User Authentication

exismedia

Does anybody know how to restrict access to a members-only website to a specific computer? I have already set it up to be password protected, but I want a user to only be able to access the site from 1 computer.

My thoughts: I could set a cookie on the person's computer & record their ip address in the database when they register. When the user logs in, I could check for the cookie...if the cookie is there, the login succeeds. If the cookie is not there, it would check to see if their current ip address is the same as the one the registered with. If the cookie is missing & ip address validation fails, they would have to call to re-activate their account. After reactivating the account, the first time they login I would once again set a cookie and record their ip address.

The problems I forsee with this idea is that people may frequently clean out their cookies so it would be checking for the ip address often. Those people with dynamically assigned ip addresses would have to call in and reactivate their membership every time their ip address lease expires & are assigned a new ip address.

Any thoughts or ideas?

Thanks!

mystrymaster

just out of curiousity why would you want tolimit the access to only 1 computer per login?

tekky

I think you covered all the easy solutions.... only other option I could think of is writing a page to query an IP for its identd server, and combine that with a class C mask of the IP such as
user@127.0.0. and checking their host against that if cookie and ip dont match precisely......

or you could just use a check against the first 3 quads, but thats a tad less acurate....

and of course.... there is always the question..... WHY?

exismedia

Basically, I am creating a site that is for a group of members who will be given access to some very valuable sales training resources for the mortgage industry. My client does not want the members to be able to pass around the login/password to all their buddies to give them access to the site without paying for it. The only way they can think to keep that from happening is to try to limit access to site to a particular computer.

Makes a little bit of sense, but it's kinda silly too huh?

DoD

Hmmmm

Just a thought, but you can possibly script it, so if 2 people are accessing the site through 2 differnt IPs

say the user profile goes

IP1
IP2
IP1
IP2

you could then set it to deactivate that member, so if they wanted to try and cheat it in any way, they will run the risk of clashing with another user, and thus rendering the account useless...

but then you have the possibity of some1 changing their IP address quickly, and it accidentally doing this...