I have seen a few questions/answers in regards to this, but none really suit or answer the issue I have. Feel free to mark as duplicate if I have managed to miss anything.
I am currently writing a web application in PHP that requires a user to log in before they can access, BUT we need the application to only let a user log in from their authorized PC. For example, when a user first logs in, they will get a prompt to alert the admin to auth their PC, once done so they can continue. I have been searching the net for ways to obtain a UID from the device hardware but understand that PHP is server side, not client side, so all the values that have been returned, have been related to the server and not the client (i.e HDD Serial).
I'm a little stuck for the best way to achieve this, I have considered the below so far:
IP Addresses: Customer does not use a static IP, and we have seen that the IP they are using is constantly changing for each PC.
MAC Address: Cannot for the life in me find anything that would help me write something to grab the MAC, or whether its possible?
exec(): Had a play with this, but again, appears to return server values.
Javascript: My knowledge of Javascript isn't advanced enough yet to even consider trying to write something for this.
I'm a little stuck other than that (Junior Developer) so any help would be massively appreciated.
Thanks in advance.
Just in case anyone else wants to achieve this, I resolved this issue by creating a database table for "authorised_computers" which stores a value generated during the log in process within a COOKIE. This code is passed onto an administrator who can either authorise, or de-authorise the machine allowing them to login. Once the admin has authorised, when the user tries to login, the login script will check the database and cookie values to ensure they match. Only downside is, if the user clears their cookies, they will have to re-authorise. But with how simple it is for admins to actually authorise, it shouldn't be too much of a headache.