Would would the fields be? I only got something like
auth.blockland.us/authQuery.php?NAME=Visolator&IP=<IP>
you have to use POST, and send that data in the body, but you've got the keys right
also, it's imperfect. as far as I can tell it only checks the first two parts of the IP (e.g. 27.12.x.x), which I guess is to cover for dynamic IPs, and isn't that big of a deal, but it could be, if someone happens to live near someone they want to pose as and also has the same ISP. a very unlikely situation, that you don't really need to concern yourself with
it goes without saying (hopefully) that people who live in the same house would be able to pose as each other, but I kind of doubt that would create a serious problem
lastly, and most importantly, is the issue of spoofed IP addresses. if your form of authentication doesn't rely on the user being able to receive the response, it would be very easy for someone to pretend to be someone else. however, if you do make it require them to get the response in one way or another, that problem is easily solved. I still think a better form of authentication would be nice, though
kinda funny you made this thread today, because I was just thinking about this last night. for the record though you should never ask for someone's key. that's crazy. not only do you then have access to their key, but if anyone finds their way into your server, so do they
edit: one last little note about the thing, if you don't send an IP address, it defaults to using the IP address that sent the request. practically useless information, but it could be important
