Hi guys,

Just read it, I am sure you wouldn’t leave it unanswered.

Okay here it my problem: I wanna develop a small application using HTML,PHP and MySQL that will be used to record Employee’s check-in and check-out time in an organization.

Right at the moment employees do sign their name on the registry-book and put the time on their arrival and at the end of the day write their departure time. They do so in presence of a management staff. The job of the management staff is to check against any cheating.

I am personally interested to put a system in place, which will not require the presence of a management staff. An automated system sounds great. I will put a simple form based application in the front-desk PC, and employees will sign in once they arrive. The will use their user name and password in the form and click on the “Check-in” button. The server connected with the front desk pc will keep record of the time for each user.

But here I see a problem. I understand this automated system does not require any staff in presence and there is no chance to entry the arrival or departure time wrong as the server reads its system time automatically as soon as the check-in button is clicked. However, one employee can still be able to cheat on behalf of his colleagues. How? Well, as you can see, the use of user name and password has a usages limitation and it’s solely meant to be used in this system. So there is no such security implication if employees do share their user name and password among themselves.

I know optical reader or stuff like that but it would be very expensive for this organization to go for any such sophisticated means.

Does anybody have any idea how to solve this problem?

any help greatly appreciated

crazyoli

crazyoli,

Here's a non-technical solution. A buddy of mine just hooked up a webcam on top of the monitor with a sign under it asking the employees to make sure they look directly into the camera when signing in. You can get motion detecting web-cams fairly cheaply which would take a picture every time someone approached the monitor but he doesn't even do that, he feels that just the presence of the camera deters them from cheating. Not a fail-safe system, but a pretty good phsychological deterrent to cheating. You could always look at ways to have the photos added to their timesheet database as well. Just a suggestion.

ciao,
wired

Why not use this system with a member of management also nearby? You get the benefits of electronic record keeping (basically an electronic time clock). I don't understand why having the computer there in anyway infers that a member of management should not be included. You can't automate trust.

Wired's solution is an excellent alternative.

But still, your proposed system is fine. The benefits of electronic recordkeeping are clear. Just leave the member of management in the system. Then you will improve the system without any sacrifices.

There are Biometric devices that can identify people by finger print that are not very expensive (far less expensive than your time setting something up).

Might be a solution already thought up, but you could mix your first solution with that of wired's. When the person clicks submit to submit their time entry, then simply have the webcam take a picture, then save the filename with say... 'employeenametime.jpg' or something like that, that way you could check, the time and the employee at the same time?

I agree with Wired/Dakkon10's solution...
When they sign on, you can have the inexpensive cam (Logitech QuickCam) take a picture once the user's clicks the submit button and just add that image to the database or other storage for use in the transaction log. If this PC is going to be dedicated, I would also go to the extent of replacing the shell in the registry, with YourLoginProg.exe. This method should suffice, without management being included... just let the users know that, any transaction that does not have a recognizable photo of their face associated with the their sign-in will not be accepted and that they have X number of offenses before termination.

IR

Here are some more solutions:

do they have their own PC's ?
off course it doesn't seem so but still being clear.

well, i really can't think of anything else but optical readers or fingerprint recognizer.

what without them you can do is, allow only two logins per day.
you can store login count in mysql db so that user can login only twice a day also checkout / checkin buttons won't be accessible if they are already clicked for that perticular day. something like that,

I'm really sorry, as this is not really a solution for your problem.

............................................

hi,

Thanks for your reply. At least you tried to come up with a solution. I appreciate it. But it has some apparent drawback.

Lets say you would be late to join office and asked your colleague to check in on behalf of you.

Since no staff is there from the management side to check it, your colleague gets the front desk PC unsecured and takes the advantage of it. He first will check in using his user name and password, if I apply any such option which will allow only two log in each day against any such user..it does not prevent him from doing that favor to you. Coz your account is still open to use the 2 log in system –since nobody checks in using ur account for that day .So, your colleague can easily log in on behalf of you once he is done with his one.

U got it now? So when u will show up you don’t have to check in coz u r already checked-in. and you just walk in straight way no matter if you are 30 min late!!!!

It’s a small organization, so cant afford a full time staff to look after it.

Some of the employees have their own PCs and it’s connected to the server. Does it make any difference if they all have their own PC?

Yeh Topu, I did thought of that too, but since nothing else was coming to my mind, I let it be on Post.

well, everyone having a PC does makes a difference.

You see, everyone will have to login to system once they come from THEIR pc, you can check their IP with username / password.

this cannot be a permanent solution again, but to some extent we forward in finding solution.

Thank you so much again. I am getting interested to see that there is a way..at least some ray of hope!!!

So, could you please expand on the IP based thing? The network is running and managed by a win 2k server, and all other workstations are running under win2k professional.

When a user type a user name and password to log in to his pc how might I be able to store that info and their log in time in a database?

The network has an active directory that controls the domain under which all PCs are assigned.

Please shed some more light :-D
crazy oli
.............................................

well, let's say Mr. John uses Comp A, which has an IP address (10.10.0.5). Miss Linda uses Computer B (IP : 10.10.0.2)

Now this PHP proggy works on our server, When user logs in, it checks username & password, if username & password combo is successfull,
then it checkes for client IP for that user.

Now John logs in, system checks if this login reuqest is made from IP (10.10.0.5). If it's true, then John can log in, do his Check-in,
if he tries to login from some other computer he is logged out back to login screen, nothing is entered in database. He is cleanly out.

Now this is one concept. Since we have limitations in implementing system. Well if you can think something else please Post. This can lead to some real interesting ideas.
............................................
Another problem with the IP address scheme is that all it takes is for me to go over to someone else's computer, and type in their username/password from there.

The camera with the motion sensor is a good solution. Though, it would be nice to see if their was some way to rig it up so that when someone logs in, the camera will take a picture.

It also depends on if everyone is using a computer, and what they are using the computer for. At another place I used to work, they used internally developed web based applications. They would log in, and use the web application. This means even if you logged into the computer for someone else, it meant you couldn't be logged in on your account, therefore, you were going to be late.

Simply put: username/password combinations are NOT ways to validate a person, and it never will be. Basically, you need an out of band authentication method. The camera idea is good, though, if the employees find out that it doesn't work as well as it should, they will get around it.

Surprise inspections, and simply physically looking at who is there and who isn't and checking with the login records is also a good way to do things.

Other methods include using email. For example, if you have the person login on the main computer, and the system sends that user an email. The user then logs onto their normal computer (using normal methods). They then get the email, and in that email, it has the person click on a link. This links takes them to a server page that verifies that they are now at their computer.

Obviously, a time limit of something like 15 minutes it placed (giving people time to settle in) on the link. While someone would be likely to give another employee the login/password to the front computer, letting another employee have access to email is another thing.
_________________
Jason Lotito

one good site to know more about biometrics- finger:

http://shimizup.ebigchina.com/cd_bizsite.php?siteId=69101&siteLang=4&pc=pd&pc2=0&pc3=208023