alaafathey Posted June 20, 2023 Share Posted June 20, 2023 Good Day , Got an attendance script and need to do some edit to match my needs. i have added an employee database table for the device mac address ( i'm adding the mac address manually ). wanna add php code that Fitch the device mac address and compare it to database table ( same as password comparing process ) , and the user is able to login via his username and password in the mac address matches.... this way im making sure that Employees not check in for each other as all the process is happening using cell phone. Thanks for your support. Quote Link to comment Share on other sites More sharing options...
requinix Posted June 20, 2023 Share Posted June 20, 2023 It is not possible to know the MAC address of a client's computer. At all. You'll need to find an alternative method to identify a user. 1 Quote Link to comment Share on other sites More sharing options...
Phi11W Posted June 20, 2023 Share Posted June 20, 2023 2 hours ago, alaafathey said: wanna add php code that Fitch the device mac address Can't be done ... unless your PHP code actually runs on the User's own machine, which it [almost certainly] doesn't. No part of the HTTP protocol shares that information from client to [web] server. 2 hours ago, alaafathey said: the user is able to login via his username and password in the mac address matches I would suggest that this is also a Bad Idea. Never had your computer replaced or upgraded? New computer, new MAC address, User can't log in, complaints to the Service Desk and Application Bug Reports ensue. Lots of Grief that you really don't need. 2 hours ago, alaafathey said: this way im making sure that Employees not check in for each other Not really. I assume that your company as some sort of Information Security policies or, at the very, very least, Terms and Conditions of Use and one of the really, really basic ones should include "not sharing passwords". If they want to do something stupid like hand their passwords around, they've got far bigger problems. Regards, Phill W. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 20, 2023 Share Posted June 20, 2023 What does 'Fitch' mean? Quote Link to comment Share on other sites More sharing options...
alaafathey Posted June 20, 2023 Author Share Posted June 20, 2023 2 hours ago, ginerjm said: What does 'Fitch' mean? get Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 20, 2023 Share Posted June 20, 2023 Get? Are you trying to say 'fetch' as in retrieve a query result? At least now I understand one sentence. The rest is still not clear. Quote Link to comment Share on other sites More sharing options...
alaafathey Posted June 20, 2023 Author Share Posted June 20, 2023 1 hour ago, ginerjm said: Get? Are you trying to say 'fetch' as in retrieve a query result? At least now I understand one sentence. The rest is still not clear. yaah ( Fetch ) - it's my bad - Sorry. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 20, 2023 Share Posted June 20, 2023 (edited) I suppose this topic is closed now after Requinix told you it cannot be done. Hopefully your next post will be written a bit clearer and in a style that makes it easier to read Edited June 20, 2023 by ginerjm Quote Link to comment Share on other sites More sharing options...
alaafathey Posted June 20, 2023 Author Share Posted June 20, 2023 4 minutes ago, ginerjm said: I suppose this topic is closed now after Requinix told you it cannot be done. Hopefully your next post will be written a bit clearer and in a style that makes it easier to read Will do my best . Thanks. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 20, 2023 Share Posted June 20, 2023 Since you cannot use the mac address to identify the client that is making a login request, what do you have available to help you make an id? Are you that uncomfortable with users keeping their own passwords secret? If this password is important enough to the employee that he/she should not be sharing it, how can you make that real to the staff? Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 22, 2023 Share Posted June 22, 2023 I would suggest a simple name/password system, as is standard. What you can do is log the IP address in the database. The server gets access to the client IP address. The users have no way of knowing what you are logging or not in that regard. You can then write some reports that look for multiple logins from the same IP address, which should not happen from a mobile phone, unless the users are logging into the same wifi network. Another thing you could do is push a tracking cookie that doesn't expire. Generate a guid value or hash, and push this using some innocuous name, when a user logs in. Set the cookie so that it doesn't expire for 12 months or something like that. You can then check for the existence of this cookie and log it upon login. You can use that cookie, like IP address. In general these types of things require a login/audit table, that makes an entry for each user login. If the users don't understand what you're doing, you are likely to be able to find people logging into multiple accounts using the same cookie value, or missing the cookie on login. You 100% will know when a user logs in with the wrong cookie. What you choose to do in that circumstance is up to you, but I would not suggest that you make it an outright error, but rather something that is determined through reporting on the audit table. I would suggest that you employ both items (IP address and login cookie value), and perhaps a status code, you can set, when the code sees a user logging in with some other user's cookie. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.