Announcement

Collapse
No announcement yet.

Traking user location

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Traking user location

    I would like to implement a feature which would control if the user Login, so he/she can login only from one location (ie. one IP )
    Another words I need to prevent users exchanging login information.

    Any ideas how to implement it ?

    Arthur
    -----------------------------------------
    Arthur Klisiewicz
    dATA POINT SOFTWARE
    www.datapointsoftware.com

  • #2
    There are superglobals in PHP to retrieve the IP the user is working from. So that would be a start. Another option is to keep track that a user is only able to logon once. Need to be careful though as this is one of the problems in the SC environment too, especially if you have a multi user licence.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      Thanks. The second is not an option. I have an project which is based on subscription. I need to make sure that users who subscribe would not exchange the Login information with those who do not.
      The verification IP seems to be OK, however I know that on a dynamic IP plans (from ISP) tha IP number changes, so how would you track it? I know there are tracking services like DynDNS, but really sure how to implement something like this ?
      I was also thinking about cookies OR storing some kind of verification file on users PC (sort of like Google Analytics does) but I don't know the details how this is done (there has to be some service tun on the server to access user PC in this case).
      I can easily create a desktop App to generate some sort of file or perhaps use SC to create/access local MySQL with some user profile. There are many posibilities, but I need the option which works and is not very time consuming to implement.

      Have you tried to read users IP into SC already ?

      Arthur
      -----------------------------------------
      Arthur Klisiewicz
      dATA POINT SOFTWARE
      www.datapointsoftware.com

      Comment


      • #4
        Besides your point, users not always work from the same spot so the ip might change for that reason too. Of course you can set a cookie (there are restriction laws in EU btw) and read from there. In php there are get and set cookie functions.
        Albert Drent
        aducom software netherlands
        scriptcase partner, reseller, support and (turn-key) development
        www.scriptcase.eu / www.scriptcase.nl

        Comment


        • #5
          Well, for me limiting user to a specific IP is fine. I was also thinking about generating some kind of computer ID (i.e based on HD Id) and verifying it upon login.
          Albert - have you tried any of those methods ?

          Arthur
          -----------------------------------------
          Arthur Klisiewicz
          dATA POINT SOFTWARE
          www.datapointsoftware.com

          Comment


          • #6
            Originally posted by aka View Post
            Well, for me limiting user to a specific IP is fine. I was also thinking about generating some kind of computer ID (i.e based on HD Id) and verifying it upon login.
            Albert - have you tried any of those methods ?

            Arthur
            Yes I did, but from Delphi. Afaik it's not that easy to do from javascript. But perhaps some kind of java applet would do, but I never played with that. Another option might be that you send an email after logon with a verification code they need to enter before gaining access.
            Albert Drent
            aducom software netherlands
            scriptcase partner, reseller, support and (turn-key) development
            www.scriptcase.eu / www.scriptcase.nl

            Comment


            • #7
              The email option is to complicated.
              when you select properties screen for the FORM (left panel EDIT FIELDS), then go to dB_VALUE (Insert/Edit) there is an option User_IP, which might do the job however I was not able to find any information on how this is implemented.

              Art
              -----------------------------------------
              Arthur Klisiewicz
              dATA POINT SOFTWARE
              www.datapointsoftware.com

              Comment


              • #8
                So, has anybody succed readin user IP itno the SC App ?

                Art
                -----------------------------------------
                Arthur Klisiewicz
                dATA POINT SOFTWARE
                www.datapointsoftware.com

                Comment


                • #9
                  Think about this...

                  How much time is worth keeping a few people out? I develop applications that are Highly secure but a few users get around my encryption and deployment techniques. Most of your users are going to be trustworthy. A few are not, so instead of trying to keep out the few who WILL break your security theme, try and create a scheme that will keep honest people honest.

                  Let me say this and take it to heart: you are not going to stop someone who has the skills to break your scheme. Period. Waste of time. Ip monitoring is not going to stop it. Too many flaws in this. Including IP address changing.

                  There are ways to keep your site secure. Research and look at some of the ways the "big" sites do it. I have a few but you need to decide for yourself what works. And for your system that means testing different methods.

                  Hope this helps..
                  Pappy
                  Skype Id: www.papsoft.com

                  Comment


                  • #10
                    Originally posted by aka View Post
                    So, has anybody succed readin user IP itno the SC App ?

                    Art


                    It is just a matter of PHP code - but I would ponder the wise counsel of the other replies too

                    Here is the type of thing you can do - http://stackoverflow.com/questions/3...address-in-php

                    I log IP but only from an analytic perspective, to try to figure out where my users are coming in from. However, you often get crazy values. I have found that many mobile users on smartphones have weird IP locations, like in different cities where the provider computers are located.

                    I also have noticed when i am in a StarBucks on the ATT network they give free wifi on, I will show up in another state when looking at the IP.


                    You know, if you have a very very small number of users who are going to be paying a lot of $$$$ to use your system, you might consider sending them a physical key of some kind. I am thinking a thumbdrive with some software key or encrypted values you could somehow use to verify a specific PC installation. I haven't done anything liek that in a LONG LONG time. Once, way like 20 years ago, I sold a software for $1000... internet copying wasnt the issue then, BUT the software was for a specialized industry and those guys would copy and give each other stuff all the time. I ended up paying like $10 for a special CD that had laser etching on it that disrupted and put a code on it that I could read But they could not reproduce with computer copies. It was a hardware type solution, where each copy had a special code and it could only run if that specific CD was in the machine. I real pain in the ass for me, but worth it since the $1000 was cool

                    Where I work we used to have dongles for certain GIS software we used that cost like $12000 a seat. However, even that company has dropped that now. Too much hassle.

                    You know, the only 'hardware' security thing I encounter now is google's two step verification. I love it, because it is very hard to break into someone's google account. Every so often they require you to use an app on your cell phone to get a code that changes (I guess based on your phone and the date time???) , and then you key that into the google website. So they have to have your username, password and your cellphone. I wonder if you couldn't make a simple app that would go out and get a changing code, specific to each user, that would basically make it very hard for someone to give away access. Just a thought...


                    Why can't a normal password security system work for you, with them putting in a credit card or something? I find that if someone pays even a small amount, they are much less likely to screw around with a system. The free people... that is pandoras box.

                    Good luck,
                    Jamie

                    Comment


                    • #11
                      well, i would suggest to leave all SC techniques away, and try .HTACCESS techniques in combination, separately, just saying

                      Comment

                      Working...
                      X