Our application is client/server application between main office (as server) and branches at another city (as client). The application is made using PHP , and we use Linux + Apache + Mysql as server. Actually we can use a client/server application made with Java (we have linux server, and at client side we have linux+windows client at other city), but our programmer has done it in PHP instead of Java.

We do not want any other people outside of our staff can access the application. Because the application is made in PHP, so we need a "customize web client" at client side. And they may not click "back button, refresh button, right click" etc .... which normally available at any web browser. This "back, refresh, right click, etc" features can effect our application. That's why I need some thing like "kiosk web browser, that has special identity" that the only one browser may access to our php application at main office (via VPN from another city - branch office).

So the "modified browser" does not has menu, url, search, back button, refresh button, right click, etc ... etc... so, it is like a stand alone application GUI. This simple browser must have ability to run css.

The approach to this, i think is may be like the kiosk. But because of this "kiosk browser" is run from a client PC (not a real kiosk client), so at client side some one still can use a "normal web browser" like IE, FireFox, Safari, etc .... to access the server.

To avoid this, I think at server side (LAMP), we can make small appication to catch the userAgent of client browser, so if the "userAgent" is not xxxxxxxxx, it will be redirect to a blank page. But i can not use "userAgent" information of firefox kiosk, because I can not change the "useragent" of firefox permanently. The firefox addon just can change the userAgent temporary.

I hope some one can help me:

1) How to block "back, refresh, right click, followed url, etc ... " in php at server side ?
So if at client side, they click at "back button" or "refresh button" or "mouse right click" or "type a new URL" etc ... the php application will do nothing or block it.

2) Or, how to identify a client side browser if not using "userAgent" information ?

3) Is there another solution ?