识别用户的其他 PHP 技巧
我知道您可以使用 PHP 获取用户的 IP 地址,但是还有其他提示/技巧/脚本可用于以其他方式识别用户吗?
I know you can get the users IP address with PHP but are there any other tips/tricks/scripts that can be used to identify the user in other ways?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我公司正在建立的网站上有投票和竞赛,允许匿名用户每天投票一次。关于如何解决此问题的建议是:
电子邮件不会失败,但用户可以拥有多个电子邮件地址,另外,麻烦(填写表格,打开电子邮件,点击链接 - 很多人都被这种方式吓倒)。
IP 不可靠,因为 ADSL 用户每次连接到互联网时通常都有不同的 IP(至少对于我国最大的 ADSL 提供商而言)。另外,代理也是一个问题。
Cookie 可以轻松清除/禁用,此外,如果用户安装了多个浏览器,则可以多次投票。如果cookie是通过JS设置的,禁用JS的浏览器也不受此影响。
我们认为#2 和#3 的组合是最好的权衡,但没有完美的方法。
There are polls and contests on the website my company is building, and anonymous users are allowed to vote once per day. The suggestions as how to resolve this were:
The e-mail can't fail, but a user can have many email addresses, plus, it's troublesome (fill in a form, open email, click a link - many people are deterred this way).
The IP is not reliable because ADSL users often have a different IP each time they connect to the internet (at least with my country's biggest ADSL provider). Plus, proxies are a problem.
Cookies can be easily cleared/disabled, plus, a user would be allowed to vote many times if s/he had more than one browser installed. If cookies are set via JS, JS-disabled browsers are also immune to this.
We decided that the mix of #2 and #3 was the best tradeoff, but there's no perfect way.
目前尚不清楚您是否正在运行 SBS 和 Active Directory/LDAP 系统,但这将为您提供一种根据 Windows 登录信息提取有关用户的更多信息的方法。网络上有很多关于此主题的内容:
$_SERVER
包含有关用户访问站点的浏览器的信息:http://php.net/manual/en/reserved.variables.server.php您还可以使用
getbrowser( )
将该信息解析为人类可读的形式: http:// php.net/manual/en/function.get-browser.phpIt is unclear whether you are or not running SBS and Active Directory/LDAP system but that would give you a way to pull out more information about a user based on their Windows login. There is a lot out there on the web on this topic:
$_SERVER
contains information on the browser the user is accessing the site with: http://php.net/manual/en/reserved.variables.server.phpYou can also use
getbrowser()
to parse that information into human readable form: http://php.net/manual/en/function.get-browser.php好吧,最终,识别他们的最佳方法是设置身份验证系统并让他们登录。
或者,您可以尝试根据一堆不同的数据来识别用户,例如他们的 IP 和他们正在使用的浏览器(即,如果 userip = ip && userbrowser == browser ...) - 这是不过,这一切都很容易规避。
检查 $_SERVER 全局中是否有任何其他可以比较的数据。
不过,我强烈建议实施身份验证系统 - 这是识别用户的最佳方式。
Well, ultimately, the best way to identify them would be to set-up an authentication system and have them login.
Alternatively, you could attempt to identify users based on a bunch of different pieces of data, for instance their IP and browser they're using (ie. if userip = ip && userbrowser == browser ... ) - this is all too easy to circumvent, though.
Check the $_SERVER global for any other data that you could compare against.
I would highly recommend implementing an authentication system though - this is the best way to identify users.
如果它仅用于内部网站,那么您可以使用 ident - 另请参阅 RFC1413。有基于 PHP 的实现(尝试谷歌)。请注意,这要求客户端运行一个 ident 服务器,该服务器可从运行代码的 Web 服务器访问。您无需说明客户端是什么操作系统 - 有适用于 Linux、Unix、Apple Mac 和 MSWindows 的 ident 服务器。请注意,身份响应未经身份验证,并且(相对)很容易被伪造。
Microsoft 解决该问题的方法是 NTLM - 但这是需要正确管理的 PITA。
If it's for an internal only website then you could use ident - see also RFC1413. There are PHP based implementations out there (try google). Note that this requires that the client is running an ident server which is accessible from the webserver where your code is running. You don't say what OS the clients are - there are ident servers available for Linux, Unix, Apple Mac and MSWindows. Note that ident responses are not authenticated and can (relatively) easily be faked.
Microsoft's solution to the problem is NTLM - but that's a PITA to manage properly.