What’s a good resource to use for identifying a computer? Preferably using PHP.
A project I’m working on needs to give users certain access privileges depending on the machine they log in from.
This only applies for a few machines. They machines are stored in a database table as stations, and given certain privileges.
I have an interface for adding stations, and columns could include IP, name, etc.
But, the network the computers are on is within routers and such. So using an IP is out of the question for identifying a unique client, for it’s dynamic.
The NIC mac address would be nice, but through PHP only the gateway would be returned.
I was thinking using Javascript (javascript is enabled on all clients, so it’s no problem to use), but there is still no means of obtaining the static IP or MAC.
Your going to want to use sessions. You can set up a database with user permissions and info and then store it in a session. The session sinds an ID cookie to identify the computer and then stores the rest of the information server side. When calling/checking authentication your going to want to use very secure methods. All my work is on a LAN so i dont bother too much with high security. But heres an example.
//once you have all your users info contained in variables
$pass = 'userspass';
$un = 'username';
$info = 'info';
$comment = 'commenct';
$lvl = '2';
// now you going to want to call a session, keep in mind
//you have to do this before ANY header information is sent,
// same with cookies.
session_start();
//that assigned the unique cookie to the individual computer
//now you can store variables within the session
$_SESSION['pass'] = $password;
$_SESSION['un'] = $un;
$_SESSION['uinfo'] = $info;
$_SESSION['comment'] = $comment;
$_SESSION['lvl'] = $lvl;
//so now we have all our variables stored in a session
//im assuming what you want to do is to restrict access to dif pages?
//so what were gonna do is make an include file and its going to be
//something to the effect of this
Filename.php
<?php
start_session();
//when you call it once its started it just calls the variables no an entirely new session
if ($_SESSION['lvl'] == 2) {
//access granted code here
} else {
header ("Location: http://bye.bye.com");
}
?>
//and then what your going to do is include that in all the pages you want to restrict using
include ('filename.php');
//and that will keep the unlogged in people out keep in mind the
//level of security im using is rather low and simple but if thats all
//you need then so be it. im sure theres a way to use this method
//and make it extremely secure. Hope this helps!!
But, I need something that can identify a computer as unique regardless of the current session the user is logged in with. When you log in from the computer to the application, a new unique session ID is generated everytime. Thus, it’s not very consistent.
The user (these users are actually employees using computers, e.g. stations, for their employee work) will login from an interface, and unknowingly to them the PHP script will identify the computer (my problem) as a station within the station mysql table, and then will fetch its priviliges using its unique privilege id (from a privilege table) and merge those with the current user’s session privileges.
It’s not too hard to understand, but I can’t think of anything to store in the station table for a particular row that it can use to identify with its computer.
If I logged in, session activated, and stored that unique session ID in the station’s row, then upon next login that wouldn’t do me any good.
Perhaps Im way off but perhaps installing snmp on the systems accessing your tool and then use the functions built into php to get the information via snmp of the system. I believe you can get the SID through SNMP
Using IP can be a problem if your addresses are assigned by a dhcp server, they may never get the same ip on renewal. If using IP you would need to set static ip’s on each machine.
Machine name (Host Name). No two computers can have the same name on an IP network. Run ipconfig /all at cmd prompt on nt xp pc or winipcfg on win98 to get the machine name or host name, maybe you can incorprate that into a script e.g if machine name = etc.
Our problem with static IPs and computer names is that a user could lookup the IP/computer name, go home, change their network settings, and access the restricted interfaces once logged in. Also, the IPs are of normal range (192.168) that common ISPs use.
The privilege interfaces should only be accessible by computers with a unique tag.
Other options we have is searching the computer for a particular file, or maybe using a USB dongle… but I was hoping there’d be a way to grab something by PHP.
Sillysoft, what is the SID in relation to the clients computer?
I checked PHP.net for functions in SNMP, and noticied the following:
In order to use the SNMP functions on Unix you need to install the NET-SNMP package. On Windows these functions are only available on NT and not on Win95/98.
This is a web script, therefore independent of anything to do with the operating system. User privileges are defined in part by the computer they login to this web script from.
The option we’re concluding to use is assigning a cookie to the computer, and then storing the station ID inside the cookie. Upon login this cookie will be searched for, and then the station ID within it will be taken and used as a conditional for finding the station inside the database table. If found, return the station’s privileges, and all is set.
We’ll use Windows XP permissions for restricting access to the cookies folder, and deleting/modifying cookies.