Starting either this week or early next week on NA5, Salesforce.com is going to launch a new security feature during the login process which will affect all the of their instances. This enhancement is known as "identity confirmation". This is being put into place to stop potential phishing problems that have occurred at Salesforce just a few months ago.

How will this affect the API and your PHP scripts that interact with Salesforce via SOAP? Honestly I do not know the answer to this and I am also worried about this new feature. From talks with Salesforce, they have been logging the IP addresses over the past 4 months. These IP's that are being logged will be on some sort of "trust" IP list.

My Guess? I would have to say that there maybe some sort of patch that will be added to the PHP toolkit or something added to the WSDL file, but this is only a guess. Maybe they can add a bypass to administrators or a field added to the user object that can be checked. Only time will tell. Please do be prepared to add something to your process

This morning I sent an email to Nick Tran at Salesforce to find out more about this and will keep this thread updated with any information that I receive