• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 2
Sign in to follow this  

Repair Status script for PC Repair shops

Question

Mr. Black    38

NEW VERSION AVAILABLE
and click "Download Zip"

 

I created this simple script that shows a customer the status of their repair in your shop, and wanted to give it to the community to share.

Has a simple interface for the customer and an administration interface.

 

One of the scripts on the web wants $200 for the same functionality, so I created this in a few days and suits my needs, and maybe yours!

Uses a MySQL database and PHP.

 

Screenshots:

 

post-11411-0-00544400-1415566920.jpg

post-11411-0-30031600-1415566928.jpg

 

My question is also where can I upload this or distribute as well?

 

Thanks

statsript.zip

  • Like 4

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
hjf288    68

github.com ?

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

This is inherently insecure - you would want a "challenge" item like a last name to ensure the only person who can look up that record is the person it is intended for.

Share this post


Link to post
Share on other sites
  • 0
Nick H.    9,841

This is inherently insecure - you would want a "challenge" item like a last name to ensure the only person who can look up that record is the person it is intended for.

I see where you're coming from, but I'm not sure what someone could do with the information? If I typed in a random number and got a result saying that the machine was ready to be picked up, I would still need to provide a receipt of some sort when appearing at the store in order to reclaim my machine. If the status of the order says, "to be returned to the customer" then I would still need to know where that customer lived.

As far as I can see it's just a simple update page, I'm not sure I see where security becomes an issue?

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

It makes you look unprofessional when people can look up anyone's records. If I saw this and my belongings were with that company, I would wonder what other corners are being cut during the repair process. You want to look professional, and uphold the highest standards, especially when you have possession of other people's items.

Share this post


Link to post
Share on other sites
  • 0
Nick H.    9,841

It makes you look unprofessional when people can look up anyone's records.

I'm not saying you're wrong per se, but UPS tracking only requires a tracking number to do a check on a package. The script being provided above offers similar information. Various ticketing systems that I have used in companies also have a tracking page that allows anyone to type in a ticket number to see the status of their issue. There is nothing to stop them plugging in a random number and having a look at the ticket there (although I admit that the ticketing system is internal, with no access from outside the Intranet.)

So long as there is no information connecting a customer to a product, I'm not sure where the harm is?

Share this post


Link to post
Share on other sites
  • 0
xendrome    5,490

Yeah if there is no PII (Personally Identifiable Information) of the customer showing, it's really a non-issue.

  • Like 2

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

Disagree. In your example you cited UPS only requiring a tracking number. While true, a UPS tracking number is not simply a number. It is '1Z' followed by the UPS account number, followed by the service code (ground, air, 2day, etc) followed by a unique number. The odds of randomly typing in a number for their system and getting someone elses information are quite low.

 

Additionally, they are an intermediary service for other businesses. 

 

The difference with this example is the invoice numbers appear to be incremental. If they were randomly assigned letters and digits then you would not look unprofessional. I will give you that.

Share this post


Link to post
Share on other sites
  • 0
TAZMINATOR    12,416

It makes you look unprofessional when people can look up anyone's records. If I saw this and my belongings were with that company, I would wonder what other corners are being cut during the repair process. You want to look professional, and uphold the highest standards, especially when you have possession of other people's items.

 

I always remove my stuff out of my car before taken it to the shop for repairs..

 

No one is that stupid to reveal personal information on the ticket status system...  only shows whether the service is completed or not.

 

If they do not have this system, they can call to let the customer know that the car is ready or they let them know that they need more time to finish it up due the parts on backorder or something like that.

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

Just remember, running a business (especially a repair business which I also run) is always about the perception of professionalism, about no corners being cut. Even if, to us technical people it appears to be a non-issue, its those little shortcuts being taken that give the customer the impression that they are either dealing with a world class or a fly by night operation. Establishing trust and credibility should be a primary concern in how you operate every aspect of the business.

Share this post


Link to post
Share on other sites
  • 0
xendrome    5,490

Disagree. In your example you cited UPS only requiring a tracking number. While true, a UPS tracking number is not simply a number. It is '1Z' followed by the UPS account number, followed by the service code (ground, air, 2day, etc) followed by a unique number. The odds of randomly typing in a number for their system and getting someone elses information are quite low.

 

Additionally, they are an intermediary service for other businesses. 

 

The difference with this example is the invoice numbers appear to be incremental. If they were randomly assigned letters and digits then you would not look unprofessional. I will give you that.

 

It still doesn't matter since there is no PII really. The phone book or whitepages.com has more PII on it then that ticket system for the customer.

Establishing trust and credibility should be a primary concern in how you operate every aspect of the business.

 

I totally get your point and if there was some chance that PII was going to get leaked or viewed online by another customer I would agree, but you basically want someone to say "OK sir we took every step possible to protect this information that means absolutely nothing to anyone else but you and does not identify you in any way". I don't think anyone is going to worry or make a big deal about it since there is 0 risk.

  • Like 3

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

It still doesn't matter since there is no PII really. The phone book or whitepages.com has more PII on it then that ticket system for the customer.

 

I totally get your point and if there was some chance that PII was going to get leaked or viewed online by another customer I would agree, but you basically want someone to say "OK sir we took every step possible to protect this information that means absolutely nothing to anyone else but you and does not identify you in any way". I don't think anyone is going to worry or make a big deal about it since there is 0 risk.

Ok then I will put it in simpler terms for you. If you were on Dell.com - if you were order number 123456 - and all you needed to type in was that number to check the shipping status of that repair. Then you could enter in order number 123457 and get information (no PII) for that order. Would that seem like something a professional company like Dell would allow?

Share this post


Link to post
Share on other sites
  • 0
xendrome    5,490

Ok then I will put it in simpler terms for you. If you were on Dell.com - if you were order number 123456 - and all you needed to type in was that number to check the shipping status of that repair. Then you could enter in order number 123457 and get information (no PII) for that order. Would that seem like something a professional company like Dell would allow?

 

An order for goods isn't really apples to oranges here. An order to goods could lead to an address or payment information. So I would expect them to protect it with additional information requirements. But a simple work-order/status tracking of a repair job isn't the same thing.

Share this post


Link to post
Share on other sites
  • 0
TAZMINATOR    12,416

Ok then I will put it in simpler terms for you. If you were on Dell.com - if you were order number 123456 - and all you needed to type in was that number to check the shipping status of that repair. Then you could enter in order number 123457 and get information (no PII) for that order. Would that seem like something a professional company like Dell would allow?

 

Domino's has pizza tracker, similar to the script mentioned in OP..... you enter your phone number to check and see if the pizza is ready and on it's way to you...   No personal information to you.

 

After you finished order, then log out and then enter phone number in the tracker and boom... the tracker will tell you the status which is being 'live' ...   Perfect for the orders for friends... for example.. I ordered a pizza for a friend of mine in other side of town, then I gave him my number to track it... no personal info is revealed to him.  Simple.

 

Check this out: https://order.dominos.com/en/pages/tracker/#/track/order/

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Tidosho    652

A solution to this problem would be to add htaccess to the server directory where this script is run from. When the customer comes in, and books their machine in, you give them the user name and password, which you set in an htpasswd file. When they even try to access the script they are required to put in the credentials before even typing an invoice number or customer ID.

 

We do it here at Kitamura, for both customer ticketing, and our staff Intranet.

Share this post


Link to post
Share on other sites
  • 0
adam7288    45

Yall are missing the point. I give up.


A solution to this problem would be to add htaccess to the server directory where this script is run from. When the customer comes in, and books their machine in, you give them the user name and password, which you set in an htpasswd file. When they even try to access the script they are required to put in the credentials before even typing an invoice number or customer ID.

 

We do it here at Kitamura, for both customer ticketing, and our staff Intranet.

You don't need to make it this complicated. Just ask for the last name to verify.

Share this post


Link to post
Share on other sites
  • 0
Nick H.    9,841

Yall are missing the point. I give up.

I think we'll just have to agree to disagree on the professionalism of the tool. However, from a security standpoint there doesn't appear to be an issue.

Thanks for the contribution, Mr. Black. (Y)

I know someone suggested Github, perhaps Sourceforge? Or is that more for standalone applications rather than scripts?

Share this post


Link to post
Share on other sites
  • 0
Tidosho    652

Yall are missing the point. I give up.

You don't need to make it this complicated. Just ask for the last name to verify.

You're the one thinking too much into it! There's absolutely NO customer information given out, only the status of the repair!

Share this post


Link to post
Share on other sites
  • 0
ozgeek    157

It makes you look unprofessional when people can look up anyone's records. If I saw this and my belongings were with that company, I would wonder what other corners are being cut during the repair process. You want to look professional, and uphold the highest standards, especially when you have possession of other people's items.

So looking up the rego of a random car is unprofessionl? Infact almost all the states of Australia have a  free service where you can check the registeration status of any car rego number you enter. There is no identifying information, other than what car it is and if it is registered or not. Same here. This is not new. People have been calling in stores to find out status of their item being serviced.

Share this post


Link to post
Share on other sites
  • 0
Cnónna    671

This is inherently insecure - you would want a "challenge" item like a last name to ensure the only person who can look up that record is the person it is intended for.

 

some delivery firms allow you to track your parcel with your tracking number but to get there to start it all off most require you to enter your post code. (zip I guess you the yanks)

 

chances of knowing the 2 matching(efectively random) codes must be fairly high. he could try something like that. no?

Share this post


Link to post
Share on other sites
  • 0
Tidosho    652

I know someone suggested Github, perhaps Sourceforge? Or is that more for standalone applications rather than scripts?

Either can be used for apps or scripts. At the end of the day they're both distributed in source form.

Share this post


Link to post
Share on other sites
  • 0
Cnónna    671

So looking up the rego of a random car is unprofessionl? Infact almost all the states of Australia have a  free service where you can check the registeration status of any car rego number you enter. There is no identifying information, other than what car it is and if it is registered or not. Same here. This is not new. People have been calling in stores to find out status of their item being serviced.

thats nothing in switzerland you license plate is the only one you get for life and they print your name,address and car plate in a book anyone can buy, :/

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Tidosho    652

So looking up the rego of a random car is unprofessionl? Infact almost all the states of Australia have a  free service where you can check the registeration status of any car rego number you enter. There is no identifying information, other than what car it is and if it is registered or not. Same here. This is not new. People have been calling in stores to find out status of their item being serviced.

Same here. On Gov.uk (our government site) you enter a reg number, it then shows you whether that vehicle is taxed or MOT'd, and its colur and engine size. Adam won't use it, it will personally identify his vehicle, gives TMI about it!

Share this post


Link to post
Share on other sites
  • 0
xendrome    5,490

Yall are missing the point. I give up.

You don't need to make it this complicated. Just ask for the last name to verify.

 

Introduce PII into the database, for no reason just to make it more secure, when it had no PII in the database to begin with... that makes PERFECT SENSE!

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Nick H.    9,841

thats nothing in switzerland you license plate is the only one you get for life and they print your name,address and car plate in a book anyone can buy, :/

There's even an app for it. :p Although depending on the canton, you may need to pay a subscription fee (I think) in order to access the information.

Share this post


Link to post
Share on other sites
  • 0
Mr. Black    38

This script was posted as an example for people to modify anyway they choose for their personal use.

I take issue with it being called "unprofessional". It was meant to suit MY needs, and shared so a ton of coding from the start for others wasn't needed.

 

I generate a random Invoice ID each time with my customers, so poking in numbers +1, +2, etc. won't work. And as stated as well, it doesn't share any PII. All it does is tell you at what state of repair your machine is at. Who is going to do anything with that info?

 

I can certainly see the want or need for additional security such as your zip code or whatever in addition to the Invoice ID - If you want to use the script and want additional security, add it in. But to call the script "unprofessional" and my business practices into question is wholeheartedly uncalled for when you know nothing about them. The script isn't even being used yet for my customers...I have tweaks to do myself, but the base is completed, and that is why it was shared.

 

I do hope the rest of you who at least like it or the idea of it get some good use out of it :-)

  • Like 2

Share this post


Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.