I am using zfcuser want to login with IP Address instead of asking user for password, IP's are stored in DB and user need to enter his/her username/email for authentication, IP is retrieved from db using authenticate.pre event My Code is :
$this->listeners[] = $sharedManager->attach('ZfcUser\Authentication\Adapter\AdapterChain', 'authenticate.pre', array($this, 'LoginIp'));
LoginIp method is:
public function loginIp(Event $e) {
$em = $this->getServiceLocator()->get('doctrine.entitymanager.orm_default');
//Get user from DB
$user = $em->getRepository('LcUser\Entity\User')
->findOneBy(array('email' => $_POST['identity']));
//Get IP Address from Group
$group = $em->getRepository('LcGroup\Entity\Group')
->findOneBy(array('id' => $user->getGroup()));
//Check if IP of organization and current machine is same,
//Set authentication with username from user and password from DB
if($group->getIpAddresses()==$_SERVER['SERVER_ADDR']){
$_POST['credential']=$user->getUnhashedPassword();
}
}
Question I am updating the $_POST['credential'] value by assigning it new value from DB but zfcuser doesn't process this instead it process the old value which is coming by submitting login form? I need help in figuring it out how to update the login credential in order to login user with IP and username and without password?
However a public IP address is unique you cannot use it to uniquely identify your users (or clients). In case users are on a network using NAT (for example your your office network) they share one single public IP address.
With your solution those users (who are requesting your website from within the same network) will be sharing the same authenticated identity. This is most likely not what you want.
Check here or here or other pages on Google for more information on this topic.
Note: A MAC address was supposed to be uniquely identifying clients (devices) but the concept of unique MAC addresses has proven to fail and a MAC addresses can also easily be spoofed (faked) by others so I would not suggest using that solution either. I would suggest to stick to a more conventional solution.