I want to insure that a user is unique(not the same user with under an alias), and I think the closest I can actually get to that is by storing the user’s bios number for comparison when someone registers.
That isn’t fool proof, but I think it’s as close as I can get.
Anyway,
I thought about using javascript, but that can be turned off client side, so I’m hoping I can do it using php.
Is there a simple function for retrieving a bios number from the user’s system when they submit a form?
There is no way this is possible. PHP can only access what’s transmitted in HTTP headers and the body, and the BIOS number is not in HTTP headers, nor is there any way to put anything close to BIOS information in an HTTP request. It would just be a massive security hole!
And anyway, you wouldn’t be ensuring a user is unique, you’d be ensuring a computer is unique. In many places lots of users use the same computers (e.g. universities).
Your best bet for “uniqueness” is to log the User Agent string, IP address and check if they have a “already registered” cookie, and perhaps some other stuff you can scrape together. Then you match against these things, but they’re still nowhere near reliable for ensuring a visitor is unique. All I’d have to do is reset my router, clear my cookies, tamper with the user agent string (easy) and I’d be able to register another account. Or, I could just use another computer!
If people want to register multiple accounts, they will. The only way around it is if you are expecting them to register and the user has to input a unique code given to them in order to register.
In addition to the above it’s worth reinforcing that PHP is a server-side language, therefore it doesn’t have any knowledge of what the client is using (it works and does it’s job at the server it’s hosted on, not in the consumers browser). Even with JavaScript which is at the client-side, you could never get anything as personal as BIOS info, that would be a serious security risk. JavaScript is sandboxed which basically means that the engine and the browser deliberately prevent and limit how much scripting can get from the end-users system. If JavaScript could start reading hardware codes, registry keys or unique variables to users, then it could also be used for evil to leech personal records, passwords or worse. So basically, you can’t get the BIOS number and you can’t guarantee a user. 
PS: With many ISP’s, IP addresses aren’t dedicated to an individual user, you can’t even use that to be sure of the visitors identity (and that’s excluding proxies)!
Thanks for the info.
I thought about using cookies, but all they would have to do is delete their cookies.
Usernames and emails are a dime a dozen, the same goes for computers.
Maybe a mailing address, but then the question is; What if there are several people at the same address?
Maybe if I charge an entry fee, require a mailing address, and limit the number of entries to 3 per address. I’m designing a contest BTW.
I’ve thought about a service like VeriSign, but I’m worried it might make the process too difficult and discourage people who would otherwise participate.
Maybe a mailing address, but then the question is; What if there are several people at the same address?
What if they lie?
Unless I actually want to receive something at my house or it’s something important then I normally fill in some garbage for things like my home address.
Maybe if I charge an entry fee, require a mailing address, and limit the number of entries to 3 per address.
That’s going to discourage people! Particularly the fee bit.
What exactly are you trying to stop people from doing? Creating multiple accounts? Make different submissions of the same thing? Vote many times for the same thing? You won’t be able to properly control any of these.
It’s just not technologically possible to guarantee who a specific individual is. The problem is that you will eliminate pretty much anyone from participating because no-one is going to enter a contest that is invasive (too nosey) or complicated - like what you’re attempting. I know you probably just want to-do it to ensure the rules are followed, but there’s always going to be a way around it, and it’s not technologically possible to stop that. All you’ll encourage is non-entry, fraud or identity theft.
Regarding ID’s: People could sign up under a different name.
Regarding Emails: People could setup fake accounts.
Regarding Addresses: People could use fake ones, PO Boxes, business or other residential places.
Regarding Phone No’s: People may have more than one phone number (or enter a fake one).
Regarding Payment: People may have multiple credit cards, use friends cards, use fake ones!
Regarding Identity: People could use a proxy, have a shared IP or something else.
Regarding Computers: Cookies can be faked or deleted, machines can be shared.
If you lie about your mailing address and end up winning, then you end up loosing, because someone in Sneaky Shoe Wisconsin will get your prize instead of you. Lol 
I thought about as much. I wanted to throw it out there and see if anything new bounced back just in case there was some technological break through I haven’t heard about.
Anyway,
Now that I think about it, it really doesn’t matter that people make duplicate entries, since I’m going to assign each entry a unique number, then match it with a randomly drawn number to determine the winner…
…and…
Ease of participation is a must since the real goal is to increase traffic and user participation, if it achieves that I’ll be content.
I’m going to assign each entry a unique number, then match it with a randomly drawn number to determine the winner…
Statistically this does mean that if you submit lots of duplicate entries you’re more likely to win.
Believe it or not that’s why I was looking for a solution to the duplicate entry problem. 