By "out of the company's network" do you mean outside the company's IP address range? Or do you mean something else? If the former, then just do a check on the user's IP address. If the later, then hwo is "out of the company's network" defined?
You can use $_SERVER["REMOTE_ADDR"] and check against the range of IP addresses the company uses.
And even nicer implementation (just in case the user is using a proxy) would be: if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $TheIp=$_SERVER['HTTP_X_FORWARDED_FOR']; else $TheIp=$_SERVER['REMOTE_ADDR'];