need advice for developing Leave tracking system

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
keenlearner
Forum Commoner
Posts: 50
Joined: Sun Dec 03, 2006 7:19 am

need advice for developing Leave tracking system

Post by keenlearner »

Hello, I might be offered by a little company to build the web base leave tracking system which I never built before, the application have the following features :

- log in system for every employees in the company
- When an employee logged in, there are features like leave application form, cancellation leave, history, carried forward leave and staff on leave
- The leave application form contain the details for the employees(name, department,group, approved by, employee no., job description, start date) and also the form for the employee to fill in and apply the leave.

I am a 7 months PHP and MySQL learner, I am still a student, but I think I am able to build or learn to build these application. Please give me the advice and tips for building such application or answer these questions optionally by numbering your answers accordingly.

1. Is it ideal to use MySQL, because I saw most are using SQL Server ?

2. What are the securities that I need to take into account ?

3. What are the PHP function that I might need to use which I might not come across those function. (the function that is a little more than basic one)

4. I plan to host the application on my website, because I want to protect my PHP codes, should I do that ? so there will be other company can use my service.

5. Give me any resources, website, tips , advice or just anything else.

Thank you so much. :)
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

1: SQL server costs money, MySQL is free (and easy)
2: read this article on password security, it's a damn good read
3: hash("sha256", $phrase) is the "best" available hashing algorithm currently
4: You'll need to design it to be a service then, and not just for your company (set it up for multiple companies)
5: Don't stress over little details, work on the big stuff first, and then fine tune later on (since it seems to be a first big project)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

To make sure others are aware, the hash() function is available in newer versions of PHP. For version prior, you can use the class posted by myself that can be found in Code Snippets.
keenlearner
Forum Commoner
Posts: 50
Joined: Sun Dec 03, 2006 7:19 am

Thanks for the reply

Post by keenlearner »

You are right for the number 5, I don't see any problem before I started developing, but there will be a lots problem during my development.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Regarding point 4, if you do this you're going to need to get a legally binding service agreement contract signed by you and the company you're writing this application for. Our clients who we host applications for require, at a minimum:

1. An agreed minimum availability. This is usually 99.7% for us. That means that if the application is offline for more than 1 day a year we end up paying a penalty (varies a lot depending on the client, average is about $200/day, but that's for a website rather than an application).

2. All data has to be backed up nightly, with a monthly backup sent to the client (just a zipped CSV or XML file), and an agreement to restore data within 24 hours if they mess it all up.

3. A monthly charge to the client to cover support and bandwidth costs. Extra support and feature additions are charged at an agreed rate. This is invoiced monthly, and that means all sorts of tax issues. The accountants deal with that stuff fortunately.

You should also be aware (depending on the laws of the country you live in) that work you produce under contract, eg the code you're paid to write, probably isn't yours. It'll belong to the client who has paid for it. So hosting it because "I want to protect my PHP codes" may actually be pointless because the client owns the work they've paid for. Obviously that depends on the terms of license you agree prior to writing the application though. If you don't get them to agree that you retain all the rights then you would have to surrender all the work (code, documentation, database schema, backups, designs, etc) to them if they ask for it or else they could sue you for loads of money. Make sure you fully understand the law about this. Talk to an intellectual property lawyer if necessary.
Post Reply