One of our clients wants to restrict several client accounts to be able to login only from work. (Fixed Ip)
This can not be solved through htaccess and Im not a Magento expert by no means. I have not found something usefull in google so any help would be so much appreciated.
Best Regards.
I like the idea, feel weird when you think about the use cases, but the implementation is perfectly doable.
In case we are talking about Customers, you can use customer_customer_authenticated event. Once triggered, it means that user is trying to login with correct credentials.
At this point you have to check the remote address validate it agains list of whitelisted/blacklisted IPs and throw exception (Mage::throwException('..')) with message in case you want to prevent user from logging in.
One of a parameters passed to the event observer is customer model instance, so that's cool...
If you are talking about admin users, you can do quite similar thing with admin_user_authenticate_after event.
In both cases you should have custom attribute per customer/admin where store admins can list whitelisted/blacklisted IPs.
Careful not to lock yourself out. ;)