1

I'm creating an administrative area / cms so my clients can log in and make changes to their site such as content on pages, upload images, etc..

For security purposes I am looking to record the IP and User Agent of whoever attempts to log in, whether legitimately or not every attempt will be logged in a database.

Using the IP and User Agent of a legitimate user I'm also looking to implement a "recognised device" function which will compare the users IP and User Agent upon log in with list of previously logged ones (I'm guessing this is how Facebook does it).

From what I've read so far is the PHP's $_SERVER['HTTP_USER_AGENT'] is unreliable and get_browser() is slow. I know that a UA can be spoofed but that's the only way I can think of implementing a "recognised device" function.

Does anyone have any suggestions or advice on how to achieve this?

Ashwood
  • 107
  • 1
  • 1
  • 10
  • 5
    Possible duplicate of [reliable user browser detection with php](http://stackoverflow.com/questions/2257597/reliable-user-browser-detection-with-php) – Panda Mar 25 '16 at 13:27
  • The user agent is a value transferred from the client in a header, so there is no reliable way to detect it server-side. There are a lot of questions dealing with the user-agent here, so by browsing them you may find something useful. You can also use some AJAX code to transfer known data about the client alongside login data. – syck Mar 25 '16 at 13:31
  • "$_SERVER['HTTP_USER_AGENT'] is unreliable" Right, in firefox: `about:config` and then set `general.useragent.override` to whatever string you want. – Scott Arciszewski Mar 25 '16 at 13:34

0 Answers0