Hi everybody!! I have big broblem whith getting user computers MAC adress!! I wont to get it whith php and use it in my sessions but i cant find how to?? Can somebody help me PLEASE!!!! Thank U!
Ok then do you have any ideas how i can secure my session while the user is logged in not leting another user logging in whith the same Session ID????
OK! thank u! But is it enogth for not letting logging in whith the same username and password from different computers at the same time???
I spose if you store sessions in the db and onlogin check the db for a session that belongs to that user you could force them to logout .....
normal users will not have permissions to execute ifconfig, not sure about windows but linux for sure won't be possible in that way unless you're the root user and php runs in phpsuexec, I imagine winows will be the same.
@lordspace: how does your code tell the MAC address of a user's computer? I run that code on the server and don't I get the MAC address of the server? @etdegraor: your original 'premise' that the MAC address will guarantee uniqueness is incorrect, anyway, as MACs can be cloned. I believe that krakjoe is correct in what he said: when a user logs in, check to see if that same user is currently already logged in.
Google will give you heaps of links so there's no point us going in to it here. Some routers will even support the option of automatically cloning the MAC address of a 'client' computer, in case your cable modem is tied to a particular 'client' MAC address.
most network equipment comes with the ability to do so as standard, mac addresses were never desgined to identify people on a world scale, and so changing them seems like a good feature to have.
some other programmer told me once he used the mac address for identification in his web applications - i think is might be possible to read the routing tables if webserver and dhcp server is on he same machine and you only need the mac- addresses from your local network. but i dont know if this was done 100% in php... but the easiest way to get a unique id is the session.
the most common practice I've seen is like krakjoe said, record the user in the database and than have your login authentication part of the code to check for current session. or make it more interesting, if you are doing this to provide a single login for some sort of paid service website, you could make it more entertaining by allowing the most recent user to login and create a new session and logout the logged in user. This usually discourage the original user to share the login to gain a paid service.
It wasn't, in a prodction environment permissions will dissallow the user running php to execute anything that belongs to the system, in theory you could use php's ssh2 libs to connect to the machine, but not only is it a massively stupid idea to do that ( as you will need to keep root or wheel passwords in a php script ) it will take forever and a day for every single page to load It's just not worth it, if it was a viable way of authenticating users everyone would be doing it; there are far too many wholes in the thoery for the amount of fixes and bodge ups to cover, give it up, use sessions.....