Monday, August 5, 2019
Online Course Registration And Management System
Online Course Registration And Management System Currently the Microsoft IT Academy in Multimedia University Melaka using the website that hosted in MMU server to provide information regarding the course offered as well as the registration method to enroll on the specific course. As the course registration is still done manually, below is the summary of the problem on the manual method: User : It consumes time as user is not enabling to book the seat if they have not submitted the form manually together with official receipt to the instructor. The user can pay the registration trough many ways, such as Online Banking, but they still have to submit the official receipt taken from Multimedia University finance division. Administrator/Instructor : Administrators have to wait until the number of registrant fulfills the minimum requirement of the course to open class. All registration related must be done manually, as no online system available yet. Financial report must be also done manually in order to keep track of the financial progress of the courses. Project Objective The project objective will be focused on developing an online course registration to ensure the effectiveness of the flow of registration. Moreover the system will offer a complete management system that integrated with the online course registration to help the stakeholder for maintaining the flow process of the course. The registration process can be done online without the need of paperwork anymore. It is also help the student to get more information about the course process while they enrolled. The administrator will get easier way to determine the seat of the courses, keep track of the registration module, and generate report for the year to help them determine the development of the courses. The cores of objectives of the project are followings: To study existing course registration system in Microsoft IT academy of Multimedia University. Analyzing current course registration system, by interviewing the stakeholder of the system. To propose an online course registration and management system. To identify the user requirement for online course registration and management system. To develop an online course registration and management system. To evaluate the online course registration system that been develop. Project Scope The studies will develop an Online Course Registration, specifically for the Microsoft IT Academy in Multimedia University. With this system, it will affect the stakeholder of the Microsoft IT Academy Multimedia University Melaka Campus such as: Administrator /Instructor The Administrator for the system will be divided to several privileges on how they can use the system. Administrator for example, have all the privileges such as adding instructor, adding courses, update information, adding downloadable material, registration module, etc., but Instructor only have several privileges on what they can do and not do in the Online course registration and management system. Student/User Student will get a more accessible way in order to register and booked the seat for the courses. They also can get updates from administrator keep track on the progress of the course. Significance of Project This final year project for intelligence online course registration will not only provide basic feature to the user as well as administrator, but will be also completed with these features: Online Chat Helpdesk Support System The Helpdesk Support System will allow the user to interact with the administrator in case if they have certain question to be asked regarding the course or the registration flow. Security Security of the website is one of the main concerns to be improved as the registration is moving from traditional to online based. The reason is because user will send their confidential data to the system. Some user might use the same login ID or password, and without proper security, the data might be accessed by third party, or the user session is hijacked while sending the data. The security improvement will also provide log to the administrator in case there are some abnormality in the system after some user log in. As the security improved, we are giving the user a better understanding why they should trust our system. Limitation of Project In this project there are 2 objectives to achieve which are developing online course registration and management system for the Microsoft IT Academy Multimedia University Melaka. This project will focused on how to make the registration flow as simple as possible and also automated in the flow process. However there are limitations which is not be covered in this project. Even though the registration for the user will be done online, some flow of the process will be still done manually, such as submitting the official receipt of MMU to instructor. This is because of Multimedia University policy that not allows administrator to access the student financial report. Yet the system itself will allow user to upload the proof of payment trough online registration. Structure of Report This report consists of 5 main chapters. The first chapter, Chapter 1 which is Introduction presents overview of the project, the problem statement of the study state the problem occur on the current system, the project scope, objectives of the study that explain about the project main goals that need to be achieved, and structure of the report as well as the limitations of the project. Chapter 2 which is Literature Review state explains about materials used to study for the proposed system later, literature review also briefly explain some previously system that use same the technology in registration system. Chapter 3 is Methodology; and this chapter explains about the methods and tools that will be used to develop the system. It also gives some explanations why the methods and tools are chosen in the project. Chapter 4 which is the Proposed Solution and Implementation Plan or Design, this chapter presents the plans on how the system developed as well as the design of the system. This chapter mainly consists of diagrams to describe the design of the proposed system and some little explanation about the proposed system. Chapter 5 is conclusion; this chapter will summarize the conclusion of the objective stated. Chapter Summary In this Final year project the main objective is to propose and develop an online registration and management system that will facilitate the user as well as the administrator in order to keep the flow of registration more compact and efficient. This chapter explains the scope of the project which will affect the Microsoft IT Academy in Multimedia University Melaka stakeholder. Moreover in this chapter also describes about the problem that the current system where most of the flows still done manually. Chapter 2 Literature Review Online course registration and management system has become a necessity in order to create simple and accessible way to support today system. The internet has dramatically changed the role of Internet today (Cassidy 2002:1). Internet is the tool or vehicle for many applications, as well as to maintain registration for government, companies, and many events. This is happen as result of the simplicity of internet access in many part of the world. 2.1. Online Course Registration Johnson and Manning (2010) stated that the two biggest differences between registering online and mailing in your paperwork are time and technology. It can take time when users have to fill in the form, and then submit it in some other places. Instead of taking time, technology has helped us to make the registration procedure into the next level. You can find more information about the courses you want to take and in the same time fill up the form, pay the fees, etc. The staff that receives registration information most probably will process the information in same system, so by using online course registration and management system, we can save time. 2.1.1. Online Course Registration and Management System An Online course registration and Management System is systems that maintained the registration flow for the user and provide extensive capability for the administrator to maintain the content, report, and ability to add, update, or delete the content of a system. Currently there are many applications that have the ability to manage registration online. Some of them are very simple, and more complicated that use current technology. Almost all web based programming language support the capability to make online registration, such as PHP or .NET provide many option to build intelligence course registration and management system. A good system must be able to provide sufficient information and services needed by user as well as delivering extensive report to the administrator (Anggarwal.2003:233). 2.1.2. Existing Online Course Registration and Management System Most of the Online Course Registration and Management System are mostly used in educational institution and professional courses. This is to avoid time consuming of managing numerous users and prevent error from manual method. Based on that, people tend to use Online Course Registration and Management System. There is some Online Course Registration and management System that researched and improves, such as: Wylie Course Registration The C-Registration System will replace the existing mainframe course registration system at Wylie College. The new system will interface with the existing Billing System and Course Catalog Database System as shown in the context diagram below (see Figure 2.1). The C-Registration System will consist of a client component and server component as illustrated in Figure 2.2. The server component resides on the Wylie College UNIX Server. The server component must interface with the Billing and Course Catalog Database Systems on the College DEC VAX Main Frame. This interface is supported by an existing Open SQL Interface. The client component resides on a personal computer. The College PCs will be setup with the client component installed. Any non-college PCs must download the client software from the UNIX Server via the Internet. Once the client component is installed on the PC, the user may access the C-Registration System from the PC through the College LAN or Internet. A valid ID number and password must be entered in order for access to be granted. Figure 2.1 C-registration System Context Diagram Figure 2.2 C-Registration system overview The C-Registration system has many capabilities which will be explained the following table: Table 2.1 C-Registration capabilities Costumer benefit Supporting features Up-to-date course information The system accesses the Course Catalog Database for up-to-date information on all courses offered at Wylie College. For each course, the Students and Professors may review the course description, Prerequisites, assigned teachers, class locations, and class times. Up-to-date registration information All course registrations are immediately logged in the Registration Database to provide up-to-date information on full or cancelled courses. Easy and timely access to course grades Students can view their grades in any course simply by providing their user ID and password. Students may access the registration system from any College PC or from their home PC via the internet. Professors enter all student marks directly into the Registration Database from their PCs. Access from any College PC Students may access the registration system from any College PC or from their home PC via the internet. Installation of the client component of the C- Registration System on a PC is an easy to follow process using the internet Easy and convenient access from your PC at home Students may access the registration system from any College PC or from their home PC via the internet. Secure and confidential A valid user ID and password is required to gain access to the C-Registration System. Student report card information is protected from unauthorized access. Instant feedback on full or cancelled courses All course registrations are immediately logged in the Registration Database to provide up-to-date information on full or cancelled courses. Online Course Registration System for the Faculty of Engineering in University of Peradeniya In the system developed by the University of Peradeniva, there are some necessity in online registration course that should be included in the system, such as: Authentications and Authorizations of users; Administrators should be able to decide time period for the registration (before the start of the semester) and time period for the add/drop period (at the beginning of the semester); Administrators should be able to enter required data into the system such as courses, students, advisers and examination results; Advisers are allowed to view filled registration form of each student and accept/ reject the registration; Students should be able to view current courses and previous results, to register or add/drop new semester courses; Users should be able to change their passwords and personal information; and In the absence of a relevant adviser, the head of the department should be able to accept the online registration forms. All users have their own usernames and passwords to access the system and they have the ability to change their passwords. They will be given separate entry levels to access the system. Figure 2.2 depicts the use-case diagram of the system. Administrators are the staff officer at the Office who is responsible for course registration. They have the authority on deciding time durations, entering required details and finalizing registrations. Figure 2.3 use case of the online Registration in University peradeniya Advisors are all the department heads and lecturers who are assigned as advisers for students. They are capable of viewing courses, student details and results and accepting or rejecting registration forms. Student category contains everyone who has registered for a degree programme in the faculty. They are allowed to view available courses, their details and results, and to complete their registration forms and add/drop forms. The system that being used will be detailed explained in the table below: Table 2.2 system used in Online Course Registration of university peradinya Technology Usage Dream Weaver GUI Design CSS Additional Features in GUI Design ASP.net Programming Design Ajax Client Script Development SQL Server 2000 Database Design IIS Web Server to host the system Crystal Report 9.0 Generate reports. As the system works, it has not only reduced the burden of all parties involved in the course registration process, but also improved the process by reducing errors. Secure Online Application The real test of a secure Web Application occurs when it comes time for users to log in and access your site (Burnett,Mark.2004). Login screen is look simple. User just provide the username and password, the system will authenticate it to access the system. Authentication establishes a users identity. Once this identity is proved valid, the user is authorized (or nor authorized) to access various features of the Web application. 2.2.1 User authentication Threats The primary threats with user authentication are: Account hijacking This involves taking over the account of a legitimate user, sometimes denying the rightful user access to his or her account. Man-in-the-middle Intercepting Web traffic in such a way that the attacker is able to read and modify data in transit between two systems. Phishing A type of man-in-the-middle attack in which the attacker lures a legitimate user to enter a password through a fake e-mail or Web form designed to look like that of a legitimate Web site. Unauthorized access Gaining access to restricted content or data without the consent of the content owner. Information leakage Revealing or failing to protect information that an attacker can use to compromise a system. Privilege escalation Allowing an attacker to gain the access privileges of a higher-level account. Sniffing Using a network-monitoring utility to intercept passwords or other sensitive information that traverses a network. Because the login form plays such an important role in authenticating users, it is important to protect the form itself from flaws. A poorly written login form is vulnerable to password sniffing, information leakage, and phishing. Furthermore, the form itself may be vulnerable to flaws such as SQL injection and cross-site scripting. 2.2.2. Secure Authentication In ASP.NET the IIS provides four standard methods for authentication: Basic authentication Digest authentication Integrated Windows authentication Client certificate mapping Basic Authentication Basic authentication works by prompting a Web site visitor for a username and password. This method is widely used because most browsers and Web servers support it. The benefits are: It works through proxy servers. It is compatible with nearly every Internet browser. It allows users to access resources that are not located on the IIS server. Basic authentication also has some drawbacks: Information is sent over the network as cleartext. The information is encoded with base64 encoding, but it is sent in an unencrypted format. Any password sent using basic authentication can easily be decoded. By default, users must have the Log On Locally right to use basic authentication. Basic authentication is vulnerable to replay attacks. Because basic authentication does not encrypt user credentials, it is important that traffic always be sent over an encrypted SSL session. A user authenticating with basic authentication must provide a valid username and password. The user account can be a local account or a domain account. By default, the IIS server will look locally or in Active Directory for the user account. If the user account is in a domain other than the local domain, the user must specify the domain name during logon. The syntax for this process is domain nameusername, where domain name is the name of the users domain. Basic authentication can also be configured to use user principal names (UPNs) when you use accounts stored in Active Directory. To prevent exposing user credentials to others on the network, it is essential that you always use SSL with basic authentication. Note that basic authentication causes the browser to send user credentials to every page on the same site or within the same realm, not just the login page. If you dont use SSL on every page, user credentials will be visible on the network. One way to prevent these credentials from being sent on unprotected content is to use a unique realm for protected and unprotected content. Digest Authentication Digest authentication has many similarities to basic authentication, but it overcomes some of the problems. Digest authentication does not send usernames or passwords over the network. It is more secure than basic authentication, but it requires more planning to make it work. Some of the similarities with basic authentication are: Users must have the Log On Locally right. Both methods work through firewalls. Like all authentication methods, digest authentication does have some drawbacks: Users can only access resources on the IIS server. Their credentials cant be passed to another computer. The IIS server must be a member of a domain. All user accounts must store passwords using reversible encryption. The method works only with Internet Explorer 5.0 or higher. Digest authentication is vulnerable to replay attacks, to a limited extent. Digest authentication is secure due to the way it passes authentication information over the network. Usernames and passwords are never sent. Instead, IIS uses a message digest (or hash) to verify the users credentials. In order for digest authentication to work, all user accounts must be stored using reversible encryption in Active Directory, which may be a potential risk. After this setting is enabled for a user account, the users password must be changed to create the plaintext copy. Digest authentication does provide more security, but for most Web sites, the limitations of this method outweigh the benefits. One interesting peculiarity with IIS is that when you send authentication headers to a client, it will send the basic authentication header before the digest one. Many Internet browsers use the first header they encounter and therefore opt for the weaker basic authentication. Integrated Windows Authentication Integrated Windows authentication is also a secure solution because usernames and passwords arent transmitted across the network. This method is convenient because, if a user is already logged on to the domain and if the user has the correct permissions for the site, the user isnt prompted for his or her username and password. Instead, IIS attempts to use the users cached credentials for authentication. The cached credentials are hashed and sent to the IIS server for authentication. If the cached credentials do not have the correct permissions, the user is prompted to enter a different username and password. Depending on the client and server configuration, integrated Windows authentication uses either the Windows NT LAN Manager (NTLM) or Kerberos for authentication. You cannot directly choose which one is used; IIS will automatically choose a method based on the server and client configuration. The Web browser and the IIS server negotiate which one to use through the negotiate authentication header. Both Kerberos and NTLM have their own advantages and disadvantages. Kerberos is faster and more secure than NTLM. Unlike NTLM, which authenticates only the client, Kerberos authenticates both the client and the server. This helps prevent spoofing. Kerberos also allows users to access remote network resources not located on the IIS server. NTLM restricts users to the information located on the IIS server only. Kerberos is the preferred authentication method for an intranet Web server. However, the following requirements must be met for Kerberos to be used instead of NTLM: Both the client and server must be running Windows 2000 or later. The client must be using Internet Explorer 5 or later. The client and server must be in either the same domain as the IIS server or in a trusted domain. Integrated Windows authentication has a few limitations: It works only with Internet Explorer 3.01 or later. It does not work through a firewall. The client will use the firewalls IP address in the Integrated Windows hash, which will cause the authentication request to fail. Client Certificate Mapping Client certificate mapping is the process of mapping a certificate to a user account. Certificates can be mapped by Active Directory or by IIS. Both of these methods require Secure Sockets Layer (SSL). There are three types of certificate mappings: One-to-one mapping Many-to-one mapping UPN mapping Certificate mapping is the process of linking a certificate to a specific user account. Normally, if we wanted to give a user authenticated access to the intranet; we would either create a user account or allow the user to log in using his domain account. Creating duplicate accounts is time-consuming, yet if users use their domain accounts, there is the concern that their domain passwords could become compromised. To provide better security and reduce the administrative workload, we could choose to issue each user a certificate. Certificates can be used to verify a users integrity. It is actually more efficient to use a certificate than a user account because certificates can be examined without having to connect to a database. It is generally safer to distribute certificates than user accounts. Furthermore, it is much easier to guess or crack someones password than it is to forge a certificate. Chapter Summary This chapter discusses the material research as well as basic understanding of the online course registration and management system. The material provided is to help and understand the project, and how the system can improves the registration and management system. Chapter 3 Methodology 3.1. System Methodology It is important to understand that an information system has a life cycle, just as living system or a new product has. System analysis and design constitute the key stage of system development life cycle (ISRD Group, 2007). System Development Life Cycle has several phases which are planning, analysis, design, implementation, and maintenance. Figure 3.1 System Development Life Cycle 3.1.1. Planning Planning is the first phase in the System Development Life Cycle, in this phase the necessity of the system has to be identified (Hoffer, et al., 2005). The objective, scope and the main reason to develop the system has been explained in previous chapter. 3.1.2. Analysis The second phase is the analysis phase, which during this phase an analysis on the system requirement is being held (Hoffer, et al., 2005). The output of this phase is a description of the recommended solution by determining the problems and requirements. In this phase information regarding of the project is gathered, the information gathered then can be studied to help the understanding about the project. In this project analysis phase determine what method used to build the system later on. In this phase, we interview the stakeholder of Microsoft IT Academy Multimedia University (see appendix for detail) In analysis phase, we determine: Detailed evaluation of current system Data Collection User Requirement 3.1.2.1 Current System Evaluation Figure 3.2 System flow of the system Figure 3.2 show the current system flow of the MSITA. The flow show that some part still done manually, such as filling form and registration (student have to download form from website, pay the course fees to MMU finance, and submit the official receipt to the instructor). The website that being used now is using ASP.NET as programming language, but there is no online registration capabilities. The website is used for content management system only. All the registrant will be input manually by the instructor. 3.1.2.2. Data Collection To ensure that we understand the flow of the current system, we need to identify the stakeholder of the system, such as: Table 3.1 Stakeholder No Stakeholder Name Stakeholder type Roles 1 Instructor Instructor of Courses Provide Course material, provide place/lab for the course exercises , manage registration for user 2 MMU Finance division Registration Payment Submission Receive Payment from Costumer, Issue Official Receipt for registration 3 Student User/Costumer Register for the course, submit receipt for registration, participate in course as scheduled, take certification exam From the stakeholder above, we already identify that the most influence entity are the User and Instructor of the course. We will then identify the problem on the current website. Function of Microsoft IT Academy Website As main website for student for : Check latest/available course offered by MSITA team. Check schedule for the course Check registration procedure (Download Registration Form) Download notes/material for the course (only for registered user) Technical Detail of Microsoft IT Academy Website Technology Used : ASP.NET Other Items considered Course material is given trough the class Registration of the course still done manually (student have to download form from website, pay the course fees to MMU finance, and submit the official receipt to the instructor). The reason why the registration still done manually : Sometimes there are changes in registration procedure (e.g. minimum requirement for the number of the student to open the courses, some courses is added/removed). Need the proof of payment to confirm student registration. Figure 3.3 MSITA website details 3.1.2.3 User Requirement As the main concern of the development in MSITA website, we need to make the registration process and also maintenance of the website online; these are the requirement of the proposed solution: Table 3.2 User requirement User Side Administrator Side User can register in the MSITA website as website member as option before they register to the course Administrator panel Student registered as website member need to fill course to take in future/next trimester in order to keep track the estimated number of course offered. Add/Remove course Student can fill the registration form trough MSITA website. Automatic Email to all student registered Student can upload scanned proof of payment trough registration form Registration module for administrator Student can fill option to take exam after course registration in order to get exam voucher Financial Report of the year 3.1.3 Design Design Phase required us to determine the logical and physical design of the system. We need to determine the system features and all other necessary requirement for the system. Later on in the next phase of the project we will transform the logical design into fully working system. 3.1.4 Implementation The fourth phase is implementation. In this phase the physical design of the system will be programmed into a working system (Hoffer, et al., 2005). In implementation coding, testing, and installation will be included. In coding, the system will be programmed to a working system. After it programmed the system will be tested to find errors and bugs in the system. Lastly, during installation the system will be installed and ready to use. In the phase 1 of the project implementation of the system is not going to be built. The implementation phase will be held during the second phase of the p
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment