I'm being asked to prevent users from accessing a site if their ips doesn't match a provided list of ips saved in a database. The idea being for instance to allow all people in a shool for instance to access the site - but only them.
Checking the IP sounds like a good idea, however what about dynamic ips? A set list won't work then, and security-wise I'm sure it's pretty straightforward to simulate a fake ip.
That doesn't sound like a very reliable solution. What is the proper way to do this? I'm thinking maybe checking a key on the local machine or something? Simple way to do this in php?