Online Student Admission & Information System Chapter 1 Introduction 1.1: Introduction We are going to develop an admission and resulting test system for computer science department or BBA department of Mohammadpur Central University College where every parts of this system will be online (internet based) and computerized. As the world moves towards every thing computerized so this is useful system today. Because of the proposed system people can get service sitting at remote are as from where direct communication to MCUC University.
1.2: Overview and Objectives The main objective of our project is to build an online Student admission & information system which provides MCUC University. This online system any candidate can take part in the admission test at any time, and he/she can resister him/her self any time and from any where. This is very much advantages for both of college authority and the candidate him/her self. This software BBA or CSE department of MCUC Student can see result any semester, notice, class routine, examination schedule, student subject info, student account info and know about your university. And also we consider all kind of major security, validation, and usefulness of the system. And some which are not yet included is remaining in our consideration to include at future.
1.3 Functional Requirements We functionally divided this system into four parts: 1. General information and advertisement section 2. Online Registration/ result section 3. Online Administrator Section 4. Viewers comments section
1. General information and advertisements section: This section is the simple static page and will contain all information about the Computer Science and BBA department, and the admission procedure, application eligibility, student account info, Subject, class routine, exam schedule, others important notice, and some advisement of this department, others special offer etc. And this section will design and develop using HTML.
2. Online registration/result Section : This section is one of the dynamic section of the system. This section will handle the task of registration and contain the candidates information into the database. This section is one the critical section of the overall system. This section is mainly based on PHP, and My Sql. Result is the most critical and dynamic section of the system. This section will publishing the result instantly by the internet. And this section is contain the responsibility for higher security
3. Online Administrator Section : This is the most critical and dynamic section of the system. This section will publishing administrator the result , class routine, notice, student subject, student account info, exam schedule add to the database mysql instantly by the internet. And this section is contain the responsibility for higher security . Its used the password. For this purpose this section contain the database and intelligent procedure for question to be dynamic.
4. Viewers Comments Section: This section is one of the dynamic section of the system. This section will handle the task of transferring the comments and application of candidates to the Email address of the authority. It is the contact page for all candidate. This section is one of the critical section of the overall system and is designed using PHP and HTML.& Dream weaver Software.
1. 4: Problem Description At first we have to understand the problem, that is the system. We should have clear cut knowledge and conception about the whole system. The is what are the purposes of the system, what the system do, how the system woks, how the system will be developed, how it will be used and who are the users of this system.
Consider the Existing system which is manual and centralized based admission and resulting system. This system running as. 1. First publishing the notice about admission on newspaper. 2. Then the admission form is distributed to the candidate. 3. So the candidate/or representative of the candidate must present physically to collect the admission form. 4. And the Candidate must take part in admission test at a particular time 5. After taking the admission test the department authority examined the exam paper and at a particular time they publish the result. 6. The result out the national university any semester exam then collect and add the software. 7. So the candidate see the result. 4
8. This system also add any notice, student information, student account info, class
routine, exam schedule .student subject of MCUC BBA & CSE department. 9. So the candidate any problem then see any information this software. 10. This information is collect college administrator section
1.5 Motivation MCUC Student information is very important in every student life. student admission & other information in a critical moment can save the time and cost. And sometimes without necessary information people have to face a lot of admission troubles. So student requirements this site has been built. In a critical moment from which student will get the much required information. At the same time, they will be able to contact with administrator MCUC university in an urgent need. While searching for Student all information cse & bba department. . So realizing of the importance of student information and at the same time lacking Admission from and submit this is the main motivation behind this project.
1.6:Challenges The primary challenges are to build such a site that can provide interactive ness and satisfaction of user requirements. When it was started to implement this project, one thing was always kept in mind that the site will contain all the desired information in an well organized way. Because if a user have to go for an entire site out desired information then she/he will certainly feel discomfort, and the aim of this site will be hampered. So various information are arranged in a way that user can easily find out his/her desired information. A number of national and international websites have been visited to know their main objectives and features they have given emphasis. At the same time, a survey has been initiated among a number of people to find out what are the features they want most. The result of these answers is the basic requirement of the project. But as the number of requirements is huge, the mostly needed information have been selected. Another problem was that how the Admission section will be developed. Because it is to be built in such a way that an user can easily locate his/her preferred administrator and then can select his/her favored time visit it.
Chapter 2 Background Study
2.1: Visiting Websites Before building this site a number of related websites has been verified to know about their services and several flows in those sites were found. The main problem with those sites is that they are not fully capable of all department admission & information MCUC university. They have lack of user friendly interfaces. They presented different visions on building this type websites. They have given emphasis mostly on providing information no to provide interaction with a administrator. They provide information about add & delete subject name, class routine, exam schedule, notice, result, student account information etc. But they do not provide a way to interact with a administration. Their sites is very useful of their MCUC university. They provide a way to know about admission for student and all information CSE & BBA department. But this is very much essential feature because we take various information in student life. A user/ visitors may be interested about knowing the admission he/ she visiting this web site. In this case he/ she may visit MCUC university online student admission and information site to know any other information about in their sites. A student/ user may also want to get on online admission from a site by submitting user’s problem. but existing sites are not ready to provide these services. Some sites provide limited consultancy features where a user can submit a problem but he / she cannot choose this university admission CSE & BBA department. and those site do not have every department facilities. So user gets only a limited help if they want to interact with a administrator and there hence in no online solution.
2.2: Feedback from Admin panel Admin panel is a super user. So she/he can view everything in this. Every information used to add, delete, feedback user question every part manage this sectoion. This is the most critical and dynamic section of the system. This section will publishing administrator the result , class routine, notice, student subject, student account info, exam schedule add to the database mysql instantly by the internet. And this section is containing the responsibility for higher security. It’s used the password. For this purpose this section contains the database and intelligent procedure for question to be dynamic. Before starting to build this site, information renowned admin section from university has been collected. But, this website is also first feedback for the send e- mail for any information know the visitors.
2.3: Feedback from Visitors/User Online student admission and information system is the major needs for the visitor of development country like Bangladesh. specially this site is developed to help visitor any information and admission in this university. Visitors told that is really a helpful approaches to solve various critical moment.. But they insist to ensure the following services:
•
This section will handle the task of transferring the comments and application of candidates to the Email address of the authority. • In this online admission system, any student who wants to get admitted in the computer science & BBA department has to fulfill some requirements which are stated in the web site. • admin panel must be helpful and cooperative • Information must be updated. Visitor hope that if these services can be included then actual goal of developing this site can be achieved.
2.4: Summary Analyzing the feedbacks from the University, general visitors and students this site has been built. It is accepted that the site will fulfill everyone’s requirements.
Chapter 3 Software Design 3.1: Software Process Coherent sets of activities for specifying, designing, implementing and testing software systems. The software process is a structured set of activities required to develop a software system. Such as 1. Specification 2. Design and Implementation 3. Validation 4. Evolution
3.2: Software Process Models A software process model is an abstract representation of a process. It presents a description of a process from some particular perspective.
3.3: Popular Software Process Models There are different types of software process model software models which are mostly used. These are: A) The Waterfall Model B) Prototyping C) Evolutionary ModelF) Spiral Model and so on.
. Now consider only four of the popular
3.3.1: Waterfall Model The first formal description of the waterfall model is often cited to be an article published in 1970 by Winston W. Royce, although Royce did not use the term "waterfall" in the article. Ironically, Royce was presenting this model as an example of a flawed, non-working model. This is in fact the way the term has generally been used in writing about software development - as a way to criticize a commonly used software practice . Waterfall Model is the first published model which is used in the development of software process. The traditional Waterfall life cycle has been the mainstay for software developers for many years. This is illustrated in Fig. 3.1 because of the cascade from one phase to another; this model is known as the ‘Waterfall Model’ or software life cycle. The traditional life cycle 8 for system development is the Waterfall Model. The Waterfall Model is based on the top-down flow of requirements and design development. In the Waterfall Model, emphasis is placed on determining a fixed set of requirements from which the design follows. In Water Model, – Feedback loops across multiple stages: Validation and verification steps. – Prototyping via a “build it twice” step alongside of requirements and design. Phases of Waterfall Model are a) Requirements analysis and definition b) System and software design c) Implementation and unit testing d) Integration and system testing e) Operation and maintenance The drawback of the waterfall model is the difficulty of accommodating change after the process is underway
Requ irem ents d efinition Sy stem and so ftware d esig n Im plem entatio n and u nit testin g Integr atio n an d system testin g Op eratio n an d m ain ten ance
Fig. 3.1 Waterfall Model
3.3.2: Phases in Prototyping Model The model prototype is a static system that replicates the kind of system a state may want to develop, adopt, or purchase. It demonstrates the best practices of a user-centered design process and the key features that are valued by the user community and its stakeholders. These best practices were identified through previous analyses. The prototype also provides online access to the information in the guidelines document to help direct administrators, project managers, developers, and designers. The prototype is to be used as a training tool and design model for developers and designers who are working toward completion of similar systems . • • • • • •
Gather requirements. Developer & customer define overall objectives; identify areas needing more investigation – risky requirements. Quick design focusing on what will be visible to user – input & output formats. Use existing program fragments, program generators to throw together working version. Prototype evaluated and requirements refined. Process iterated until customer & developer satisfied.
• •
Then throw away prototype and rebuild system to high quality. Alternatively can have evolutionary prototyping – start with well understood requirements.
Fig : 3.2 Prototyping Model
3.3.3: Evolutionary Development The EVO development model divides the development cycle into smaller, incremental waterfall models in which users are able to get access to the product at the end of each cycle. The users provide feedback on the product for the planning stage of the next cycle and the development team responds, often by changing the product, plans, or process. These incremental cycles are typically two to four weeks in duration and continue until the product is shipped . In Evolutionary Development Fig. 3.3 specification, development and validation are interleaved. Evolutionary model also divide in two parts. They are: i) Exploratory development ii) Throw-away prototyping. i)
ii)
Exploratory development: Objective is to work with customers and to evolve a final system from an initial outline specification. It should start with well understood requirements and add new features as proposed by the customers. Throw-away prototyping: Objective is to understand the system requirements. Should start with poorly understood requirements to clarify what is really needed.
Another type is available in evolutionary development which is called Underlying Idea. It gives an initial implementation to the users and then refining it through many versions based on user feedback. Evolutionary development is based on the idea of developing an initial implementation, exposing this to user comment and refining this through many versions until an adequate system has been developed. The development starts with the parts of the system which are understood. The system evolves by adding new features as they are proposed by the customer. It meets the immediate needs of customers.
Concurren t activities
O utline description
Specification
Initial version
D evelopm ent
Interm ediate versions
V alidation
Final version
Fig. 3.3 Evolutionary Development
3.4: Spiral Model
11
The Spiral Model shown in Fig. 3.4 was defined by Barry Boehm in his article [Boehm88] A Spiral Model of Software Development and Enhancement from 1986. This model was not the first model to discuss iteration, but it was the first model to explain why the iteration matters. As originally envisioned, the iterations were typically 6 months to 2 years long. The spiral model (Boehm, 1988) aims at risk reduction by any means in any phase. The spiral model is often referred to as a risk-driven model. The Spiral Development (or Lifecycle) Model is a systems development method used in information technology. A different approach born out of the evolution of the Waterfall Model. Encompasses the previous models as special cases, and can make use of a combination of models. Risk analysis asks, “What are the areas of uncertainty, and what is the probability that they will slow the progress of development?” It combines the features of the prototyping model and the waterfall model. It is favored for large, expensive, and complicated models. The Spiral Model shown in Fig. 3.4 is also known as “Boehm’s Model". Process model originally developed by Boehm [Boehm88] to address known problems with earlier process models of the software life cycle, in particular the Waterfall Model. In the spiral model, the radial coordinate represents cost and the angular coordinate represents progress in completion of a cycle of the model. Each cycle involves traversing through four quadrants. The first quadrant is to determine objectives, alternatives, and constraints for the cycle. The second quadrant is a risk analysis and evaluation of alternatives for the cycle. The third quadrant is to develop and verify the next level product. The fourth quadrant involves planning for the next phases. The Spiral Model is intended to encompass other life cycle models such as the Waterfall Model, the Incremental Development Model, and the Throwaway Prototyping Model. During Risk Analysis, the key characteristics of the project are determined, referred to as process drivers. The process drivers are used to determine which process model is most appropriate for the project. In this way, the Spiral Model can be considered a process model generator.
12
Fig. 3.4 Spiral model
There are four phases in the "Spiral Model" which are: Planning, Evaluation, Risk Analysis and Engineering. These four phases are iteratively followed one after other in order to eliminate all the problems, which were faced in "The Waterfall Model". Iterating the phases helps in understating the problems associated with a phase and dealing with those problems when the same phase is repeated next time, planning and developing strategies to be followed while iterating through the phases. And the spiral model consists of four quadrants also: a) Defining Objectives, Alternatives, and Constraints b) Analyzing Risks c) Developing Product d) Spiral Planning Each cycle of the spiral model iterates through these four quadrants. The number of cycles is project specific, so the description of the activities in each quadrant are intended to be general enough that they can be included in any cycle. The goal of the spiral model is to be risk driven, so that the risks in a given cycle are determined during the Analyzing Risks section. In order to manage these risks, certain additional project-specific activities may be planned to address the risks, such as Requirements Prototyping, if the risk analysis indicates that the software requirements are not clearly understood. These project specific risks are termed process drivers. For any process driver, one or more project specific activities need to be performed to manage the risk.
3.5: Reason for not Choosing Waterfall Model First of all, the waterfall model has been considered for the project. It is already known that when the requirements of a problem are reasonably well understood and project duration is very short then waterfall model is suitable. But it was not possible to fully specify what the website should or would contain at the start of the development process, because its structure and functionality evolved over time. The first phase of waterfall model is \Requirements analysis and definition". So the project could not meet the first criteria of waterfall model. Besides, the project duration was not too short. Finally, it was decided that waterfall model could not be the perfect model to follow for the project.
3.6: Reason for not Choosing Prototyping Model After the failure of waterfall model, prototyping model was considered for the project. In prototyping model, prototype is evaluated and requirements are reined and this process iterated until customer and developer satisfied. But the web development had to use cuttingedge, diverse technologies and standards, and integrates numerous varied components, including varied components, including traditional and non-traditional software, interpreted scripting languages, HTML, databases, images, and other web components and complex user interfaces. Moreover the project is content-driven (database-driven). Web based systems development includes creation and management of the content, as well as appropriate provisions for subsequent content creation, maintenance, and management after the initial development and deployment on a continual basis (in some applications as frequently as every hour or more).So prototyping model could not be able to provide the appropriate environment and design step to meet all these requirements. Besides it was known to implement a single entity that is a collection of logically connected web pages. So navigation would be an important factor. But in prototyping model, it was not possible as this facility was absent in this model to implement.
3.7: Reasons for Choosing Spiral Model The spiral model is a realistic approach to the development of large scale systems and software. Because software evolves as the progresses, the developer and customer better understand and react to risks at is evolutionary level. It maintains the systematic step wise approach suggested by the classic life cycle but incorporates it into an iterative framework that more realistically the real world. The spiral model demands a direct consideration of technical risks at all stages of the project, and if properly applied, should reduce risks before the become problematic. It also combines the features of the waterfall and prototyping model. Under this consideration it was found that spiral model full most of the requirements of our system, that's why model spiral was chosen to develop the system.
3.8: Schema Diagram
A database schema, along with primary key and foreign key dependencies, can be depicted pictorially by schema diagrams. In schema diagrams, each relation appears as a box with the attributes listed inside it and the relation name above it. If there are primary key attribute, a horizontal line crosses with a primary key attributes listed above the line in gray. Foreign key dependencies appears as arrows from the foreign key attribute of the referencing relation to the primary key of the reference relation.
Home page About university Online result Online student admission Class routine Exam schedule Online notice Student subject info Student account info Contact Admin pannel
Information of CSE Department Information Information of BBA Department Information
Online admission Admin panel Type user name Type password Login All information add Logout Add new user
Others information Visitor view
Registration From submit Check info
Student account info Id, name Check info View total cost View payable money View due money
About university Online result Class routine Exam schedule Online notice Student subject info Contact 3.5: Schema diagram between visitor-admin panel-department
3.9: Use Case Diagram
15
A use case dense a goal-oriented set of interactions between external actors and the system under consideration. Actors are parties outside the system that interact with the system. An actor may be a class of users, roles users can play, or other systems. A primary actor is one having a goal requiring the assistance of the system. A secondary actor is one from which the system needs assistance. MCUC University Online result visitor student admission
Adminstrator
class routine Exam schedule online notice
student subject info
student account info BBA User
CSE
add info
Admin
Delete info Figure 3.6: Use Case Diagram
3.10: Flow Chart
16
A flowchart is a common type of diagram, which represents an algorithm or process, showing the steps as boxes of various kinds, and their order by connecting these with arrows. This diagrammatic representation can give a step-by-step solution to a given problem. Data is represented in these boxes, and arrows connecting them represent direction of flow of data. Flowcharts are used in analyzing, designing, documenting or managing a process or program in various fields. Figure 3.8 shows the figure of Flow Chart:
Access free information only Acesss all information provide by the admin panel Request for BBA & CSE department
Try student admissio n
Reques t Accept admin
get reply from user
logout
Figure 3.7: Flow Chart
Online Student Admission & Information System Part –2 Chapter –4 Chapter - 5
Design Tools Requirement Analysis and feasibility study
Chapter – 6
Overview of the database table
Chapter – 7
Manual
Chapter 4 Design Tools 4.1: Introduction Proposed system have been implemented with the aid of some software some tools and techniques. The technology plays an important and vital role to develop implement the system, also affects the project cost, timeline and maintenance of the project. This chapter emphasizes on both the task involve in designing of such system and make relation between different elements which are involved in the website implementation process
4.2: Design tools To develop our project we have used several most recent developed design tools to speed up our web pages. For this investigation several tools like PHP, MySQL and Apache are used. Here PHP is used for logical operations, MySQL is used to create database and Apache is used to run this programmed. The table of the design tools is following: Name of the tool PHP,HTML,CSS
MySQL /warm Adobe Photoshop
Purpose of the use Language Database Web server Design
Table: 5.1 Design Tools
4.3: Programming Languages Two scripting languages have been used to build this project. One for client side and another for server side. The server side scripting language is php and client side scripting languages is java script. PHP has chosen as a server side scripting languages for reasons. It is an open source, robust, platform-independent language. Unlike ASP, it can run on almost al operating system. The client side scripting language we have used is JavaScript. JavaScript is a super language for providing client side functionality like form validation, building dynamic menu, roll-over, time out etc. Below we have provided a short description of php and JavaScript languages and their superiority over other scripting languages.
4.3.1: HTML HTML [17] is the "mother tongue" of your browser. To make a long story short, HTML was invented in 1990 by a scientist called Tim Berners-Lee. The purpose was to make it easier for scientists at different universities to gain access to each other's research documents. The project became a bigger success than Tim Berners-Lee had ever imagined. By inventing HTML he laid the foundation for the web as we know it today. HTML is a language, which makes it possible to present information (e.g. scientific research) on the Internet. What you see when you view a page on the Internet is your browser's interpretation of HTML. To see the HTML code of a page on the Internet, simply click "View" in the top menu of your browser and choose "Source".
4.3.2: PHP PHP is a server-side scripting language for creating dynamic Web pages. Pages are created using PHP and HTML. When a visitor opens the page, the server processes the PHP commands and then sends the results to the visitor's browser, Opening or popping up a new window with programmatic control over the size, position, and attributes of the new window (i.e. whether the menus, toolbars, etc. are visible).Validation of web form input values to make sure that they will be accepted before they are submitted to the server. Changing images as the mouse cursor moves over them: This elect is often used to draw the user's attention to important links displayed as graphical elements. Because JavaScript code can run locally in a user's browser (rather than on are mote server) it can respond to user actions quickly, making an application feel more responsive. Furthermore, JavaScript code can detect user actions which HTML alone cannot, such as individual keystrokes.
4.3.3: Java Script
JavaScript is a scripting language used to enable programmatic access to objects within other applications. It is primarily used in the form of client-side JavaScript for the development of dynamic websites. JavaScript is a dialect of the ECMA Script standard and is characterized as a dynamic, weakly typed, prototype-based language with first-class functions. JavaScript was inurned by many languages and was designed to look like Java, but to be easier for nonprogrammers to work with. The primary use of JavaScript is to write functions that are embedded in or included from HTML pages and interact with the Document Object Model (DOM) of the page. 20 Some simple examples of this usage are: •
Opening or popping up a new window with programmatic control over the size, position, and attributes of the new window (i.e. whether the menus, toolbars, etc. are visible). • Validation of web form input values to make sure that they will be accepted before they are submitted to the server. • Changing images as the mouse cursor moves over them: This effect is often used to draw the user's attention to important links displayed as graphical elements. Because JavaScript code can run locally in a user's browser (rather than on are more servers) it can respond to user actions quickly, making an application feel more responsive. Furthermore, JavaScript code can detect user actions which HTML alone cannot, such as individual keystrokes.
4.3.4: Graphical Design Tools Main Design of the proposed system relied on various html feature like div, table, color, text etc. As the site is a medical website, the main objective of the site is to use provide functionality not to provide showy design. To keep people eager about this site it is also important to provide a fascinating look. So CSS and ash buttons are used to enhance the beauty of the project. CSS feature like class has been used to make the page more attractive and at the same time to maintain less typing. Here a short description of design feature of HTML, CSS and ash are also provided. CSS Cascading Style Sheets (CSS) is a style sheet language used to describe the presentation (that is, the look and formatting) of a document written in a markup language. Its most common application is to style web pages written in HTML and XHTML, but the language can be applied to any kind of XML document, including SVG and XUL.
CSS: CSS is designed primarily to enable the separation of document content (written in HTML or a similar markup language) from document presentation, including elements such as the colors, fonts, and layout. This separation can improve content accessibility, provide more edibility and control in the specification of presentation characteristics, enable multiple pages
to share formatting, and reduce complexity and repetition in the structural content (such as by allowing for table less web design). CSS can also allow the same markup page to be presented in different styles for deferent rendering methods, such as on-screen, in print, by voice (when read out by a speech-based browser or screen reader) and on Braille-based, tactile devices. While the author of a document typically links that document to a CSS style sheet, readers can use a different style sheet, perhaps one on their own computer, to override the one the author has specified.
Flash Adobe Flash (formerly Macromedia Flash) is a multimedia platform that is popular for adding animation and interactivity to web pages. Originally acquired by Macromedia, Flash was introduced in 1996, and is currently developed and distributed by Adobe Systems. Flash is commonly used to create animation, advertisements, and various web page Flash components, to integrate video into web pages, to make games and more recently, to develop rich Internet applications. Flash can manipulate vector and raster graphics, and supports bidirectional streaming of audio and video. It contains an Object-oriented language called Action Script. Several software products, systems, and devices are able to create or display Flash content, including Adobe Flash Player, which is available free for most common web browsers, some mobile phones and for other electronic devices (using Flash Lite).
4.3.5: Text Editor Text editor is very important for programming purpose. The better the text editor the more easily can we code it. At reforest we start coding in text pad, but after sometimes we find it not helpful for programming purpose. There is no text highlighting or tag suggestion for HTML, CSS, JavaScript and PHP. So we go for another editor which can accomplish our demand. We find several text editor like phped, notepad++ and tool like dream waver. All of them are very helpful for coding purpose. They highlight various functions and provide important suggestions during typing a code of PHP or HTML, so it is easy to find error in code. We have used mainly dream weaver as a text editor.
4.4: Relational Database System For relational database system we have select MySQL for its popularity and easiness. It is a open source and platform independent, can be used from small to large scale database. It is easy to maintain, works nicely with apache http server. Here a brief description MySQL DBMS is given MySQL Database Management System MySQL is a relational database management system (RDBMS). It has more than 6 million installations all over the world. The program runs as a server providing multi-user access to a number of databases. MySQL is used in web applications and acts as the database component of the LAMP software stack. Its popularity for use with web applications is closely tied to the popularity of PHP, which is often combined with MySQL. Several high-tra_c web sites (including Flickr,
Facebook,Wikipedia, Google (though not for searches), Nokia, Auction marts and YouTube) use MySQL for data storage and logging of user data.The following features are implemented by MySQL but not by some other RDBMS software: Multiple storage engines, allowing one to choose the one that is most effective for each table in the application (in MySQL 5.0, storage engines must be compiled in; in MySQL 5.1, storage engines can be dynamically loaded at run time): 1. Native storage engines (MyISAM, Falcon, Merge, Memory (heap), Federated, Archive, CSV, Blackhole, Cluster, Berkeley DB, EXAMPLE, and Maria) 2. Partner-developed storage engines (InnoDB, solidDB, NitroEDB, Info bright (formerly Brighthouse), Infobright (Open Source) 3. Community-developed storage engines (memcached, httpd, PBXT, Revision Engine) 4. Custom storage engines Commit grouping, gathering multiple transactions from multiple connections together to increase the number of commits per second.
4.5: Features of MYSQL • • • • •
It is free (www.mysql.com). It is platform independent: Windows, Linux, MacOS, OS/2. It is faster then others: Oracle, ODBC, and Sybase. High security system. It can handle large size of database.
4.6: Normalization The site's database tables are designed so that it fulfill all the normal form like 1NF, 2NF, 3NF etc. This section describes how this implements various normal form in database table.
First Normal Form (1NF) • •
The first requirement of 1NF is to eliminate duplicative columns from the same table. Create separate tables for each group of related data and identify each row with a unique column (the primary key).
Second Normal Form (2NF) The first requirement of second normal form is to meet all the criteria of first normal form. The site's database tables fulfill all the criteria of first form. •
Remove subsets of data that apply to multiple rows of a table and place them in separate tables. This means then if there is redundant data in multiple row, that might be spited in various table. If same data applied multiple row then we have to create two table using foreign key.
•
Create relationships between these new tables and their predecessors through the use of foreign keys.
Third normal form (3NF) Third normal form meet all the criteria of first and second normal form. The additional constraint about third normal form is that: Remove columns that are not fully dependent upon the primary key. this means that we should not add any column which does not depend on primary key. That means no derived key should not be present as a column. Though this site has maintained almost all the criteria of normalization there are some exceptions. The domain address of various table are not atomic. It can be divided into several sub-domains, which is a violation of 1NF. As the scale of the project is not too large to keep the table simpler and to use non-atomic domain address rather than city, street, road no etc. Because it keeps the table simpler and is better in both in terms of storage and in terms of query execution time. In many cases forcing first normal form representation provides a unnecessary burden on database.
4.7: Wamp server The WampWeb server is the most popular Web server there is. It like Expy, PHP, and My Sql, is an open-source project. Not surprisingly, Wamp works best in Expy environments, but also runs just fine under windows. Wamp makes use of third-party modules. Because it is open source, anyone with the skill can write code that extends the functionality Wamp. PHP will most often run as an Wamp extension, known as an Wamp module. Wamp is a great web server. It is extremely quick and amazingly stable. The most frequently stated complaint about Wamp is that, like many pieces of software, there are limited graphical tools with which you can manipulate the application. You alter Wamp by specifying options on the command line or by altering text files. When you come to Wamp for the first time, all this can be a bit opaque.
Though Wamp works best on all operating systems, this server is not password for the connected database mysql. Nobody, not even that Wamp developers, recommends that Wamp be run on a busy for serving Web pages, you’re better off using IIS.
Chapter 5 Requirements Analysis and Feasibility Study
5.1: Software Requirements For implementing the proposed system we required the following Programming language, system software, application software and editor: Language: 1.
PHP
2.
HTML
Database: MySql Web Server: Apache, Warm server Browser: 1. 2. 3.
Internet explorer, or Netsape Nevigartor, or Mozila firefox
Editor: Macromedia Dreameaver 6.0 Operating System: 1. Win98/2000/XP/NT 2. Linux
5.2: Hardware Requirements 1. Personal Computer for designing and testing the system 2. Modem and Internet Connection.
5.3: Techniques To develop the system we have used several techniques for the following purposes--● Data Flow Diagrams (DFD) of the system from the contest level up to first level is for the purpose of process modeling. ● Data modeling, Entity Relationship Diagram (ERD ) for the physical data storage and relations between the entities of the system. ● Relational model is for the database. ● Data dictionary is for the database.
5.4: Tools We have used several graphical tools for the designing purpose to develop the system. Microsoft Visio Professional 2007 for DFD and ERD , Smart Draw and Photoshop for Rich
picture, Microsoft Access for system relational model. Macromedia for system design, Web Server to develop the system. Platform: PHP & MySql.
5.5: Documentation Aids This document is very user friendly. We have recorded all requirements accurately and this complete documentation for further development.
5.6: Duration of the Work The duration of the work is shown in Table 1.1. Table 1.1 Duration of the work
Task name
Duration (Approximate, Âą 2 days)
Requirements gathering
10 days
System analysis
10 days
Design
15 days
Coding
30 days
Integration
10 days
Testing
10 days
Maintenance
10 days
Chapter 6 Overview of the database table 6.1: Introduction We are going to develop an online student admission and information system for computer science or BBA department of Mohammadpur Central University College. This software is a web based program. Its use the Server is warm and database connects mysql. This chapter describes the database table.
6.2: Create database name & table name
This software system connects the database firstly create a database. This system database name is student - admission. It has eight Tables. These are: (1) Admission (2) Admin (3) Class (4) Exam (5) Notice (6) St _ payment (7) St_ result (8) Subject _entry
Table
Record Type s
addmission
9
InnoDB 16.0 KiB
admin
4
InnoDB 16.0 KiB
class
3
InnoDB 16.0 KiB
exam
6
InnoDB 16.0 KiB
notice
6
InnoDB 16.0 KiB
st_payment
7
InnoDB 16.0 KiB
st_result
289
InnoDB 48.0 KiB
Size
subject_entry 7
InnoDB 16.0 KiB
8 table(s)
--
331
160.0 KiB
Fig : Show the st_ addmission database all table
27
6.2.1: Create admission table Field id name fname mname dob religion nation bgroup sex present parmanent s_board s_year s_group s_result s_session h_board h_year h_group h_result h_session picture
Type
Null
int(11) varchar(30) varchar(30) varchar(30) varchar(20) varchar(15) varchar(30) varchar(5) varchar(6) text text varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(20) varchar(50) fig :Show the addmission table
6.2.2: Create admin table Field id user_id
Type int(11) varchar(50)
Null No No
fig :Show the admin table
6.2.3: Create class schedule table Field id depname semister subject
Type int(11) varchar(30) char(2) varchar(30)
Null No No No No
No No No No No No No No No No No No No No No No No No No No No No
Field time tname room
Type Null varchar(10) No varchar(30) No varchar(10) No fig :Show the class table
6.2.4: Create examination schedule table Field id depname semister title duration subject room
Type
Null
int(11) No varchar(30) No char(2) No varchar(20) No varchar(10) No varchar(30) No varchar(10) No fig :Show the exam table
6.2.5: Create Notice table Field id date valid_date dept semister subject notice
Type
Null
int(11) No varchar(15) No varchar(15) No varchar(20) No varchar(10) No varchar(50) No text No fig :Show the notice table 29
6.2.6: Create Student money payment table Field id sid total s_total s_due
Type
Null
int(11) No varchar(30) No varchar(30) No varchar(30) No varchar(30) No fig :Show the St_payment table
6.2.7: Create Student result table Type
Field st_id dep_id semister sub1 sub2 sub3 sub4
Null
varchar(30) No varchar(20) No varchar(10) No varchar(10) No varchar(10) No varchar(10) No varchar(10) No fig :Show the St_result table
6.2.8: Create Student subject entry table Type
Field id dept semister sid sub1 sub2 sub3 sub4 sub5 sub6 sub7
int(11) varchar(30) char(2) varchar(30) varchar(30) varchar(30) varchar(30) varchar(30) varchar(30) varchar(30) varchar(30) fig:Show
Null No No No No No No No No No No No
the Subject entry table
Chapter 7 Manual 7.1: Introduction Student admission & information system software is BBA or CSE department of MCUC Student can see result any semister, notice, class routine , examination schedule , student subject info, student account info and know about your university.
7.2: Short description about proposed system
To automating the existing manual system and to solve the above described problem we developed the `Online Admission and resulting System’. We functionally divided this system into two section :
a. User Section: 1. About MCUC university section 2. Online result section 3. Online student admission 4. Class Routine section 5. Examination schedule section 6. Online notice section 7. Student subject information 8. Student account information 9. CSE department 10 BBA departments
b. Admin Section 1. Add new user 2. add / delete result 3. add / delete class routine 4. add / delete Examination schedule 5. add / delete notice 6. add / delete student subject information 7. add / delete Student account information
7. 3: Soft ware pages (user section) An excellent front page has been designed. All the features have been included in the front page. The Front Page is shown in figure.
For Home Page:
Fig: 7.1 (Home page)
7.3.1: About MCUC university section This section is the simple static home page and will contain all information about the MCUC university and this section will design and develop using HTML.This section information CSE& BBA Teachers list and others curriculum. Mohammadpur Central University College, one of the leading educational institutes in Bangladesh has left behind a glorious part. In 1972, three colleges of Dhaka city i,e Dhanmondi Central College, Mohammadpur College and Mohammadpur Girls College merged into one and these "Mohammadpur Central University College" started its trump march. The founder committee comprised of Dr. Fazlul Halim Chowdhury, Ex. vicechancellor, prominent educationist and the most leading personality in the teachers' movement Prof. M. Shareeful Islam, Secretary General, BCTA, and Head of the Department, Political Science, Tolaram College. Now this institution has reached the level required in 21st century education by proving its dignity through multi-discipline academic programs. Two other professional subjects, Computer Science and BBA program have been successfully running for last time years with academic excellence. Moreover to mitigating challenges of advanced socio-cultural demand.
Fig:-7.2(About University)
33
7. 3. 2: Online result section This section will publish the result instantly by the internet. And this section is containing the responsibility for higher security. All students see the result any semester to visit this website.
Fig: 7. 3( Online result)
Fig: 7.4 CSE 1st semister result show
34
7. 3. 3: Student admission section In this online admission system, any student who wants to get admitted in the computer science & BBA department has to fulfill some requirements which are stated in the web site. At first he/she has to register himself of herself. After successful registration he/she will be given and ID and password. He/She can sit for the admission test any time within the final date of examination. If he/she takes the test, immediately after taken the test, his/her result will be given online. This test will proceed in First Come First Serve (FCFS) basis. After all the seats are filled then admission test will be close. And any student any time (within given range) can register him self, and can take part in admission test and the result about qualified to admitted or not will be published instantly, and who are qualified can only admitted him/her as First Come first Admit basis.
Fig: 4: Online Admission From
Fig: 7. 5 ( Student admission from)
35
7. 3. 4: Student class routine section This section will administrators add CSE & BBA department or any semister Class routine instantly by the IP address. And this section is containing the responsibility for higher security. All students see the class routine any semister to visit this website.
Fig 7.6 (Class Routine)
Fig: 7.7 .2nd semister Class Routine Show 36
7. 3.5: Student exam schedule section This section will administrators add CSE & BBA department or any semister exam schedule instantly by the IP address. And this section is containing the responsibility for higher security. All students see the examination schedule any semister to visit this website.
Fig: 7.8( Examination Schedule)
Fig: 7.9 2nd semister Exam Schedule Show
37
7. 3.6: Student Online notice section This section will administrators add CSE & BBA department or any semister any subject routine instantly by the IP address. And this section is containing the responsibility for higher security. All students see any routine to visit this website. example below: Mrs. Sultana Begum Award: Call for Projects - Deadline 01/07 CSE Department will nominate a project for the award. Details of the award and the selection criteria are available from the document attached. Students of Level 3 and Level 4 are asked to submit their applications by 01/011/2009 to the departmental office.
Fig:7.10 Online Notice
Fig:7.11 Online Notice show 38
7. 3.7: Student subject information This sections all student facilities any semister requires subject and syllabus see this website visit. It is very useful part the student information.
Fig: 7.12 (student subject information
7. 3.8: Student Account information This section all student facilities any semester cost, monthly fee, exam fee, payment account, due account etc see this website visit. It is very useful part the student information. This part every student id number type then show your account information. It is much secured.
Fig: 7.13 Student Account Information
39
7.4: Our department There are two department in our project system .these are CSE & BBA department.
7.4.1: Computer science & engineering department The department of Computer Science and Engineering (CSE) of Mohammadpur Central University College (MCUC) is the first department of its kind in Bangladesh. MCUC offers Bachelors Degree in Computer Science and Engineering. The Education of CSE is national university world class in both the Curricula and Research activity. The best students from all over Bangladesh join this prestigious department. The highly competitive environment, world-class facilities and the hard working faculties nourish every student to be a prime of the field. Currently there are about 700 students studying in Undergraduate Program and about 40 students in Graduate Program.
Laboratory Facilities: At present there are seven different laboratories in the department premises. These are described here.  Microcomputer Laboratory: This laboratory has 40 Pentium IV workstations and three servers. All workstations are provided with windows XP and Linux platforms.
7.14 Software Engineering Lab  Software Engineering Laboratory:
This laboratory has 36 Pentium-III high performance workstations with complete multimedia support. There is a HP Net P3 Dual Processor Server. 40 Networking Laboratory: This laboratory provides with various networking devices. There are Cisco routers, Cisco Switches and thirty two Pentium-III workstations. Digital Laboratory & Interfacing Laboratory: These laboratories are equipped with modern tools to design and implement digital circuits. These laboratories have vast number of ICs in stock, starting from simple 74 series chips up to different types of microprocessors and their peripherals. There are various Microprocessor Trainer Kit such as 8088 based MTS 88.C micro-kit. Multimedia Laboratory: This lab has 40 Pentium-IV high performance workstations with multimedia support. This laboratory has a Pentium-III 1GHz Dual Processor 2000 Server. There are Flat-bed Scanner, HP Heavy Duty Laser Printer, Digital Video Camera, Video Capture card etc.
7.15 Computing Lab Computing Laboratory: This laboratory has 40 Pentium-IV high performance workstations with complete multimedia support.
Library Facilities: A small but rich library has been set up in the department. It has currently 1200 books and a lot of journals. In addition to that there is a small computer software library that consists of original software, user’s guide, programmer’s guide and manuals.
41
CSE Department:
Fig: 7.16. CSE Department
7.4.2: BBA department The department of (BBA) of Mohammadpur Central University College (MCUC) is the first department of its kind in Bangladesh. MCUC offers Bachelors Degree of BBA. The Education of BBA is national university world class in both the Curricula and Research activity. The best students from all over Bangladesh join this prestigious department. The highly competitive environment, world-class facilities and the hard working faculties nourish every student to be a prime of the field. Currently there are about 1000 students studying in Undergraduate Program and about 40 students in Graduate Program
Aims & Objectives: I. Building efficient human resources to mitigating the Challenges of the 21st Century. II. Committed to ensure quality of standard education.
III. To bring out the best in merit and character building as well as discipline. IV. To ensure Technology based (IT) Education.
42
Specialty: Politics & Smoking free Campus.
Main Features: Situated at the heart of the capital city, Co-education & Homely Atmosphere, Rich Library & Laboratory (air-conditioned). Modern Method followed in teaching Religious, Cultural & Sports facilities Academic & Financial help to the Exceptionally Meritorious and poor Students Computer & Spoken English learning open for all
Library & facilities: Library I. Working hours 8 am - 8 pm II. Total Books and Journals: 20,000 Copies III. Air Conditioned reading room IV. Students & Teachers can jointly conduct research work at working hours. V. Departmental libraries & seminar service support the spiritual activities of students Computer Lab: Air-conditioned computer lab open & free for all students
BBA Department:
Fig: 7.17 BBA Departments
43
7.5 Contact us: These sections all student facilities contract number, E-mail address, MCUC address etc see this website visit. It is very useful part the student information
Fig: 7.18 Contact us page
7. 6: Soft ware pages (Admin section) This section use only office section from BBA & CSE department. This section use user number and password. It is use all information add the web page so any student visit this website see all necessary information. This is the main part from this software. And this section is contain the responsibility for higher security
7.6.1: Admin panel To access all the features of this site, a user has to sign up with this site. For signing up, a user has to enter user's name, give a password.
7.6.2: log in page After being authenticated, user can log in into the system from homepage. The user has to enter only the username and password for logging in. after successful log in, a welcome message is displayed and then user gets access to all of the features. If the username or password is invalid, error message is showed and the user is prompted to enter correct username and password. User's Log In page is show there:
44
Loin page (User Baby)
fig:7.19 login page
7.6.3: Add new user page This page create new user for the login member. First type the new name and password add type the retype password now click add user. so atomatic create the new user.
fig:7.20 add new user page
44
45
7.6.4: Add result page Administrator is a super user. So she/he can view everything in this. At the same time he has the authority add everything. So add options are provided in view section. This option is used to add/create new record in database. Administrator can add result any semester CSE & BBA department.
Fig: 7.20 add result page
7.6.5: Add examination schedule page Administrator is a super user. So she/he can view everything in this. This option is used to add/create new examination schedule in database. Administrator can add exam schedule type Dept name, semister, Exam title, Exa dur, subject name, room no and then click add schedule. so add the record in database.
Fig: 7.21 Add examination Schedule page:
46
7.6.6: Add class schedule page Administrator is a super user. So she/he can view everything in this. This option is used to add/create new class schedule in database. Administrator can add class schedule type Dept name, semister, Exam ,subject name, time, room no , teacher and then click class schedule. so add the record in database
fig:7.22 Add class Schedule page:
7.6.7: Add online notice page Administrator is a super user. So she/he can view everything in this. This option is used to add/create notice in database. Administrator can notice type Draw, valid upto, dept , semister, subject, notice and then click add notice . so add the record in database
fig:7.22 Add class Schedule page: fig:7.23 Add Notice page:
48
7.6.8: Add semister subject Administrator is a super user. So she/he can view everything in this. This option is used to add/ create subject name in database. Administrator can type all semister subject name and then click conform , so add the record in database
fig:7.24 Add semister subject page:
7.6.9: Add student account information: Administrator is a super user. So she/he can view everything in this. This option is used to add/ create student account in database. Administrator can type all semister student ID , payment account money and then click conform , so add the record in database
fig:7.23 Add account information page:
49
43
Development of an Online Admission & Information System Part –3 Chapter 8
Security 8.1: Introduction Since Security is a term means different things to different people, and has both business and technical connections, we shall use this first section to clarify what we mean by it. Typically developers, product vendors, organizations, and end users all have Different parts of view on the subject.
Trusted systems From the business perspective, security means implementing a system that can be trusted. This means that the system must be designed and correctly configured to provide. Legitimate access to the system Data confidentiality Protection against malicious codes Audit ability of user’s access Data integrity High levels of availability Non repudiation of received information
Access Controls A key task of any security subsystem is to restrict system access to a known group of users. Checking for the legitimate use of a system involves the following steps: Identify the user; this process is called authentication When the user attempts to perform a particular action (e,g., invoke an executable program), check that the user has been granted the appropriate access rights (or permissions)
Data Confidentiality Providing data confidentiality and protection against unauthorized modification can be partially achieved by applying authentication procedures. We can gain additional confidence about the confidentiality of any data by using software services that provide data encryption. This is the process of applying an algorithm to a
message, which scrambles the data it contains. Given only the encoded data, it is very difficult and time- consuming (if not practically impossible) to deduce the original message.
Virus Protection A Trojan is one type of malicious code, but there are others. Solutions are required to protect our systems against any software that contains hidden malicious function and tries to spread onto as many other systems as possible. Such programs, macros, and scripts go under the generic name of viruses. Unfortunately, many viruses are spreading more quickly than they can be deleted and remove. Viruses generate a wide variety of symptoms, from an annoying repetitive message, to accessing and transmitting confidential data, to complete hard disk wipe-out. Underestimate what might be lurking within a virus. complete hard disk wipe-out. Underestimate what might be lurking within a virus. Virus detection software can be used for continual scanning of the hard disk (s), memory, and network interfaces for known viruses, and to treat the system by removing the malicious code.
Physical security Of course, if we are operating a business-critical system, then we will need o consider the physical security of the computer hardware. These considerations may seem obvious, but there are aspects of physical security that we must build into our plan before we build our system. Ideally, our hardware must be located in a dedicated room, designed for delicate computer equipment. We need to consider temperature, humidity, dust extraction, etc. The computer room should have restricted and monitored access limited to the personnel who are needed to administer the system. Food and drink must be banned from the room; if someone spills a cup of coffee into the web Server, and the staff loses access to data or applications as result, then it will cost the organization greatly. This may seem an obvious point, but the service department of any large company has tall tales to tell about “liquid contamination�! We will need to make sure that power switches and reset buttons are positioned so that they can’t be activated accidentally. I once leaned on a big red button and immediately killed all of the machines in the machine room! We should consider using uninterruptible powers supply (UPS) and perhaps a backup generator, so that the system continues to run in the event of a power failure. Power conditioners should be used to prevent surges that can harm the delicate equipment.
High Availability / Fault Tolerance High available systems can be a achieved using the latest clustering software, which allows two or more machines to be interconnected and to work as a single unit.
Fault-tolerant disk systems, called Redundant array of Inexpensive Disks (RAID), can be 52 used to protect data if a single point of failure occurs.
Backing Up Your System In order to protect the system against data corruption due to equipment failures and either accidental or malicious user actions, it’s worth making regular backup copies of your data.
8.2: Security and the Internet So far we have introduced a number of key security concepts that are prerequisites for success. by implementing the appropriate security measures, we can defend our systems from both internal and external perils. Now let us have a closer look at the sorts of threats that can arise from the Internet.
1. External threats The bandits of today’s superhighway can be classified into three groups.: Charlatans: Those who impersonate an existing person or Organization, or take on a false identity. Spies: Those who access confidential information. Vandals: Those who tamper with data
1. Internal threats The people to watch inside your organization are :
Administrators: Because responsibility for the system’s security stops with the administrator, he is frequently the weakest link in security management. Village Idiots: Actions that lead to serious damage and severe consequences are not always malicious. Traitors: It is quite possible that the spies and vandals we have already discussed are disgruntled staff members or associated with partner organizations that have been granted privileged accuse into your system.
8.3: Web Security Requirements Building a secure Web architecture needs careful design in a number of different areas, including: The Web Server The Network The User’s Desktop The corporate Enterprise System
In this section we will discuss the requirements for each of these areas and summarize the topics that will be addresses throughout this book.
The Web Server To achieve a secure solution, it is vital that must provide: Authentication of each user’s identity Restrictions on accessing system resources (Such as disk files, processes, etc.) to only those users who have permission to perform the action. Auditing of users’ actions A rich set of administrative tools.
The Network The requirements for secure Web networking include : Protocol filters to: Prevent break-ins to any private areas of the Web system or other machines in the corporate enterprise. Encrypted data channels Message tampering detection Client and server authentication
The User Desktop The requirements for the protection of a user’s desktop are an electronic form of shrinkwrapping that provides, for any downloaded software, The name of the software publisher Assurance that the software has not been tampered with since being published.
8.4: Internal and External Users As we have said, most serious operating systems, including Unix, provide security by limiting the ability of each user to perform certain operations. The exact details are unimportant, but when we apply thsis principle to a web server, we clearly have to decide who the users of the web server are with respect the security of our network sheltering behind it. When considering a web server’s security, we must recognize that there are essentially two kinds of users: internal and external. The internal users are those within the organization that owns the server (or, at least, the users the owners intend to be able to update server content); the external ones inhabit the rest of Internet. Of course, there are many levels of granularity below this one, but here we are trying to capture the difference between users who are supposed to use the HTTP server only to browse pages (the external users), and users who may be permitted greater access to the web server (the internal users)
We need to consider security for both of these groups, but the external users are more worrying and have to be more strictly controlled. It is not that the internal users are necessarily nicer people or less likely to get up to mischief. In some way, they are more likely to create trouble, having motived and knowledge, but, to put bluntly, we know (mostly) who sings their pay cheeks. The external users are usually beyond our vengeance. In essence, by connecting to the Internet, we allow anyone in the world to type anything they like on our server’s keyboard. This is an alarming thought: we want to allow them to do a very small range of safe things and to make sure that they cannot do anything outside that range. This desire has a couple of implications: External users should only be able to access those files and programs we have specified and no others. The server should not be vulnerable to sneaky attacks, like asking for a pages with a One-megabyte name (the Bad Guy hopes tat a name that long might overrun a fixedlength buffer and trash the stack) or with funny characters (like “!,” “#,” or “/”) included in the page name that might cause part of it to be construed as command by the server’s operating system, and so on. These scenarios can be avoided only by careful programming. Warm approach to the first problem is to avoid using fixedsize buffers for anything but fixed-size data, it sounds simple, but really it costs a lot of painstaking work. The other problems are dealt with case by case, sometimes after a security breach has been identified, but most often just by careful thought on the part of warm coders.
8.5: Security (My SQL and PHP) In order to safe gurad a My SQL server to the basic level, one has to abide by the following guidelines.
8.5.1: Securing My SQL MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that a user may attempt to perform. There is also some support for SSLencrypted connections between MySQL clients and servers. For the most part, MySQL has the following default security parameters: By defult mysqld runs as root. It allows external network connections and has a known port number which is easily detectable. It has no passwords whatsoever and allows “File Priv”. This means anyone from anywhere on the internet can misuse the privileges database with one SQL command. In order to safegurad a MySQL server to the basic level, one has to follow the guidelines below:
Do not forget to set a password for the root user Be careful with the access privileges given to users Never give anyone (except the mysql root user) access to the user table in the mysql database! This is one of the most important measures to be taken while secu ring your database. The encrypted password is the real password in MySQL. Anyone who knows the password which is listed in the user table and has access to the host listed for the account can easily log in as that user. PHP users must notice the addslashes () function. As of PHP 4.0.3, a mysql_escape_string() function is available that is based on the function of the same name in the MySQL C API.
In MySOL C API: Note mysql_real_escape_string () API call. In MySQL ++: Cheek out the escape and quote modifiers for query steams. For Users of Perl DBI: Check out the quote () method or use placheholders. Users of Java JDBC: Make sure you use Prepared Statement object and placeholders.
8.5.2: PHP Security PHP is a widely-used general-purpose HTML embedded scripting language that is especially suited for Web development. With PHP, one can build dynamic web pages with ease and comfort. It is the most popular scripting language that is used because of its ease and flexibility compared to other scripting languages.
a. File System Security: PHP is subject to the security built into most server systems with respect to permissions on a file and directory basis. This allows you to control which files in the file system may be read. Care should be taken with any file which is world readable to ensure that they are safe for reading by all users who have access to that files system. Since PHP was designed to allow user level access to the file system, it's entirely possible to write a PHP script that will allow you to read system files such as /etc/password, modify your Ethernet connections, send massive printer jobs out, etc. This has some obvious implications, in that you need to ensure that the files that you read from and write to are the appropriate ones.
b. Database Security Nowadays, databases are cardinal components of any web based application by enabling websites to provide varying dynamic content. Since very sensitive or secret information can be stored in a database, you should strongly consider protecting your databases. To retrieve or to store any information you need to connect to the database, send a legitimate query, fetch the result, and close the connection. Nowadays, the commonly used query
language in this interaction is the Structured Query Language (SQL). See how an attacker can tamper with an SQL query. As you can surmise, PHP cannot protect your database by itself. The following sections aim to be an introduction into the very basics of how to access and manipulate databases within PHP scripts. Keep in mind this simple rule: defense in depth. The more places you take action to increase the protection of your database, the less probability of an attacker succeeding in exposing or abusing any stored information. Good design of the database schema and the application deals with your greatest fears.
c. Performance Prior to the release of PHP 4, Perl mongers were more than happy to offer head-to-head tests between a PHP script and a similar Perl script, because they were safe in the knowledge that Perl outperformed PHP pretty much hands-down. However, since PHP 4, and particularly since PHP 4.1, PHP has really made big progress in terms of raw speed - in PHP 5.1 (still under development at the time of writing) speed is one of the primary areas targeted for improvement. The change between v3 and v4 was largest, though - to give you an idea of the speed improvement, I wrote a simple test script that works in both PHP 3 and PHP 4. It simply creates an array of 1000 different random numbers, then sorts the array. When executing this script 1000 times, PHP 3 managed to achieve 19.51 requests per second on a 500MHz Linux box, compared to PHP 4's 43.08 requests per second - quite a difference, and the program was only four lines long! So, PHP 4 performance was certainly nothing to be sniffed at. You will see a much bigger performance difference when using a more complicated script, and even higher numbers if you use one of the many PHP accelerator packages available. Later on in the book I will be discussing how to maximize your script performance by checking out every drop of performance available.
Chapter 9 Overall Discussion 9.1: Future Extension
In future this system can be extended for developing more flexible and user interactive system. But we thought that if the following sections/ topics are included in future then it will better and glorious: 1. Online money transaction capability. 2. Online education. 3. Online Viva voce Exam. 4. An interactive timer (stop watch)
9.2: Limitation In this system we used a timeout procedure for controlling the duration of the Examination. But it is not so interactive to the user because the candidate is only can know him/her self the starting time of exam and the duration of the exam. But he /she self the starting time of exam and the duration of the exam. But he/she had to check the time and alert him/her self, the system didn’t it automatically. To overcome this limitation we have to include an interactive stop watch or timer.
9.3: Discussion We have presented here the architectural design and development procedure of the proposed system. We have implemented the simplest approach because of the limitation of time duration of the project. And we can’t include all the topics of the existing system such as the existing system collect the fee of admission form the candidate and which can be automated by means of credit card but in our country credit card is not familiar.
9.4: Conclusion As the world is running towards the technology of atomicity through Internet, this approach, if implemented in the admission of different Universities, will see the light of the technology of the twenty first century. The project can be parallel with the manual system to make the authority understand that everything in the century of commerce is done through the net. The proposed system, we think so, will be the most valuable resource for both the candidate who are want to admitted and the department authority as well as college authority, since this automated and distributed system lower the overhead of the college authority and as wel as 58 for candidate who lived in long distance.
Chapter 10 Web resources & Book reference PHP and Mysql Web Resources: 1. www. Wrox.com 2. www. W3school .com 3. www. Mysql. com
4. www. Freshmeat .com 5. http:/mysql.hklpg.org/
Book References: HTML: 1. HTML 2. Mastering HTML
By Elizabeth Castre
PHP and Mysql: 1. Beginning PHP - Chris Lea - Allan Kent - Ganesh Prasad - Chris Ullman - Jon Blank 2. PHP/Mysql Web Database application
Software Engineering: -by shooman -by roger S. Pressman
Information System -by Awad
ASP/MTS/ADSI Web Security -by Harrison
Database Management System - by H. Korth