Restrict access to website by location.

Hello, @khaledz !

You can use the Google Geolocation API to implement this.

Hope this helps. Let me know.

I'd just lock the use of the function to the IP address of the company, then you're 100% sure that person is using a device in the company's network.

Thanks @diegoaurino

Is this way can't be cheated from the user? I mean can the user put location at the targeted location to get the attendance?

Thank you again.

Hi @basv

What the cases make the IP of the company change later? or that cannot be changed at all? if you have an example or a tutorial for this it'll be much clear to me.

Thanks again.

What devices will the users have?

Do they have access to company VPN?

Hi @snapey

At the first stage only web browsers.

If they are accessing from browsers using Wi-Fi (in a general internet connection), it would be hard to track the location only based on the IP address. Most ISP only provide dynamic IPs for the general public. 

The simplest way is to use the Geolocation API provided by Google, as I suggested earlier. You can create a small Android app that tracks the user by its current location. Then, you will only need to consume the response in the Laravel back-end to "authorize” the user action. In this scenario, even if they are using a browser in any computer, the system would only "authorize” the action if his/her cellphone is in a valid location. 

You’ll do great!

You're making it hard for yourself brother @khaledz, why not simply restrict access if the client is not within your company network? Same as what @basv mentioned.

If your company has a static/dedicated IP address then it will not be changed (unless force change by company IT personnel). I think all businesses do have static/dedicated one even small businesses.

If the company static/dedicated IP is changed then simply update your code that will accept the new dedicated IP. You can also automate this process if you're lazy person like me.

Setup a middleware like this:

class IPAddresses
{

    public function handle($request, Closure $next)
    {
        if ($request->ip() != env(COMPANY_IP, 'xxx.xxx.xxx')) {
            abort(403);
        }
        return $next($request);
    }
}

Thanks for the information. However, my web application will be used by many companies (clients of my app) from different countries. How can I know if the company (client) has a static IP in PHP? and also what is the other option that I might consider if there is no static IP?

I don't think Geolocation can be the best option for me because it can be cheated by the employees of the company as I read about it.

Thank you @jeffbabuyo

Check this topic: How do location-based apps avoid getting cheated by emulated GPS? on Information Security Stack Exchange.

Here are a few of the big technologies leveraged in geographic tracking:

• GPS Reporting. This is probably most familiar to you. It is the most 'expensive' report because it requires relatively large amounts of power to read several GPS satellites. A pure GPS system is rarely used on mobile devices today. GPS devices can be spoofed programmatically (by changing the software's call to the GPS driver's position) even without modifying a device at all.

• GSM Reporting. This is perhaps the most common way your location is tracked through the day while you are moving around. The concept is simple. Your phone, with normal messages to the cell towers nearby, triangulates your position at a given time. This method is extremely hard to spoof without external hardware or seriously altering your phone's functionality (IE if you spoof a cell tower then yes you are 'not tracked' geographically, but you also cannot make phone calls). Additionally, cell traffic is encrypted. You could potentially spoof the access point where the apps software talks to the phone's cell tower data driver, but that is also difficult to say the least.

• LAN Reporting. This is a pretty cool concept because it provides high levels of accuracy indoors (something that has traditionally been an issue). This requires much setup but at a minimum would allow apps to talk to registered wifi hotspots to confirm your location based on which wifi you are connected to. This is theoretically possible to spoof but it would largely depend on the levels of encryption for the legitimate connection's signature.

• WAN Reporting. This is nothing more than simple IP address reporting. This is perhaps the easiest to spoof, but I put it in here for completeness as it is very common to mobile friendly sites.

More information about geolocation beacons you can find here: https://theappsolutions.com/blog/reviews/geolocation-beacons-explained/

@radiantesss

it requires relatively large amounts of power to read several GPS satellites

What a load of rubbish. GPS probably uses the least amount of power of the methods listed.

GPS Trackers run for months on very small batteries. Anyway, why would that be a concern to the user?

Just a blatant excuse to push your blogpost.

If you read carefully my text, there were no doubts, that I told about actual technology at all. In article, that you called "blatant excuse to blogpost" suggest planty of needing information about geolocation in app development and its usage.

Anyway, thanks for your reply, mister.

Is the GPS technology that accurate that it can detect where you are with precision accuracy?