0

i coded some vb.net application, for security i use HWID security method...

vb.net code to generate unique key is:

Dim hwid As String = System.Security.Principal.WindowsIdentity.GetCurrent.User.Value

it will return some unique key for every pc like this

S-1-2324-34242FDF-SDWQ3Q-Q3WR4CWRWCE1321SXS32

currently i am learning & developing PHP scripts...

i want to know it is possible to generate the same unique key using PHP???

user2430116
  • 147
  • 2
  • 2
  • 8

1 Answers1

2

Let's break it down.

System.Security.Principal.WindowsIdentity.GetCurrent()

Is a method that returns the current user.

.User.Value

Is actually calling:

.User.toString()

The method is actually:

System.Security.Principal.WindowsIdentity.GetCurrent().User.toString()

This is simply the User's Security Identifier (SID).

Running wmic useraccount get name,sid returns all the SIDs found on the machine.

Now, what does this mean for PHP? Well since PHP is ran on the server only, I doubt this number will change based on which visitor visits. So using this number in PHP is pointless, as it will always be the same.

A better approach for generating a random ID is uniqid.

Check out this for information on how this SID is derived from the registry.

Dave Chen
  • 10,887
  • 8
  • 39
  • 67
  • thanks for your reply..so php is server side... so it is possible by javascript /vbscript on client area to get the unique key.... – user2430116 Aug 24 '13 at 05:06
  • No that would not be possible with JavaScript. If the user is running Internet Explorer, and has allowed VBScript, you could get the SID [with a VBScript](http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/03/how-can-i-determine-the-sid-for-a-user-account.aspx). – Dave Chen Aug 24 '13 at 05:10
  • If you're trying to ban or do something with this SID, **don't**. This is on the client-side and therefore should not be used for authentication or validation of any sort. A better option would be sessions (cookies), www-authenticate, or even a direct IP check. (Note that IP can be faked in some instances too) – Dave Chen Aug 24 '13 at 05:25