How to get logged in user's device physical address

Question

I have a tutoring site where users can join as Tutor or Student. The site is in Laravel 5.4. After sign up, I want to restrict single user to only log-in from maximum three devices.

for example: current social media gives us flexibility to log in from anywhere and from any device. In my case. I want to restrict user to first three devices. If user logs in via his mobile, his computer and his tab then he should not be able to log in via any other device.

I tried in php but that is giving me only my system's or server system's mac address.

ob_start();
system('ipconfig /all');
$mycom=ob_get_contents();
ob_clean();
$findme = "Physical";
$pmac = strpos($mycom, $findme);
$mac=substr($mycom,($pmac+36),17);
echo $mac;

Is there any way I can get Mac address of user's device? Is it legal to do? Please help.

Thanks in Advance.

Answer 1

What you're actually trying to solve isn't as easy as it sounds, and going by MAC address isn't a good idea.

First off, some quick facts about MAC addresses as a whole:

• They only show up to the first hop on a network. The moment there is a routing device in the way, all you'll see is that device's MAC, as everything from then on is routed, not bridged
• That hop could be anything, depending on how far away (or how convoluted the network topology is) - a routing device of some sort from your ISP, something from an IX, etc

As a result, it's honestly not the best discriminant to use. Josh suggested one, I'll suggest another.

In your user storage, wherever that may be, add the ability to store an array. In most relational databases (if you're using that), it'll come in the form of an additional table. Make it easy to search for the entries corresponding to a user.

For simplicity's sake, here is the idea. This is your users table:

+---------------------------------------------------+
|                        users                      |
+----+----------+---------+------------+------------+
| id | username | enabled | created_at | updated_at |
+----+----------+---------+------------+------------+

We're going to create user_tokens to go with it:

+-------------------------------------------+
|                user_tokens                |
+-------+---------+------------+------------+
| token | user_id | created_at | updated_at |
+-------+---------+------------+------------+

This table should promote fast access to all tokens for a given user, and the tokens should not be unique across all users, just one, so we're going to use (user_id, token) as a composite primary key. We're also going to have to be able to delete the oldest tokens, so you're going to want to add (user_id, created_at) as an index.

Whenever a new user logs in, create a new token and store it with their session (or session alternative). If there are more than N sessions, remove the oldest tokens to match the count.

Whenever a request is made, check if the token exists in the table. If it does not, then your user is simply not logged in. Due to the lightweight nature of this table, lookups should not be perceivable in terms of response times.

Answer 2

you could use the session and check to see how many current sessions that the user has and if greater than 3 then deny log in.

If however you wish to have a lifetime limit you could set a cookie with a uuid for each device and have a limit of 3 just have a really long lifetime for the cookie and reset the life each time the user logins.

Some more information about client side can be found here: Using JavaScript to get users Mac Address

Answer 3

To get the MAC address, we use exec() function.

$macAddr = exec('getmac');

For getting the IP address we have to include use Illuminate\Http\Request; in the Controller and then add the code of the below pre tag. It will give the AP address of the network.

$ipAddr=\Request::ip();