How to make sure PHP Scripts are only used on one machine by a client?

Question

Hello all,

I have a set of PHP scripts sitting on several clients servers and I want to get the mac address for that server so that I can store it and determine that the PHP scripts are not being used on another server.

How can I get the Mac address of a computer using PHP somehow?

Is there a better way to determine if the PHP scripts are being used on a different machine?

Thanks all

Answer 1

Until you don't obfuscate the code, smart clients can fake their mac addresses.

Edit: (Just a simple idea)

When you install your app on clients' machine you should create a unique token that belongs to that machine only.

Example:

• File create timestamps
• Install timestamp
• File locations (big chance not the same at all clients)

Merge these, hash it, store it then check at every page call.

Answer 2

I don't think there is an easy way to get a MAC address from a visiting PC, but I'm not sure about that.

How about a simpler way: use a session? Just assign a session if there is none, you'll end up with one per machine (unless they use different browsers). You could lock the execution to that.

It's not as "perfectly secure" as locking on MAC, but still goes a long way...

Answer 3

for a long time ago i have used the tool PHTML Encoder (url http://www.rssoftlab.com/) this tool can protected your php code and you can set some function like "only run on this machine". you have to install this as php extension. eventually this is a solution for you.

kind regards

Answer 4

I think the best way to accomplish this is by generating your own algorithm to fingerprint the server, the code that's used to create the finger print should be obfuscated to prevent reverse engineering but it can be possible.

create a algorithm hasher that does not stick to 1 value per fingerprint, let the values vary.

so that you can ping a primary server the hash witch then gets validated.

for example

function GenerateFingerPrint($account) //Each machine has a static UNIQUE ID
{
    //Create a fingerprint for the machine and machines location

    //Post the $account + $fingerprint to MAINSERVER.COM

    // Get hashed responce

    //Decode it and validate it to continue with script.
}

But all that code should be highly obfuscated due to reverse engineering !

Answer 5

If you want to get the mac address of the web server which is running your php code then:

system ('ipconfig /all') 

on windows and usually (depending on flavour!)

system('netstat -i')

will go you a bunch of network information including the mac address.

However I must warn you that if you stop your script working when the mac addresses do not match your clients will hate you!

Think of the circumstances when a mac address changes and how applying for a new "license" would (not) fit in:-

• Broken network card is replaced
• Software is transferred to a shiny new server.
• System Admin initiates a flexable Virtual Machine cluster.
• Software fails over to another machine in a cluster.
• Client finds cheaper/better hosting provider.
• Disaster strikes and client is trying get things up and running on another machine in another data centre.
• Clients machine has more than one network card.