There is no specific machine ID you can get easily, no. People would go nuts over the privacy issues.

IP + USERAGENT is the best that I can think of immedietely, bu chanigng user agent is trivial.

You could of course set a cookie on their machine, but trivial to remove again.

I'll keep thinking. Let us know what you come up with!

You could insist that all visitors allow you to download a application that reports the chip serial number.

This page gives an overview of that for Intel pentiums and later. You'll need some adaptive code to cover other chip types and platforms:

[support.intel.com...]

It is also possible to make some close statistical guesses about a machine based on the setting of its internal clock. That really only requires some Javascript to return the machine's clock time.

Similarly, with Javascript, you can gather version numbers of components that are running. Enough of those, and you have a profile that will identify if not a particular machine, at least a smallish group.

But the more you sniff a machine's state, the more likely you are to be identified as a hacker or virus precursor and be treated accordingly

I thought privacy would be a bit of an issue here, and asking for the user to download or give some input would only take place on a successful login, not to kean on relying on javascript/cookies (however i do rely on sessions for the system to work) (NOTE: Does anyone know how to get sessions working properly on lycos' paid accounts? ive created three different login/cms systems and each failed (except one with some heavy modding), let alone oscommerce and a few other open source systems).

On another note, making things difficult, is it possible to only allow connections on a predefined port in my script (i.e. in a config.inc.php file stored outside of the root docs folder)? I'll take a look into this on le search engine however thought i would probe here first. I know the likes of cpanel and other system i.e. Raven Core do this however im unsure if this is done via .htaccess, php.ini (or setting manual at start of script?), httpd.conf or the scripts them selves.

Also (Sorry for banging on here) for peace of mind, is there any utility out there which can phish php scripts (unparsed)? I recall someone babbling on about it a year or so back however if it was the case im sure the whole php industry and all its offspring would have collapsed if so (i dare say it was (i dont like this word) a n00b who spouted such babble)).

TIA

>> utility out there which can phish php scripts

not unless your server shows it to them

identify a remote user uniquely

The most reliable way, in my opinion, is to set a cookie. If you detect the same cookie coming back again, you'll know with 100% certainty that it's the same machine. But someone could clear the cookie or switch machines to bypass it.

Or, consider making them log in with user/password, if you're actually concerned about unique people, rather than unique machines.

only allow connections on a predefined port in my script

No, the script has no control over that -- it's in the Web server config (httpd.conf).