Help! How do I capture Signature on my php mysql application

Can anyone help me?

I have a web based application - using mysql and php. My users will connect to this app via a handheld pc. They will see a form with their "job to undertake" with all the details necessary to complete their task. Once complete the user enters their work and how long it has taken them... etc....etc.

My problem is this : -

On the handheld, there needs to be an entry point where the customer can sign their signature to agree the work. Once the person has signed I will need the handheld user to click on a submit button to lock the signature in place within the work record permanently, so it can be viewed and printed as part of the record at a later date if necessary.

Does anyone have any ideas on how this could be done, or am I asking too much? Has anyone come across this before? Is the coding complicated Can anyone help me please?!

Haven't ever tried it or seen it, but I'm sure that's well within Java's capability, be it script or applet, I don't know.

Hmmmm,

Can anyone expand any further on this?

I am at a dead end

Any help gratefully appreciated!

EllisJ,

I realize you're new, but it is bad forum ettiquette to double-post a question.

http://forums.devshed.com/t73288/s.html


Please remove one of these posts.

Doesn't sound like something I'd do using PHP if you actually need the graphic of their signature, or well at least not PHP alone.

Since PHP is server side you're going to have to be really clever about capturing that signature on the client and passing it back to the server or use some other means.

A couple of remarks:

1)Is the actual signature, itself, necessary or is it just 1 means of authentication and non-repudiation? If you just need authentication/non-repudiation how about trying to work with usernames/encryption/digital signatures (cryptographically speaking) instead of using a graphic.

2)If you need the actual graphic and are required to stick with PHP you can try (*note purely theoretical) working with javascript to try and capture the cursor movements within a specific div or span and then store these in an array and pass that array to the server when it's submitted. Once the data gets to the server parse it out and use GD or some other graphics library create the image.

HTH

-b

1)Is the actual signature, itself, necessary or is it just 1 means of authentication and non-repudiation? If you just need authentication/non-repudiation how about trying to work with usernames/encryption/digital signatures (cryptographically speaking) instead of using a graphic.

.Please expand here! re encryption and digital signatures! The industry I work in is predominantly paper based Yes really! - if I am to justify a piece of work that is queried ( and this happens more often than not) then I need to be able to prove that J. Doe had signed that the work was ok. The person signing for this work may sign for more work at another point in time, or he/she may never sign anything again. I am looking for a simple solution!! If I have to re educate these people then I can. However we will be the first people in our industry sector to use this, so I am sure you can imagine I will be frowned upon, laughed at, and maybe mocked .... etc etc...



2)If you need the actual graphic and are required to stick with PHP you can try (*note purely theoretical) working with javascript to try and capture the cursor movements within a specific div or span and then store these in an array and pass that array to the server when it's submitted. Once the data gets to the server parse it out and use GD or some other graphics library create the image

Would this be a mammoth task? is there any "theoretical" sample code. I am not an expert (or even a beginner in javascript)

When I'm talking about encryption/digital sigs I'm talking about normal username password stuff along with public key encryption used for non-repudiation. Username and password is used for authentication (meaning you are who you say you are) because it's supposed to be equivalent to signing something because theoretically only you should know the username/pass combo. Digital signatures are used for non-repudiation meaning which is just a way of saying the info you sent along hasn't been messed with along the way. There are several methods and algorithms, but it kinda goes like this, hash your original data and send it along with the encrypted data, on the receivers and when the recipient decrypts the data you hash this and compare it with the hash you sent along. If the two hashes match then nothing was tampered with. I'm not exactly how strict you need to be with your security measures, but if you're dealing with health care info make sure you comply with HIPAA guidelines if you want to implement some of this stuff. For further reading check out Applied Cryptography by Bruce Schneier or google PKI or digital signatures. Depending on the exact needs of what you're doing you can decide what you need. If you can just simplify things down to just needing a username and password then that might be the easiest choice.



Well, like I said what I proposed is theoretical, not sure exactly what it will take to do it, here's some initial thoughts.

*I don't think it would be a necessarily mammoth task, but here's what I think it would boil down to:
1)Being able to capture mousemovement within a specific area. This is doable and you can probably find something like a javascript paint program sample which would be very similar.

2)Logging the mouse movement. As long as you can keep a history of the mouse movement or a final snapshot then just store that into a hidden form variable as char delimited text or any other means you like and send this to the server on submit.

3)On the PHP side parse your coordinates and use GD to output your image. If you haven't used GD before it could take a day or two of fiddling but it also shouldn't be that bad.

*The capture method doesn't seem like it could be all that accurate (signatures would resemble a real signature but be grainy/blocky and probably not hard to forge).

What's your timeline and how big of a project is this supposed to be? Hopefully this is some help, or at least will spark some other conversation on alternative methods to accomplish what you're asking for.

-b