I am building a PHP based website for the Kiosks. I dont want people accessing this site from they PC browsers. How do I block restrict the access to my kiosks? Also, How do I recognize which Kiosks users are using to access my site? Thanks, Amit
As PoPsiCle has said, if the server is using static IP, then you can chose only that IP to give access to your targeted users. .. in this case Kiosk. Let's assume, the kiosk is using IP 123.45.67.8 <?php if($_SERVER['REMOTE_ADDR'] != '123.45.67.8'){ die('PAGE NOT FOUND'); } Code (markup): Although the above still will work, but you should build on that idea and do more advanced script to accomplish the simple task
Maybe something like the following? if($_SERVER['REMOTE_ADDR'] == '123.45.67.8'){ $_SESSION['kiosk_only'] = generate_secure_token(); } Code (markup): function.secret.token.php file <?php function generate_secure_token($length = 16) { return bin2hex(openssl_random_pseudo_bytes($length)); // important! this has to be a crytographically secure random generator } Code (markup):
Or give the kiosk browser a unique user agent string that can be tested. While that can be spoofed you need to gauge how much of a problem the unwanted users are causing.
The problem is, we cannot assume that the Kiosks would be on static IPs. Otherwise it would have been an easy choice. This seems interesting. How do I go about doing this?
What browser is the Kiosk based on? Extensions for FF? Opera 12/lower's built in Kiosk mode? (that's my first choice, shame like everything else that makes Opera... Opera, are flat out missing in 15+). Since most kiosks hide the address bar, I'd pass a username and password via the URI. Clean, simple, uses existing mechanisms, and done properly users on the Kiosk would never see it. Though the question would also be is what you are doing the ONLY thing that's going to run on the Kiosks?
@deathshadow, It will be a website for tourists to locate the local events and places. We are planning to deploy several of these kiosks on different part of the city. Since we would need to allow the users to find the event/places nearest to them at the moment (i.e. nearest to the location of Kiosk) we need the ability to identify the kiosk terminal. This suggestion really amazed me. This simplest of the solution could actually work. But this would require that I pass around the username with each URL right? Also what will happen when user visits the site outside of our website. (we need this to allow users to go to the events website). How would they safely come back to the correct URI? or should we consider showing all the "outside" websites on an Iframe? Do you think I could make use of the cookies? Say I set up a cookie with unique identifier to last for like 10 years, when I install the kiosk. then I identify this console by reading this cookie. Do you see anything wrong with this plan?
Usually with a un/pw in the URL, you will stay logged in for... well... until the browser shuts down... so if you did: kiosk21:randomPass@yoursite.url Code (markup): As the startup page for the kiosk, you don't have to pass that un/pw again until the browser shuts down or restarts -- which if it's set as the startup/home page for the browser..." It's actually a "problem" in using http authentication -- there's no consistent cross-browser way to force a log-off. ... and since you'd be using HTTP authentication, you could detect which UN is logged in using $_SERVER['PHP_AUTH_USER'] Just set up a .htpasswd and you should be good. Setting your own cookie could work, but is harder to setup/configure. I'd also suggest making it https just to make it harder to 'sniff' while it's on the air. (since I'm assuming this wouldn't be landlined). I did something similar a decade ago using Opera for a local food festival.