but I think the only way to do this would be to use the MAC address as you suggested yourself.Bono
yes, that i know. but i didnt get mac address in php code. i find some script for that but it only gives mac address of the pc on which site is running instead of user pc.Rcreators
What if the PC dies completely and needs to be replaced? What if the user upgrades his PC? There are simply so many regular use cases in which a user would get locked out of his own account. Sounds like a bad idea. If usernames and passwords are good enough for virtually every site out there, why not yours?deceze
I'm absolutely with deceze on this one, really not a good idea; is there no way to tell your client this would not be effective or actually counter effective?Bono
there are only registered students who can only view class, if students share his password with others, all can view class. so client want that user can only view it from his own pc. also incase of pc damaged or took new one. he have to inform admin for that. so admin can altered his pc.Rcreators

1 Answers

2
votes

Based on what you said: "there are only registered students who can only view class, if students share his password with others, all can view class. so client want that user can only view it from his own pc".

You cant really prevent this(?). If students call other student over and and shows class, how you prevent this?

One way to make sharing password harder is to give also students a single time passwordlist, which has like 100-300 pairs of passwords and keys. Always when student logs in; regular name/password pair is asked, and after that one of the single-time-passwords (give me password number 233, and user gives that password from the list). This will NOT prevent users to log in to each others accounts if they are willing to share single time passwordlists.

Bit offtopic, I think you cannot really invent system, where information could not be shared if it's in the net... it's downloaded to your machine, when looking at it, and there you go - you have a copy.