This was bounced back to the list because of the php crap of needing to use
'reply all' - I SHOULD have used 'reply' in this case as jagdeep's email was to
ME, but I automatically 'reply all' and replace return address with the list
email to kill off all the extras!
Ashley Sheridan wrote:
On Sat, 2010-05-15 at 08:18 +0100, Lester Caine wrote:
Jagdeep Singh wrote:
> How can I define"Machine"?
That IS the problem. As with a lot of this stuff - nothing was ever actually
DESIGNED to work :( So $_SERVER["REMOTE_ADDR"] will block multiple machines if
they are sharing the one connection. I've been lucky so far in that
'REMOTE_ADDR' CAN be resolved to a machine in my own case.
This like 'tzoffset' is an area where the simplest basic functions actually need
to be fixed. If you are working cross timezones have you considered the problem
of knowing the right time where daylight saving is important. My users have to
set their correct daylight saving zone in their profile. 'tzoffset' is no use.
Both of these are areas that need fixing?
( As an aside ... some schools are now using 'virtual' desktops, so several
pupils may WELL be working on the one 'virtual server' but each in their own
sessions. This makes it impossible to identify the individual users as well )
I explained off-list how you could do this. Create a hash of the
machines IP and browser with the username of the logged in user:
md5($ip . $browser . $username);
And store that in the database when they log in. Now each time they
perform an action, create a hash from those same bits of information
again and check it against the one created when they logged in.
We have already identified that THIS will not work is this case. It is not
unreasonable to want to restrict the number of users on a single machine. So you
keep the machine use separate to the user login ... AS STATED the problem is
identifying a machine in the first place.
You can't access their Mac address. Many people on the list have
explained that to you now. I'm not sure why an e-learning module needs
such strict requirements, as it's perfectly valid that a user might want
to use more than one browser at a time.
It is also not unreasonable that one may want to restrict access to something in
the way specified. If one is RUNNING on-line testing, then having the answers
open in another browser is something that it might be nice to block ;) Because
the simple matter of uniquely identifying a machine on the internet IS
impossible currently then we have to come up with some other way of blocking
things, but to be honest. On-line testing is a silly idea anyway since there are
many ways of cheating that even these locks would not prevent ;) In my own case,
restricting a machine to a single user is essential and I simply need to block
other users when the machine is 'in use'. $_SERVER["REMOTE_ADDR"] is internal to
the intranet so no problem.
Personally I think the demands from the 'privacy' camp is simply playing into
the hands of the criminals. EVERY machine should report it's ID and this can
then be used to kill off the con men. Perhaps when IPv6 is in full use then
every computer can be uniquely identified? THEN $_SERVER["REMOTE_ADDR"] will
work properly .... we just have to ensure that 'cloaning' of ID's is always
flagged in transit.
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php