scottybwoy Posted September 7, 2006 Share Posted September 7, 2006 Didn't really know if I should put this here, but it does have a little to do with PHP, so here goes.I'm developing an InTRanet system for my company, which runs Win2k throughout. My login script works from active users on the server. These users must be entered into the database before they can logon and are only allowed one session at a time. So when they are at work it should be fine, yeah? But when they are at home and their computers are off. Is the information safe? Only 3 users will have access to delete records, and only one directory has execution rights, containing just two files.Thanks in advance Quote Link to comment Share on other sites More sharing options...
MaaSTaaR Posted September 7, 2006 Share Posted September 7, 2006 i don't know if i understand you correctly , but as i understand you want to unactive some accounts when their users aren't in the company .If i right , i think you have dual solution , the first solution is unactive these accounts after X clock , i mean in the login script you can check server time , if the server time is 3 PM or high stop the log in , otherwise if the time is between 8 AM to 2 PM login without any problem .the second solution you can do it if you have Unix server by Corn jobs . Quote Link to comment Share on other sites More sharing options...
scottybwoy Posted September 8, 2006 Author Share Posted September 8, 2006 Hi Yeah, thats correct, although I really wanted to know if this is a secure way of doing it really as there is no real login so to speak. There is of course but it is done in the background, via the usernames within the network. We're using Win 2k also. So when a user logs into any machine (Windows Authentication), there user name is grabbed when index.php is executed then compared against the names in the database, if it's there let them to the home page, if not tell them to contact the administrator to set up an account for them. Just wondered if people could easily hack it if the computers were turned off at nite, and the users were logged in most of the day only allowing 1 session at a time for each user? Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 8, 2006 Share Posted September 8, 2006 as a administarator you should let users only sign up there user accouns with letters and numbers and use them as microsoft described as to all admins when learning the adminstration pannel within windows.if the users accounts are set in a good fashion then i see no problam. but if the administrator is letting users make accounts with stupid usernames and passwords then you might get hacked by someone coming accross the company website that is linked to the InTRanetin your case it all comes down to user accounts made via admin for securty purpose.good luck. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.