www.webdeveloper.com
Results 1 to 8 of 8

Thread: Need to pick your brain

  1. #1
    Join Date
    Jan 2009
    Location
    Gresham, OR
    Posts
    5

    Question Need to pick your brain in Intranet feature

    Hello,

    I'm new to this forum so I hope the general forum is appropriate for this issue.

    I'm currently creating an intranet site for my employer (their first) and have the basic design finished. I created a template (a la Dreamweaver) and so far have the index page and a company directory. What information that is being provided has been designed with AJAX and works perfectly.

    What I'm stuck on is this:
    My employer would like to be able to update all employees on this site as to who's in and who's not working today. Currently this is done via email. I would like to implement a small area on the template (like maybe in the left sidebar; iframe possibly?) that she can update with a simple GUI.

    So my question: Is this something that absolutely has to be done with a CMS or is there another route I can take? I'm not versed in PHP yet, so I haven't really looked at that option too much.

    Thanks a bunch,
    Chris
    Last edited by SectorDad; 01-16-2009 at 12:10 PM.

  2. #2
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    Such a system would be fairly easy to impliment with PHP, I would need more information to post any real code.

    So I guess a few questions:
    • Does it need to be password protected/whatever? If so will the password be hard coded, or what?
    • I'm assuming a DB would be required, do you have MySQL, or would I need to plan to use a text file/XML file for such a thing(which would likely be unsecure).
    • How will the infomation be input, check boxes? Typing in names and picking matching employee's?
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  3. #3
    Join Date
    Jan 2009
    Location
    Gresham, OR
    Posts
    5
    Quote Originally Posted by scragar View Post
    Such a system would be fairly easy to impliment with PHP, I would need more information to post any real code.

    So I guess a few questions:
    • Does it need to be password protected/whatever? If so will the password be hard coded, or what?
    • I'm assuming a DB would be required, do you have MySQL, or would I need to plan to use a text file/XML file for such a thing(which would likely be unsecure).
    • How will the infomation be input, check boxes? Typing in names and picking matching employee's?
    • Yes, it would have to be password protected for a few employees with the same access.
    • We have yet to install a DB to the internet server, so the options are open on that one (for a server with IIS).
    • The information would be simply typed in.


    I'm trying to keep it simple to avoid confusion from the end users that will be utilizing the simple GUI. Thanks!

  4. #4
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    OK, how about a simple example for how a text file can be used:
    PHP Code:
    define('EmployeeList''list.txt');
    $userPasswords = Array(
      
    'admin'=>'god',
      
    'root'=>'god',
      
    'someone'=>'password'
    );

    if(isset(
    $_POST['username']) && isset($_POST['password']){
      if(
    $userPasswords[strtolower($_POST['username'])] == $_POST['password']) // user's details work out
        
    file_put_contents(
               
    EmployeeListserialize(
               
    $list nl2br(htmlentities($_POST['update'],
               
    ENT_NOQUOTES))), FILE_TEXT);
      else
         echo 
    'Username or password incorrect.';
    };

    if( ! isset(
    $list))
      
    $list = @unserialize(file_get_contents(EmployeeList), FILE_TEXT) || 'List empty'

    echo <<<HTML

    <p>The text file says:</p>
    <p>
    {$list}</p>
    <form action='?' method='post'>
    <p>Username: <input type='text' name='username' value=''></p>
    <p>Password: <input type='password' name='password' value=''></p>
    <p>Employee List: <textarea name='update'></textarea></p>
    <p><input type='submit' value='Update'></p>
    </form>
    HTML; 
    As I said, this is a basic example, and it should be secure, but you need a database to be completely secure with your passwords stored directly into the file. It also means that to change the password someone needs to use the CMS, and having the passwords in raw text like that is always a bad idea.
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  5. #5
    Join Date
    Jan 2009
    Location
    Gresham, OR
    Posts
    5
    I agree the text file is not the way to go considering security is important to my employer. Other options?

  6. #6
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    A database would be the most secure method, failing that a text file would work if you were to employ some form of encryption or hashing, not that any system is particularly secure right now(md5 is having new vulnerabilities found all the time, and the SHA functions, while better, are still vulnerable to several flaws).

    Personally I would push the importance of a database, or recommend the use of the latest SHA version(2 at the time of writing, but the competition for version 3 is under way) and a complex salt.
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  7. #7
    Join Date
    Jan 2009
    Location
    Gresham, OR
    Posts
    5
    Now that we've established the DB, how about the front end (the sidebar and the GUI for the employees)?

  8. #8
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    I'd recommend using sessions, be sure to add
    Code:
    <?php session_start(); ?>
    to the top of any page you want to be able to access the sessions, then you can do something like:
    PHP Code:
    mysql_connect('localhost''username''password');
    mysql_select_db('DBName');

    if(isset(
    $_POST['username'])){
      
    $rs mysql_query("SELECT * FROM `admins` WHERE `username`='"
                        
    .mysql_real_escape_string($_POST['username'])
                        .
    "' AND `password`='"
                        
    .sha1($_POST['password'])."'");
      if(
    FALSE !== ($row mysql_fetch_array($rs)))// log in
        
    $_SESSION['user'] = $row['username'];
      else 
    /////////// bad password or username
        
    echo 'username or password incorrect.';
    };

    if( ! isset(
    $_SESSION['user'])){// not logged
      // do something here
    }else{
      
    // show admin menu here

    I've got things to do right now, so play around with that for a while, see what you can do, and let me know if you have problems with it later, OK?
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles