Sorry your browser is not supported!

Hi all, Ive been asked to write a program for a security company that allows for the end user to manage employees with site jobs. A site job for example would be a festival venue or to staff the doors of a club etc
Solution is simple enough - a page to input the site jobs on, a page to input employee info on each with overview and list sorting/search options. This is all collated to a calendar page so the end user can just input jobs/employees then select upcoming jobs from the calendar and then view staff details assigned to each job
The calendar is done and the jobsite/employee page are in progress and soon to be completed
This program will then communicate with a server program also in progress, the main aim being that any 1 of several company directors will have the software and be able to utilise the software so that they are all "reading from the same page" so to speak, the server machine being a standard pc, as not many users are required to communicate.
So my issue is - how to communicate between program and server securely - information on staff and jobs shouldnt be sent as is right? The risk being a competing company may be able to gain access to that info and steal client data where some of the jobs are worth tens of thousands, how would i encrypt the info?

The same company wants a website that their staff can log into to view their own joblist ie the jobs they have been assigned to, is there a way to communicate between website and dbp software? From what I`ve read dbp can download a file from a site if its made available, but how would i get the server software to send a file to the website? What are the format requirements of such a file? Essentially the employee would login to web page, the site software then needs to make a request of info from the dbp server using the employees account as a reference, the info must then be sent and be displayed on the webpage so the employee can view it. Obviously for this to take place many more requests of the dbp server program would take place - would it be prudent to use a dedicated server machine instead of a bog standard pc - how best to determine the system specs and OS - do dbp programs work on server OS`s?

apologies for any lack of understanding Im displaying, Ive had basic dbp client/server programs working before but webpages/sites are somewhat of a grey area to me and as you can no doubt tell - I`m in need of guidance. Im told I will gain a full time permenant position in the company if I can get this up and running(obviously I have some limitations Im imposing so Im not scammed into doing the work for free but a demo of software abilities is required, I will issue the basic version with a 1 year cut off period, also I have several IP`s stored in the software so I can communicate from my own machine with the software and get it to alter info if I think Im being taken for a mug)

All constructive comments welcome
Regards

if its all to be integrated with a website anyway, i honestly dont see any reason to have a desktop client/server application for the management, it should all be done through the web server with management logging in same as the staff, but given different access level/options.

this keeps everything in one place and has better support for database usage, encryption, secure connection protocols, the list goes on.

thankyou for your response Ortu
I`m sorta inclined to agree - I even said as much, this offer came about when one of the directors - a freind - watched me code from scratch in dbp the basic template, which was brought about after a discusion about how he could streamline some of the workload(my intention was to actually show him psuedo design of what his web site might be like) - this would free up a fair amount of their time and reduce company phone bills significantly, for security reasons they want to employ someone themselves rather than pay for it to be done as some of the information available is likely to have jobs relating to personal protection of minor celebs, they feel that its too risky to outsource the work should any of the info be made available to competitors or worse still to people who the personal protection is there to protect against, after all a security companies reputation would be destroyed should such an event take place. I suggested to him he would have to pay a lot of money out to do this so he discussed the matter further with other directors. He came back with questions - in theory can it be done by me(bare in mind i only know dbp) - would I consider taking the role on for a much lower wage. Between them they have further ideas to incorporate that they will discuss if I can produce a working demo. From my perspective if dbp can securely communicate in the manner Ive suggested in 1st post then I stand nothing to lose by looking into this, I suspect coding in dbp would be much quicker anyway - having everything in one place isnt so much a priority as the internet doesnt suffer any significant speed loss of transfer of data, if anything it MIGHT be a bonus idk just a thought really - surely having all info in one place is like having all your eggs in 1 basket? Im jobless and unskilled with only my gcse`s for qualifications - I have some physical issues due to an incident last year, doing manual work which is work Im would normally do isnt a feesable option, so accepting a much lesser wage than what would normally be paid out for such a job is a better offer than it looks initially in my case.
Something to bare in mind is that this isnt a large company, it survives mostly off static sites, festivals and the odd minor celeb when larger companies cannot deal with their own workload and pass the client on to this company. In most cases the info needed to be securely transfered is in fact employee details, where higher profile clients are concerned its the companies intention to have a dummy job detailed, then literally an hour or so before the employees are due to arrive at nearby location, the details will be changed to the correct info before employees login which is a requirement for them when they arrive at any job

whew! so many words.....

just want to chime in and say I agree with Ortu that this would probably all be much easier to do on the web sever end rather than use a client server approach (especially using DBP - not that it wouldn't be possible, just that it could get very messy).

I Suggest you look at using PHP and MySQL (as that seems to be the defacto standard for these type of things on 3rd party hosted companies, otherwise you could look at ASP.NET and possibly SQL Server Express - it's free and should be sufficient for what you describe), on a Windows Server (or PC acting as the server).

EDIT: if you are going the PHP + MySQL route, you may want to check out this site (I'm not affiliated with them in any way except as a customer): phpjabbers especially their appointment scheduler script or their event booking calendar script; or if neither of these seem to fulfill your specific requirements, then you may want to see if you could use their member login script and customise it to what you want.

Thankyou mr_d for your response. As I have said earlier I am inclined to agree and told them so, in fact their current website uses PHP and MySQL. However I only know DBP so cannot help them with the web side of it without learning a lot more and at this stage would be foolish of me to commit to it. As I already have most of the DBP client/server done I will complete it, Ive discussed the matter with them based on both yours and Ortu`s advice which I really appreciate. It has been decided that they will use what is written in DBP as it will have just 5 users and will take the workload off them and save them some money. What they have in place already regarding their staff they will continue with. For the future I will take a look at PHP/MySQL, ASP.NET/SQL Server Express and the links you have provided and go from there to replace the DBP client/server with a view to adding all the extras previously mentioned at a later stage. If its too much for me to learn in a reasonable time period then they will simply have to bite the bullet and pay a much higher price for it to be done by someone else.
Once again thankyou both for your advice
Regards, James

For me, I have had issues with learning PHP and MySQL simply because the information in several new books was immediately out of date. This primary issue has still plagued me with learning these web server-based information exchange protocols. >_<

I feel better programming in DBP and Pascal (yes, Pascal-- LOL) and have decided to change some old THINK Pascal (Apple Mac) game programs and demos I've created into DBP. A huge undertaking, I know, but it allows me to see one person's perspective with coding and logic, and adapt it to something, IMHO, is way easier to read and decipher.

Mr James, it seems that you could build the program in DBP and allow access to it for Management, then incorporate a bridge of sorts to link to the PHP/MySQL to the DBP program front-end. This can be accomplished with DarkNet and a few other add-ons that you might be able to code (and possibly release as a plug-in). That PHP/MySQL Bridge add-on many people here would pay for, and in that you're coding in something that you're familiar with; you'll also be making inroads with PHP/MySQL and making it fit better that way. Also, there is the version of DarkBasic that works as an add-on to Microsoft Visual Studios 2007 (if memory serves) and you can use native DBPro (but with a few subtle changes) with the integrated .NET and PHP/MySQL handling that C# already contains.

It is just my opinion that you may have bitten off more than you can possibly swallow, but I believe you can work through this, take care of the client/server situation and have the server interpret an encrypted file but that's something that you'd have to determine. (I have seen others use a timestamp as the encryption codekey and adjust it according to each primary user's ID. This ensures that competition wont be able to decipher the data and that it can be internally processed at any given time. The timestamp/ID would remain the same until more data came in, then it would dynamically change; you can delete the file once it's been interpreted by the PHP/MySQL, leaving no trace of the new data to be intercepted. Just an idea...)

I hope this gives you an idea or two. I have faith in your work with DBPro and this endeavor is just the tip of the iceberg, so to speak. Should this go well and you can get it working properly, you may be able to market the software to another company with subtle changes to the encryption system, if you would choose to do so.

Good Luck and Keep Coding!
Cheers

In my honest opinion, I think DBP isn't the correct tool to be used for something like this.

First of all, a DBP executable is nowhere near secure. It's child's play to extract all kinds of information (not only code, but files, strings, DLLs etc.).

If that isn't a problem, then you're still going to have compatibility issues. DBP executables have high hardware/software requirements. I don't know about you, but my computer at work doesn't even have DirectX 8 yet. What makes you think that all of the clients will be able to even run it?

If you really want to stick with DBP, you'll need to write a plugin which can handle secure connections (SSH, HTTPS). Like I said though, if anyone else gets hold of the executable (and they will), extracting the private key for an SSH connection isn't that hard.

TheComet

Hi Anitarquious I, TheComet, thankyou for your input regarding this matter. It has been decided that this wont be done through a website at all at this stage. There staff will be required to continue their current proccess as normal. As I feared DBP isnt secure remotely so the way forward for them will be to utilise whats already written from machines that will be used for this purpose alone. As the main worry for security is for those special clients they have, that work will be done manually as they have always done, the rest of the work will use the program Ive almost completed saving them a significant amount of time and resource - we are discussing simply having a manual reference for each job that then gets input rather than the job/event name/details. It already uses darknet for communication and seems to be working as expected so far - a certain amount of testing still has to be completed to ensure they can rely on it in future without any risk to their buisness. In short any information that is considered as at risk wont be included in the program, the main aim of the program remaining as to automate as much as possible the workload.
As far as Im concerned DBP can handle a significant proportion of whats required, hardware/software requirements isnt an issue - dx is free and frankly should under no circumstances be an issue for the end user in this case, as for hardware, well the program runs fine on single core 1.2ghz processor with 512 ram with XP and has no graphical requirement integrated graphics cant handle. There is only an issue of ensuring its cpu friendly - not carrying out proccesses it doesn`t need to, spreading it over frames and using the cpu friendly mode. I see no need to write any plugin here. For example, lets look at something simple - emailing everyone assigned to a job, no need to make dbp talk to accounts or anything, simply having an output file of stored email addresses and the file contents can be copied directly to the CC field of any email. All responding emails can simply be saved into one folder, then dbp can simply read those files rather than a user input them on the system, all the user has to do is click the mouse a few times. Just an example but I think you can see how we intend to go forward. I am still keeping all options open however and do intend to look into all the above advice further.
Once again thankyou all for you time, really appreciate it