ip identification

stacy

I'm writing program now, and in purpose of secure I need to have clients connected only once at a time period. So I'm in need of identifying his/her ip. How can I do this? And what does the var $REMOTE_ADDR exactly do?

badman

i have implemented what you have mentioned here.

You can do the following
1. store the userid and session ID($PHPSESSID) and ip address in a table
2. check that ip, user id and session id are same as in table in every page
3. if session id is different then check for ip address
4 if ip address is same then allow else kick him/her out!

$REMOTE_ADDR returns the ip address of the client requesting your page.If they are using proxy then it is the ip of proxy

try this in your script

echo $REMOTE_ADDR; it wll echo your ip!
cheers!

kparker

Yes, but you can't get where you want to go doing it that way. (I seem to be repeating myself tonight!) There is not (and never has been) a one-to-one correspondence between users and IP addresses. You won't even get close without considering the combination of $REMOTE_ADDR plus $REMOTE_PORT and even that is risky.

May I ask, if security is so important, why you want to rely on an anonymous and semi-effective scheme? It would seem to me that if it were really important that individual users be uniquely identified, it wouldn't be too much to create a real user login system.

stacy

well, it's necessary that all users should have ONLY ONE login. No more than one. So the program must identify users from all over the world. For this moment I see only this way. May be you'll suggest better solution.

kparker

well, it's necessary that all users should have ONLY ONE login

That's virtually impossible, if by 'user' you mean distinct human beings.

It's completely impossible if all you have to rely on is the IP address. Don't even try; it will waste time you could otherwise put to good use doing something else that will actually pay off.

And to make it even more pessimistic, even creating a login system using something like an internet email address as the ID, and not letting people on until you've emailed them back an access code, won't ensure 1 user == 1 human. After all, what's to prevent me from having a hotmail account, and a yahoo account, and a eudoramail account, and accounts from 16 other free webmail services, for each of which I could set up a different account with you?

stacy

is there a possability to make identification with cookie?

kparker

Sure, except for users that have cookies turned off. Honesly, this is not an easy undertaking, and success depends partly on being lenient enough in your standards that you end up accepting one of the feasible half-way measures as being "good enough" for your purposes.

Can you discuss the actual situation here, or is there some trade-secret or non-disclosure that would prevent you from sharing those details with us?

stacy

well, there is no secret.
Now i'm making the on-line stratagy game (smth like 'earth 2025'). The game must be tested (the mathimatical part first of all). So I wish the group of testers were working with it. The problem is that our players like to make multiple accounts and to kill each other with using of thousands of empires (nations, peoples, klans, etc...). I don't want any stratagy dominate by an amount of empires (or other kind of objects). So it's necessary to have minimum accounts per player (if it's possible - one computer - one account).