Page 1 of 1

Limiting Access to Non-employees

Posted: Mon Aug 08, 2005 6:13 am
by harrisonad
Hi, As you may know, I am an Intranet programmer for a certain company. One of the features of this intranet site is to let employees request technical problem by filling up a certain form that includes employee name to be selected from the list. This list are of course taken from local MySQL database used by the side, not the company database, which is MS SQL which is updated all the time.

I intentionally put the names in the list to prevent non-employees, including visitors, or those frankster playing around at the lounge, from posting their fictitious problem. It works fine for a couple of month, but the problem now is when new employees are hired. Their informations, including names, are not always seen by the MySQL database, because it is only copied from company database. Because of this I have to encode them manually for them to fillup the form.

Some said that I have to put a textbox for name input besides the employee list for those persons that are not in the list. But I don't want to do that for it will be the reason for non-employees to add their names and eventually access pages on the site.

What do you think will I do?

Posted: Mon Aug 08, 2005 6:26 am
by feyd
what's the difference if the server grabs the employee information from the company database, or from you own? The only things I see is yours doesn't automatically replicate the company server.

You could use a cron to "update" you local database. The nice thing about using a local database is you can filter out people from the original a bit easier (pre-filtered) ... another thing is you could use a local table of exclusion information, those who do not want to be listed can then just be added there.

I don't quite see what a textbox would make problematic.. it should only try to match the name entered to an existing employee and send the message or whatever. It shouldn't ever change any records..

Posted: Mon Aug 08, 2005 8:27 pm
by harrisonad
feyd wrote:... use a cron to "update" you local database.
Will CRON works with any DBMS such as MS SQL?

Posted: Mon Aug 08, 2005 8:29 pm
by John Cartwright
Sure why not? Have a cron execute a script performing these updates / syncronizes the dbs

Posted: Mon Aug 08, 2005 9:00 pm
by harrisonad
Thanks, master Jcart. I will now study about CRON jobs.
feyd wrote:I don't quite see what a textbox would make problematic.. it should only try to match the name entered to an existing employee and send the message or whatever. It shouldn't ever change any records..
If I will put a textbox besides the list for 'unidentified employees', my plan is to put his name in the database together with the technical problem he is submitting. But the problem is about the structure of my tables being RELATIONAL. For the purpose of my problem, I will give the structures as well.

The employees table
employee_id | employee_name | etc.

The requests for service table
date | time | description | employee_id | etc.

The field employee_id of requests table is INT(4) and relies on employee_id of employee table for name, when the id doesn't exists, of course no name will be displayed, or even worse, the certain row will not be retrieved by the following query

Code: Select all

SELECT date,time,description,employees.emlpoyee_name
FROM requests,employees 
WHERE requests.emlpoyee_id=employees.employee_id
Whenever I used this code to retrieve all requests, it will leave out those submitted by not in the employee table.

Any thoughts?

Posted: Tue Aug 09, 2005 11:29 am
by John Cartwright
I've actual run into a more complex situation which boils down to this.. any input?