Jump to content

Recommended Posts

Good Day ,

Got an attendance script and need to do some edit to match my needs.

i have added an employee database table for the device mac address ( i'm adding the mac address manually ).

wanna add php code that Fitch the device mac address and compare it to database table ( same as password comparing process ) , and the user is able to login via his username and password in the mac address matches.... this way im making sure that Employees not check in for each other as all the process is happening using cell phone.

Thanks for your support.

Link to comment
https://forums.phpfreaks.com/topic/316983-device-mac-address/
Share on other sites

2 hours ago, alaafathey said:

wanna add php code that Fitch the device mac address

Can't be done ...   unless your PHP code actually runs on the User's own machine, which it [almost certainly] doesn't.  

No part of the HTTP protocol shares that information from client to [web] server. 

 

2 hours ago, alaafathey said:

the user is able to login via his username and password in the mac address matches

I would suggest that this is also a Bad Idea. 

Never had your computer replaced or upgraded?  
New computer, new MAC address, User can't log in, complaints to the Service Desk and Application Bug Reports ensue.  

Lots of Grief that you really don't need. 

 

2 hours ago, alaafathey said:

this way im making sure that Employees not check in for each other

Not really.  

I assume that your company as some sort of Information Security policies or, at the very, very least, Terms and Conditions of Use and one of the really, really basic ones should include "not sharing passwords".  If they want to do something stupid like hand their passwords around, they've got far bigger problems. 

Regards, 
   Phill  W.

 

Link to comment
https://forums.phpfreaks.com/topic/316983-device-mac-address/#findComment-1609829
Share on other sites

Since you cannot use the mac address to identify the client that is making a login request, what do you have available to help you make an id?  Are you that uncomfortable with users keeping their own passwords secret?  If this password is important enough to the employee that he/she should not be sharing it, how can you make that real to the staff?

Link to comment
https://forums.phpfreaks.com/topic/316983-device-mac-address/#findComment-1609843
Share on other sites

I would suggest a simple name/password system, as is standard.  What you can do is log the IP address in the database.   The server gets access to the client IP address.  The users have no way of knowing what you are logging or not in that regard.  You can then write some reports that look for multiple logins from the same IP address, which should not happen from a mobile phone, unless the users are logging into the same wifi network.  

Another thing you could do is push a tracking cookie that doesn't expire.  Generate a guid value or hash, and push this using some innocuous name, when a user logs in.  Set the cookie so that it doesn't expire for 12 months or something like that.  You can then check for the existence of this cookie and log it upon login. You can use that cookie, like IP address.

In general these types of things require a login/audit table, that makes an entry for each user login.  If the users don't understand what you're doing, you are likely to be able to find people logging into multiple accounts using the same cookie value, or missing the cookie on login.  You 100% will know when a user logs in with the wrong cookie.    What you choose to do in that circumstance is up to you, but I would not suggest that you make it an outright error, but rather something that is determined through reporting on the audit table.

I would suggest that you employ both items (IP address and login cookie value), and perhaps a status code, you can set, when the code sees a user logging in with some other user's cookie. 

Link to comment
https://forums.phpfreaks.com/topic/316983-device-mac-address/#findComment-1609892
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.