I have a small web function that should run only when the user is in the office . But the problem is that our internet provider changes its IP regularly and i cant keep track of it. We have windows 7 systems in our office and they dont have any static IP. I cant even set a static IP as it will hamper the internet provider settings and will stop connecting to internet. Im stuck now. Is there a way with which i can make sure that a person is in office only when he is using that function?
Asked
Active
Viewed 905 times
2
-
1Wouldn't your office still use an IP within a range? – Fluffeh Sep 07 '12 at 08:20
-
Use a token that triggers a cookie to be written. If the cookie exists in the `$_COOKIE` superglobal, use your function then. – Lucas Green Sep 07 '12 at 08:21
-
what about using a service like http://www.no-ip.com/ ? – Lorenzo Marcon Sep 07 '12 at 08:22
-
is there a way i can get dns server address in php ? coz dns stays same i guess even if ip changes – w3developer Sep 07 '12 at 12:10
6 Answers
1
The surest way is to ID using MAC adresse since IP can be changed, MAC address is harder to spoof and does not change. It is the "serial number" of the network card. So unless they take the card home, they won't be able to access it. Have a read at this post
-
1MAC address of the client is not available unless the server and client are on the same LAN segment. – James McCormack Sep 07 '12 at 08:32
-
Just a hint. MAC is easy to change. On my machine I have a field in card driver settings where I can put a new MAC. The same field I have in my router web interface. So, if users are smart enough - this could be a problem – Viktor S. Sep 07 '12 at 08:32
-
@FAngel the computers in the office should not have the driver settings available to the normal users. So they can change the MAC at home but don't know to what. – Salketer Sep 07 '12 at 08:42
-
@Salketer : i read the article and applied that code but i guess '$arp=`arp -a $ipAddress`;' this statement is not running as its not showing anything. How can i make sure that arp command runs on my server ? – w3developer Sep 07 '12 at 08:51
-
The arp suggestion will only work if you are on the same LAN which does not seem to be your case. Scroll to Peter G Mac.'s answer. – Salketer Sep 07 '12 at 09:01
1
You could use dyndns to get the current ip. Dynamic dns allows ypou to redirrect a host name to a dynamic ip.
So if you get a request from a unkown ip or more then x seconds have passed since the last request you can use gethostbyname to retrive the offic ip.
Free Dynamic DNS:
Getting the IP:
$ip = gethostbyname('http://sample.dnsdynamic.org/');
Oliver A.
- 2,819
- 1
- 16
- 21
1
One way to do it would be to set up the server so it exposes 2 services - 'A' with the "special office-only function" available, and 'B' without.
Then, set up the network security so that Service A is only accessible over a VPN tunnel from your office.
--
An alternative approach might be to use PKI - get the office computers installed with certificates that are required to access the Service A functionality. However, while complicated, it is still possible for users with sufficient authority and knowledge to copy the certificate and install it at home.
James McCormack
- 8,920
- 3
- 45
- 55
0
If your users aren't nerds, you can set a special cookie in the office computers, and check against that every time the user accesses the application.
(If your users know to to set and unset cookies, that would fail, as they would simply copy this behavior to their home).
Also, there should still be a specific range of IPs when connecting from the office (even if the IP changes), sample a few IPs and check for a recurring pattern.
Madara's Ghost
- 158,961
- 49
- 244
- 292
0
Provide your office user with some kind of token, after they authorize. Then use the token to determine if access is granted or not.
The token can be stored in a cookie on the the office users computer, so authorization is done only once.
JvdBerg
- 21,117
- 8
- 31
- 54
-
But then that user will go home, and use his token to authorize again, so what's the point? – Madara's Ghost Sep 07 '12 at 08:23
-
authorization could only open for a short period, once everyone is authorized, new authorisations would not be accepted. – JvdBerg Sep 07 '12 at 08:26
-
If the user is tech-savvy and has read access to their cookies on the work computer, they can copy the cookie and use it from home. So this is not a secure solution. – James McCormack Sep 07 '12 at 08:34
0
If you have an access to office network - you may try to config your server, which gives an access to the internet, so it will add some token (cookie?) to all requests (sent to your server). And you will check it in your code.
Viktor S.
- 12,342
- 1
- 23
- 49