anybody can be of some help...will u help me?

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
crazytopu
Forum Contributor
Posts: 259
Joined: Fri Nov 07, 2003 12:43 pm
Location: London, UK
Contact:

anybody can be of some help...will u help me?

Post by crazytopu »

Hi guys,

Just read it, I am sure you wouldn’t leave it unanswered.

Okay here it my problem: I wanna develop a small application using HTML,PHP and MySQL that will be used to record Employee’s check-in and check-out time in an organization.

Right at the moment employees do sign their name on the registry-book and put the time on their arrival and at the end of the day write their departure time. They do so in presence of a management staff. The job of the management staff is to check against any cheating.

I am personally interested to put a system in place, which will not require the presence of a management staff. An automated system sounds great. I will put a simple form based application in the front-desk PC, and employees will sign in once they arrive. The will use their user name and password in the form and click on the “Check-in” button. The server connected with the front desk pc will keep record of the time for each user.

But here I see a problem. I understand this automated system does not require any staff in presence and there is no chance to entry the arrival or departure time wrong as the server reads its system time automatically as soon as the check-in button is clicked. However, one employee can still be able to cheat on behalf of his colleagues. How? Well, as you can see, the use of user name and password has a usages limitation and it’s solely meant to be used in this system. So there is no such security implication if employees do share their user name and password among themselves.

I know optical reader or stuff like that but it would be very expensive for this organization to go for any such sophisticated means.

Does anybody have any idea how to solve this problem?
User avatar
igoy
Forum Contributor
Posts: 203
Joined: Fri May 02, 2003 11:57 pm
Location: India
Contact:

Post by igoy »

do they have their own PC's ?
off course it doesn't seem so but still being clear.

well, i really can't think of anything else but optical readers or fingerprint recognizer.

what without them you can do is, allow only two logins per day.
you can store login count in mysql db so that user can login only twice a day also checkout / checkin buttons won't be accessible if they are already clicked for that perticular day. something like that,

I'm really sorry, as this is not really a solution for your problem.

not to discourage you, but I'm a firmly belive that...
There is not security that cannot be breached.
crazytopu
Forum Contributor
Posts: 259
Joined: Fri Nov 07, 2003 12:43 pm
Location: London, UK
Contact:

ur solution has a drwaback...

Post by crazytopu »

hi,

thans for your reply. At least you tried to come up with a solution. I appreciate it. But it has some apparent drawback as you noticed that too i guess.

Lets say you would be late to join office and asked your colleague to check in on behalf of you.

Since no staff is there from the management side to check it, your colleague gets the front desk PC unsecured and takes the advantage of it. He first will check in using his user name and password, if I apply any such option which will allow only two log in each day against any such user..it does not prevent him from doing that favor to you. Coz your account is still open to use the 2 log in system –since nobody checks in using ur account for that day .So, your colleague can easily log in on behalf of you once he is done with his one.

U got it now? So when u will show up you don’t have to check in coz u r already checked-in. and you just walk in straight way no matter if you are 30 min late!!!!

It’s a small organization, so cant afford a full time staff to look after it.

Some of the employees have their own PCs and it’s connected to the server. Does it make any difference if they all have their own PC?
User avatar
igoy
Forum Contributor
Posts: 203
Joined: Fri May 02, 2003 11:57 pm
Location: India
Contact:

Post by igoy »

Yeh Topu, I did thought of that too, but since nothing else was coming to my mind, I let it be on Post. :)

well, everyone having a PC does makes a difference.

You see, everyone will have to login to system once they come from THEIR pc, you can check their IP with username / password.

this cannot be a permanent solution again, but to some extent we forward in finding solution.
crazytopu
Forum Contributor
Posts: 259
Joined: Fri Nov 07, 2003 12:43 pm
Location: London, UK
Contact:

Wow! can you explain a bit futher?

Post by crazytopu »

Thank you so much again. I am getting interested to see that there is a way..at least some ray of hope!!!

So, could you please expand on the IP based thing? The network is running and managed by a win 2k server, and all other workstations are running under win2k professional.

When a user type a user name and password to log in to his pc how might I be able to store that info and their log in time in a database?

The network has an active directory that controls the domain under which all PCs are assigned.

Please shed some more light :-D

Take care,
User avatar
igoy
Forum Contributor
Posts: 203
Joined: Fri May 02, 2003 11:57 pm
Location: India
Contact:

Post by igoy »

well, let's say Mr. John uses Comp A, which has an IP address (10.10.0.5). Miss Linda uses Computer B (IP : 10.10.0.2)

Now this PHP proggy works on our server, When user logs in, it checks username & password, if username & password combo is successfull,
then it checkes for client IP for that user.

Now John logs in, system checks if this login reuqest is made from IP (10.10.0.5). If it's true, then John can log in, do his Check-in,
if he tries to login from some other computer he is logged out back to login screen, nothing is entered in database. He is cleanly out.

Now this is one concept. Since we have limitations in implementing system. Well if you can think something else please Post. This can lead to some real interesting ideas.
crazytopu
Forum Contributor
Posts: 259
Joined: Fri Nov 07, 2003 12:43 pm
Location: London, UK
Contact:

another solution.......

Post by crazytopu »

thank you again..lets see how much i will be able to implement.

someone replied to my post in another forum: igoy, do you think the following could be a good solution? which part of india are you from?

Here's a non-technical solution. A buddy of mine just hooked up a webcam on top of the monitor with a sign under it asking the employees to make sure they look directly into the camera when signing in. You can get motion detecting web-cams fairly cheaply which would take a picture every time someone approached the monitor but he doesn't even do that, he feels that just the presence of the camera deters them from cheating. Not a fail-safe system, but a pretty good phsychological deterrent to cheating. You could always look at ways to have the photos added to their timesheet database as well. Just a suggestion.
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Another problem with the IP address scheme is that all it takes is for me to go over to someone else's computer, and type in their username/password from there.

The camera with the motion sensor is a good solution. Though, it would be nice to see if their was some way to rig it up so that when someone logs in, the camera will take a picture.

It also depends on if everyone is using a computer, and what they are using the computer for. At another place I used to work, they used internally developed web based applications. They would log in, and use the web application. This means even if you logged into the computer for someone else, it meant you couldn't be logged in on your account, therefore, you were going to be late.

Simply put: username/password combinations are NOT ways to validate a person, and it never will be. Basically, you need an out of band authentication method. The camera idea is good, though, if the employees find out that it doesn't work as well as it should, they will get around it.

Surprise inspections, and simply physically looking at who is there and who isn't and checking with the login records is also a good way to do things.

Other methods include using email. For example, if you have the person login on the main computer, and the system sends that user an email. The user then logs onto their normal computer (using normal methods). They then get the email, and in that email, it has the person click on a link. This links takes them to a server page that verifies that they are now at their computer.

Obviously, a time limit of something like 15 minutes it placed (giving people time to settle in) on the link. While someone would be likely to give another employee the login/password to the front computer, letting another employee have access to email is another thing.
User avatar
igoy
Forum Contributor
Posts: 203
Joined: Fri May 02, 2003 11:57 pm
Location: India
Contact:

Post by igoy »

Don't want to repeat what everyone said, so it's like this.

what Jason said is apt, Camera idea is good. psychological effect also can do lot good. No matter how much rules and security you put, it's neccesary to make people understand and convince to follow them, not to break them.

camera, surprise visits and some technical brilliance will make this system work, I guess.

Good Luck.
crazytopu
Forum Contributor
Posts: 259
Joined: Fri Nov 07, 2003 12:43 pm
Location: London, UK
Contact:

more solutions

Post by crazytopu »

here are more comments on this topic:


Why not use this system with a member of management also nearby? You get the benefits of electronic record keeping (basically an electronic time clock). I don't understand why having the computer there in anyway infers that a member of management should not be included. You can't automate trust.
Wired's solution (camera ) is an excellent alternative.

But still, your proposed system is fine. The benefits of electronic recordkeeping are clear. Just leave the member of management in the system. Then you will improve the system without any sacrifices.


There are Biometric devices that can identify people by finger print that are not very expensive (far less expensive than your time setting something up).
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Your problem sounds very similar to the one I faced when I was promoted to management at a local fast food resturant a few years back.

People use to sign in for their friends even thought they didn't work a single shift that day. Also if someone was working 9-5 and another 9-3, the 9-5 guy would punch out his friend at 5.

The combat this form of cheating we simply checked the punch card times on the computer againts the schedule at the end of the day, or week depending on how busy the night was.

Althought, that camera idea is very good because it would defeat the need for management time dedicated to anti-cheating. Althought I'm wondering if anyone has even ever created such an application that interacted with PHP.
Post Reply