Login validation + IP Address validation In PHP

Login validation based on the username and password is done for the php application I have done.

I want to implement the IP address validation also.( An user can not be log in from two different IP address at the same time )

I am wondering, would this be reliable on the prod开发者_如何转开发uction environment? Because some says the Proxy address only will be get by the PHP server. Is that so?

Theres a few things to consider:

It is more than possible that different legitimate users of your system might share an IP from their ISP, this type of a setup is called NAT. Separate requests from the same legitimate users might end up coming in over different IP addresses during the same session, which is more rare but it happens. Also proxies as you mention are a real possibility as well.

So definitely think carefully about it before you implement such a feature.

You will get the IP Address with $_SERVER['REMOTE_ADDR']

I have to think longer about the proper solution but maybe you can do something with the sessions (and it's names)

http://www.php.net/manual/de/function.session-name.php

and maybe we need the data base too. maybe I will respond tomorrow again, it is 6 am :)

The proxy thing is true. Everytime a request pass through a proxy the IP change. At the end, you may be having the IP of the last proxy the petition passed.

If you need to implement IP address validation you should be keeping list IPs that are allowed to access the system, and check the client IP against it.

In case you worry about proxy servers check for the headers like HTTP_X_FORWARDED_SERVER, HTTP_X_FORWARDED_FOR to identify the origin IP address. I am not sure if this will work with socks proxy servers.