简体繁体 English

如何在PHP中获得主机的唯一ID？

[英]How can I get a host computer unique ID in PHP?

原文 2009-11-07 15:10:37 7 4 php

I need to come up with a way to uniquely identify computers. 我需要想出一种唯一标识计算机的方法。 Something like the system id or info from CPU that can't be hacked easily be obtained in php application run time and then sent over the internet to a central database to activate or validate license keys. 在php应用程序运行时可以轻松获取诸如系统ID或来自CPU的信息，这些信息不容易被黑客入侵，然后通过Internet发送到中央数据库以激活或验证许可证密钥。

System Info: 系统信息：

Web Shared Hosting or Local network Web共享主机或本地网络
Linux(can be any distribution) Linux（可以是任何发行版）
Apache 阿帕奇
PHP 的PHP

Thanks in advance for any reply 预先感谢您的任何答复

4 个解决方案

There's no such thing as "can't be hacked". 没有“不能被黑客入侵”之类的东西。 There are a lot of schemes for enforcing this, but most of them will anger legitimate customers rather than stop non-legitimate use. 有很多方案可以执行此操作，但是大多数方案都会激怒合法客户，而不是停止非法使用。 A MAC address is supposed to be unique, but most NICs allow them to be reconfigured quite easily, allowing your license key to be used on any other computer by just reconfiguring the MAC (it must simply be out of the subnet of the other computer, using the same MAC). MAC地址应该是唯一的，但是大多数NIC都可以很容易地对其进行重新配置，只需重新配置MAC，就可以在其他任何计算机上使用您的许可证密钥（它必须位于其他计算机的子网之外，使用相同的MAC）。

If you really want to go ahead, I suggest you look into cryptography and digital signing, that might get you going, but it most likely won't stop a determined hacker. 如果您真的想继续前进，我建议您研究加密技术和数字签名，这可能会让您步入正轨，但它很可能不会阻止坚定的黑客。 Even you could find something within the system which is unique, and cannot be changed, there's still the layer between your php app (the OS, or whatever library you're using), or the php code itself that could be replaced to deliver predefined data matching that in the license key. 即使您可以在系统中找到独特的东西，并且无法更改，在php应用程序（操作系统或正在使用的任何库）之间仍然存在一层，或者可以替换以提供预定义的php代码本身与许可证密钥中的数据匹配的数据。 Not to mention that a legitimate customer would be UNABLE to invest in new hardware, have a redundant system as a standby, or any other completely legitimate use of your software not bound to the particular system. 更不用说合法客户将无法投资新硬件，具有冗余系统作为后备系统，或对您的软件进行任何其他完全合法的使用，而这些软件没有与特定系统绑定。

In my opinion, your best bet is to trust your customers not wanting to operate illegally. 我认为，最好的选择是信任不希望非法经营的客户。 Any license 'enforcing' should merely be helping your customers to renew their license, I personally also don't think that an expired license should halt the operation of your software, it could nag about it, but not stop outright. 任何“强制执行”许可证都应该只是帮助您的客户续订许可证，我个人也不认为过期的许可证会停止软件的运行，它可能会na废它，但不能立即停止。 Simply signing the customers name, and expiry date with your private key should be adequate. 只需在客户名称上签名，并用私钥到期就足够了。 It can still be copied, as long as the copied system uses the same 'customer name', but then again, they could still hack your php-files not to display it. 只要复制的系统使用相同的“客户名称”，它仍然可以被复制，但是同样，他们仍然可以破解您的php文件而不显示它。

Why don't you use the MAC address of a NIC? 为什么不使用NIC的MAC地址？ They are supposed to be unique. 它们应该是唯一的。

You can get the MAC using the technique described here . 您可以使用此处介绍的技术获取MAC。

Please bear in mind that there isn't any silver bullet : if folks really want your (assumed to be server-side software), they will get it... it is just a question of time & effort. 请记住，没有什么灵丹妙药 ：如果人们真的想要您的（假定是服务器端软件），他们就会得到它……这只是时间和精力的问题。

使用php exec命令运行命令以获取MAC地址

As I recall, there was a company who accomplished such a feat but using a computer programing language. 我记得有一家公司做到了这一壮举，但却使用了计算机编程语言。 It seems that every installation of windows has a unique key entry in the registry which uniquely identifies said installation. 似乎Windows的每个安装在注册表中都有一个唯一的项，用于唯一标识所述安装。 Their program reported this key. 他们的程序报告了此密钥。 It is however very difficult to do so without having such a reporting program on the end users computer. 但是，如果在最终用户计算机上没有这样的报告程序，则很难做到这一点。

Unless you happen to be extremely inventive and come up with something else, the only tools you have at your disposal as have been mentioned above are as follows. 除非您碰巧极富创造力并提出其他建议，否则上面提到的唯一可用的工具如下。

Session 届会
Cookie 曲奇饼
Username 用户名
Password 密码
email address 电子邮件地址
Question and Answer 问题和答案
IP Address IP地址
Browser 浏览器
Operating System 操作系统
Referer 推荐人
Browsing Habbits 浏览哈比斯
Request Time 请求时间
Request Method 申请方法
Request URI 请求URI
Port 港口
Connection 连接
Encoding 编码方式
Language 语言
http Accept http接受

Well, I hope I got that all correct and didnt just make a jackass of myself. 好吧，我希望我一切都正确，而不仅仅是自欺欺人。

All the above mentioned, involve either reading something off the users computer, putting something on the users computer, recording events or a combination of all three. 上面提到的所有内容都涉及到从用户计算机上读取某些内容，在用户计算机上放置一些内容，记录事件或这三者的组合。 In order to be absolutely assured that you are uniquely identifying a user, I would suggest using all of the above. 为了绝对确保您可以唯一地标识用户，我建议使用以上所有方法。 However, when is enough enough? 但是，什么时候足够？

The only things you really need to be concerned with when attempting to track a user is the following. 尝试跟踪用户时，您真正需要关心的唯一事情如下。

Will the users details change. 用户的详细信息会更改吗？
Will the cookie expire. Cookie会过期吗？
Will the user delete the cookie. 用户将删除cookie。
Will the user change browser windows rendering the session mute. 用户是否将更改浏览器窗口以使会话静音。