Jump to content

User Authentication Using Ip Address

richiejones24

By richiejones24
in PHP Coding Help

 Share

Recommended Posts

richiejones24 Member

richiejones24

Posted
Posted

I currently have a User Authentication Script, which when the user successfully logs in generates a cookie, which is there password encrypted using MD5  which is then verified on every page they visit against there password which works great. I am thinking of adding another level of security, when the user logs in there current ip address is recorded then on every page they visit as well as there password been verified there ip is compared against the ip they had when they logged in.

 

I know that if the user changes there IP they will be logged out, that is fine but is there any other problems which I have not foreseen? 

is there any reason i should not do this?

 

Thanks for the help 

Link to comment
Share on other sites
QuickOldCar Regular Member

QuickOldCar

Posted
Posted

Checking and saving against their ip on every page load seems wasteful to me.

 

Only reason I could see for saving their ip would be for banning purposes, which you could just ban them by username if that's the case.

 

And if wanted to ban ip's, should use htaccess instead.

Link to comment
Share on other sites
AyKay47 Member

AyKay47

Posted
Posted

I currently have a User Authentication Script, which when the user successfully logs in generates a cookie, which is there password encrypted using MD5  which is then verified on every page they visit against there password which works great. I am thinking of adding another level of security, when the user logs in there current ip address is recorded then on every page they visit as well as there password been verified there ip is compared against the ip they had when they logged in.

 

I know that if the user changes there IP they will be logged out, that is fine but is there any other problems which I have not foreseen? 

is there any reason i should not do this?

 

Thanks for the help

 

two big issues here;

 

1. saving a users password with a cookie is a big security hazard since the cookie is frontend and therefore is available to users. I would suggest using a database to store user information and sensitive data.

 

2. as you have already stated, using someones ip to check authentication is not a good idea, people can easily change their ip address and sometimes do frequently which is a con that you cannot overlook.

 

why not simply have a login page where the user is required to type in there credentials, which are then compared to the data stored in the database, which grants them access to every page?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.