Online Course Registration And Management System

Online endure enrollment And Management SystemCurrently the Microsoft IT Academy in Mul durationdia University Melaka using the website that hosted in MMU host to provide information regarding the course produceed as intimately as the adjustment method to enroll on the specific course. As the course fitting is still through manu totallyy, below is the summary of the problem on the manual method exploiter It consumes time as utilisationr is non enabling to sacred scripture the seat if they name not submitted the form manually together with official pass to the instructor.The substance absubstance ab exerciser squeeze out even out the enrolment stadium many an(prenominal) delegacys, much(prenominal) as Online Banking, save they still have to submit the official receipt taken from Multimedia University finance division.Administrator/ instructor Administrators have to wait until the act of registrant fulfills the minimum requirement of the course to open class.All a llowance related must(prenominal) be do manually, as no online schema available yet. pecuniary decl ar must be overly done manually in order to keep track of the financial progress of the courses.Project ObjectiveThe invent objective allow be focuse on developing an online course enrollment to ensure the effectiveness of the tend of registration. Moreover the brass volition offer a complete charge system that integrated with the online course registration to help the stakeholder for maintaining the flow process of the course.The registration process can be done online without the need of paper plump anymore. It is a worry help the student to get more information about the course process while they enrolled.The executive will get easier stylus to determine the seat of the courses, keep track of the registration module, and generate report for the year to help them determine the development of the courses. The cores of objectives of the retch are followingsTo study exi sting course registration system in Microsoft IT academy of Multimedia University. Analyzing current course registration system, by interviewing the stakeholder of the system.To propose an online course registration and charge system.To localize the user requirement for online course registration and management system.To develop an online course registration and management system.To evaluate the online course registration system that been develop.Project stage settingThe studies will develop an Online Course Registration, specifically for the Microsoft IT Academy in Multimedia University. With this system, it will affect the stakeholder of the Microsoft IT Academy Multimedia University Melaka Campus such asAdministrator /InstructorThe Administrator for the system will be divided to several privileges on how they can use the system. Administrator for example, have all the privileges such as adding instructor, adding courses, modify information, adding downloadable material, regist ration module, etc., but Instructor only have several privileges on what they can do and not do in the Online course registration and management system.Student/UserStudent will get a more entranceible way in order to lodge and booked the seat for the courses. They to a fault can get updates from administrator keep track on the progress of the course.Significance of ProjectThis final year project for intelligence online course registration will not only provide basic feature to the user as well as administrator, but will be also finish with these featuresOnline Chat Helpdesk Support SystemThe Helpdesk Support System will provide the user to interact with the administrator in case if they have certain question to be asked regarding the course or the registration flow.SecuritySecurity of the website is one of the main matter tos to be improved as the registration is go from traditional to online based. The reason is because user will send their confidential data to the system. S ome user might use the same poundin ID or password, and without proper fosterive covering, the data might be entrywayed by third surgical incisiony, or the user session is hijacked while sending the data. The security improvement will also provide log to the administrator in case there are some abnormality in the system after some user log in. As the security improved, we are giving the user a better understanding why they should trust our system.Limitation of ProjectIn this project there are 2 objectives to achieve which are developing online course registration and management system for the Microsoft IT Academy Multimedia University Melaka. This project will focuse on how to make the registration flow as simple as possible and also automated in the flow process.However there are limitations which is not be cover in this project. Even though the registration for the user will be done online, some flow of the process will be still done manually, such as submitting the official receipt of MMU to instructor. This is because of Multimedia University policy that not allows administrator to access the student financial report. Yet the system itself will allow user to upload the proof of payment trough online registration.Structure of ReportThis report consists of 5 main chapters. The first chapter, Chapter 1 which is Introduction presents overview of the project, the problem statement of the study state the problem occur on the current system, the project scope, objectives of the study that explain about the project main goals that need to be achieved, and building of the report as well as the limitations of the project.Chapter 2 which is Literature Review state explains about materials employ to study for the proposed system later, literature polish up also briefly explain some previously system that use same the technology in registration system.Chapter 3 is methodology and this chapter explains about the methods and tools that will be used to develop t he system. It also gives some explanations why the methods and tools are chosen in the project.Chapter 4 which is the Proposed Solution and Implementation Plan or Design, this chapter presents the plans on how the system developed as well as the design of the system. This chapter mainly consists of diagrams to describe the design of the proposed system and some little explanation about the proposed system.Chapter 5 is oddment this chapter will summarize the conclusion of the objective stated.Chapter SummaryIn this Final year project the main objective is to propose and develop an online registration and management system that will facilitate the user as well as the administrator in order to keep the flow of registration more cluster and efficient. This chapter explains the scope of the project which will affect the Microsoft IT Academy in Multimedia University Melaka stakeholder. Moreover in this chapter also describes about the problem that the current system where nigh of the f lows still done manually.Chapter 2Literature ReviewOnline course registration and management system has become a necessity in order to create simple and accessible way to support today system. The internet has dramatically changed the role of Internet today (Cassidy 20021). Internet is the tool or vehicle for many applications, as well as to maintain registration for government, companies, and many events. This is happen as result of the simplicity of internet access in many part of the world.2.1. Online Course RegistrationJohnson and Manning (2010) stated that the two biggest differences between registering online and mailing in your paperwork are time and technology. It can take time when users have to fill in the form, and then submit it in some other places. Instead of victorious time, technology has helped us to make the registration procedure into the side by side(p) level. You can muster up more information about the courses you want to take and in the same time fill up th e form, pay the fees, etc. The staff that receives registration information most probably will process the information in same system, so by using online course registration and management system, we can give birth time.2.1.1. Online Course Registration and Management SystemAn Online course registration and Management System is systems that maintained the registration flow for the user and provide extensive efficiency for the administrator to maintain the content, report, and ability to add, update, or delete the content of a system. Currently there are many applications that have the ability to manage registration online. Some of them are very simple, and more complicated that use current technology. Almost all web based programming language support the power to make online registration, such as PHP or .NET provide many survival to build intelligence course registration and management system. A good system must be able to provide sufficient information and services needed by us er as well as delivering extensive report to the administrator (Anggarwal.2003233).2.1.2. Existing Online Course Registration and Management SystemMost of the Online Course Registration and Management System are mostly used in educational institution and professional courses. This is to avoid time consuming of managing numerous users and prevent error from manual method. Based on that, people tend to use Online Course Registration and Management System.There is some Online Course Registration and management System that researched and improves, such asWylie Course RegistrationThe C-Registration System will replace the existing mainframe course registration system at Wylie College. The late system will interface with the existing Billing System and Course Catalog Database System as shown in the context diagram below (see Figure 2.1).The C-Registration System will consist of a client component and server component as illustrated in Figure 2.2. The server component resides on the Wylie College UNIX Server. The server component must interface with the Billing and Course Catalog Database Systems on the College DEC VAX Main Frame. This interface is supported by an existing Open SQL Interface.The client component resides on a personal computer. The College PCs will be apparatus with the client component installed. every non-college PCs must download the client software from the UNIX Server via the Internet. Once the client component is installed on the PC, the user may access the C-Registration System from the PC through the College LAN or Internet. A valid ID number and password must be reached in order for access to be granted.Figure 2.1 C-registration System Context DiagramFigure 2.2 C-Registration system overviewThe C-Registration system has many capabilities which will be explained the following tableTable 2.1 C-Registration capabilitiesCostumer advantageSupporting featuresUp-to-date course informationThe system accesses the Course Catalog Database for curre nt information on all courses offered at Wylie College.For each course, the Students and Professors may review the course description, Prerequisites, delegate teachers, class locations, and class times.Up-to-date registration informationAll course registrations are immediately logged in the Registration Database to provide up-to-date information on just or scratch courses.Easy and timely access to course gradesStudents can view their grades in any course entirely by providing their user ID and password. Students may access the registration system from any College PC or from their home PC via the internet.Professors enter all student attach directly into the Registration Database from their PCs.Access from any College PCStudents may access the registration system from any College PC or from their home PC via the internet. instauration of the client component of the C- Registration System on a PC is an easy to follow process using the internetEasy and convenient access from your PC at homeStudents may access the registration system from any College PC or from their home PC via the internet.Secure and confidentialA valid user ID and password is required to gain access to the C-Registration System. Student report card information is protected from unauthorized access.Instant feedback on full or cancelled coursesAll course registrations are immediately logged in the Registration Database to provide up-to-date information on full or cancelled courses.Online Course Registration System for the Faculty of Engineering in University of PeradeniyaIn the system developed by the University of Peradeniva, there are some necessity in online registration course that should be included in the system, such asAuthentications and Authorizations of usersAdministrators should be able to decide time period for the registration (before the start of the semester) and time period for the add/drop period (at the beginning of the semester)Administrators should be able to enter requir ed data into the system such as courses, students, advisers and examination resultsAdvisers are allowed to view filled registration form of each student and accept/ reject the registrationStudents should be able to view current courses and previous results, to register or add/drop new semester coursesUsers should be able to change their passwords and personal information and In the absence of a relevant adviser, the head of the plane section should be able to accept the online registration forms.All users have their own usernames and passwords to access the system and they have the ability to change their passwords. They will be given separate entry levels to access the system. Figure 2.2 depicts the use-case diagram of the system. Administrators are the staff officer at the Office who is responsible for course registration. They have the authority on deciding time durations, entering required details and finalizing registrations.Figure 2.3 use case of the online Registration in U niversity peradeniyaAdvisors are all the department heads and lecturers who are assigned as advisers for students. They are capable of viewing courses, student details and results and accepting or rejecting registration forms. Student category contains everyone who has registered for a degree programme in the faculty. They are allowed to view available courses, their details and results, and to complete their registration forms and add/drop forms.The system that being used will be detailed explained in the table belowTable 2.2 system used in Online Course Registration of university peradinyaTechnologyUsageDream WeaverGUI DesignCSSexcess Features in GUI DesignASP.netProgramming DesignAjaxClient Script DevelopmentSQL Server 2000Database DesignIISWeb Server to host the system quartz Report 9.0Generate reports.As the system works, it has not only reduced the burden of all parties involved in the course registration process, but also improved the process by reducing errors.Secure Online ApplicationThe real test of a secure Web Application occurs when it comes time for users to log in and access your site (Burnett,Mark.2004). Login screen is look simple. User just provide the username and password, the system will authenticate it to access the system. Authentication establishes a users individualism. Once this identity is proved valid, the user is authorized (or nor authorized) to access various features of the Web application.2.2.1 User earmark ThreatsThe primary threats with user authentication areAccount hijacking This involves taking over the account of a legitimate user, sometimes denying the decentlyful user access to his or her account.Man-in-the-middle Intercepting Web traffic in such a way that the attacker is able to read and modify data in transit between two systems.Phishing A type of man-in-the-middle attack in which the attacker lures a legitimate user to enter a password through a fake e-mail or Web form designed to look like that of a legitimate W eb site.Unauthorized access Gaining access to restricted content or data without the consent of the content owner.Information leakage disclosure or failing to protect information that an attacker can use to compromise a system.Privilege escalation Allowing an attacker to gain the access privileges of a higher-level account.Sniffing apply a network-monitoring utility to intercept passwords or other sensitive information that traverses a network.Because the login form plays such an important role in authenticating users, it is important to protect the form itself from flaws. A poorly written login form is vulnerable to password sniffing, information leakage, and phishing. Furthermore, the form itself may be vulnerable to flaws such as SQL dead reckoning and cross-site scripting.2.2.2. Secure AuthenticationIn ASP.NET the IIS provides four standard methods for authenticationBasic authenticationDigest authenticationIntegrated Windows authenticationClient certificate functionBasic Aut henticationBasic authentication works by prompting a Web site visitor for a username and password. This method is widely used because most browsers and Web servers support it. The benefits areIt works through proxy servers.It is compatible with nearly every Internet browser.It allows users to access resources that are not regain on the IIS server.Basic authentication also has some drawbacksInformation is sent over the network as cleartext. The information is encoded with base64 encoding, but it is sent in an unencrypted format. Any password sent using basic authentication can easily be decoded.By default, users must have the Log On Locally right to use basic authentication.Basic authentication is vulnerable to replay attacks.Because basic authentication does not encrypt user certification, it is important that traffic always be sent over an encrypted SSL session. A user authenticating with basic authentication must provide a valid username and password. The user account can be a local account or a theatre account. By default, the IIS server will look locally or in active voice Directory for the user account. If the user account is in a domain other than the local domain, the user must specify the domain name during logon. The syntax for this process is domain nameusername, where domain name is the name of the users domain. Basic authentication can also be configured to use user principal names (UPNs) when you use accounts stored in Active Directory.To prevent exposing user credentials to others on the network, it is essential that you always use SSL with basic authentication. Note that basic authentication causes the browser to send user credentials to every page on the same site or within the same realm, not just the login page. If you dont use SSL on every page, user credentials will be visible on the network. One way to prevent these credentials from being sent on unprotected content is to use a unique realm for protected and unprotected content.Digest AuthenticationDigest authentication has many similarities to basic authentication, but it overcomes some of the problems. Digest authentication does not send usernames or passwords over the network. It is more secure than basic authentication, but it requires more planning to make it work.Some of the similarities with basic authentication areUsers must have the Log On Locally right.Both methods work through firewalls.Like all authentication methods, digest authentication does have some drawbacksUsers can only access resources on the IIS server. Their credentials cant be passed to another computer.The IIS server must be a member of a domain.All user accounts must store passwords using reversible encryption.The method works only with Internet Explorer 5.0 or higher.Digest authentication is vulnerable to replay attacks, to a limited extent.Digest authentication is secure due to the way it passes authentication information over the network. Usernames and passwords are never sent. Instea d, IIS uses a message digest (or hash) to range the users credentials. In order for digest authentication to work, all user accounts must be stored using reversible encryption in Active Directory, which may be a potential risk. After this setting is enabled for a user account, the users password must be changed to create the plaintext copy.Digest authentication does provide more security, but for most Web sites, the limitations of this method outweigh the benefits. One interesting peculiarity with IIS is that when you send authentication principals to a client, it will send the basic authentication header before the digest one. Many Internet browsers use the first header they encounter and therefore opt for the weaker basic authentication.Integrated Windows AuthenticationIntegrated Windows authentication is also a secure root because usernames and passwords arent transmitted across the network. This method is convenient because, if a user is already logged on to the domain and if the user has the remediate permissions for the site, the user isnt prompted for his or her username and password. Instead, IIS attempts to use the users cached credentials for authentication. The cached credentials are hashed and sent to the IIS server for authentication. If the cached credentials do not have the correct permissions, the user is prompted to enter a different username and password.Depending on the client and server configuration, integrated Windows authentication uses either the Windows NT LAN Manager (NTLM) or Kerberos for authentication. You cannot directly choose which one is used IIS will automatically choose a method based on the server and client configuration. The Web browser and the IIS server negotiate which one to use through the negotiate authentication header. Both Kerberos and NTLM have their own advantages and disadvantages. Kerberos is faster and more secure than NTLM. Unlike NTLM, which authenticates only the client, Kerberos authenticates both the c lient and the server. This helps prevent spoofing. Kerberos also allows users to access remote network resources not located on the IIS server. NTLM restricts users to the information located on the IIS server only.Kerberos is the preferred authentication method for an intranet Web server. However, the following requirements must be met for Kerberos to be used instead of NTLMBoth the client and server must be running Windows 2000 or later.The client must be using Internet Explorer 5 or later.The client and server must be in either the same domain as the IIS server or in a trusted domain.Integrated Windows authentication has a few limitationsIt works only with Internet Explorer 3.01 or later.It does not work through a firewall. The client will use the firewalls IP address in the Integrated Windows hash, which will cause the authentication request to fail.Client security department MappingClient certificate social function is the process of mapping a certificate to a user account. C ertificates can be mapped by Active Directory or by IIS. Both of these methods require Secure Sockets Layer (SSL). There are three types of certificate mappingsOne-to-one mappingMany-to-one mappingUPN mappingCertificate mapping is the process of linking a certificate to a specific user account. Normally, if we wanted to give a user authenticated access to the intranet we would either create a user account or allow the user to log in using his domain account. Creating duplicate accounts is time-consuming, yet if users use their domain accounts, there is the concern that their domain passwords could become compromised.To provide better security and reduce the administrative workload, we could choose to issue each user a certificate. Certificates can be used to verify a users integrity. It is actually more efficient to use a certificate than a user account because certificates can be examined without having to connect to a database. It is generally safer to distribute certificates than user accounts. Furthermore, it is much easier to guess or crack someones password than it is to forge a certificate.Chapter SummaryThis chapter discusses the material research as well as basic understanding of the online course registration and management system. The material provided is to help and understand the project, and how the system can improves the registration and management system.Chapter 3Methodology3.1. System MethodologyIt is important to understand that an information system has a life cycle, just as living system or a new product has. System abstract and design constitute the key stage of system development life cycle (ISRD Group, 2007). System Development deportment wheel has several phases which are planning, analysis, design, carrying out, and maintenance.Figure 3.1 System Development Life Cycle3.1.1. PlanningPlanning is the first phase in the System Development Life Cycle, in this phase the necessity of the system has to be identified (Hoffer, et al., 2005) . The objective, scope and the main reason to develop the system has been explained in previous chapter.3.1.2. AnalysisThe befriend phase is the analysis phase, which during this phase an analysis on the system requirement is being held (Hoffer, et al., 2005). The output of this phase is a description of the recommended solution by determine the problems and requirements. In this phase information regarding of the project is gathered, the information gathered then can be studied to help the understanding about the project. In this project analysis phase determine what method used to build the system later on. In this phase, we interview the stakeholder of Microsoft IT Academy Multimedia University (see appendix for detail)In analysis phase, we determineDetailed evaluation of current systemData CollectionUser Requirement3.1.2.1 Current System EvaluationFigure 3.2 System flow of the systemFigure 3.2 show the current system flow of the MSITA. The flow show that some part still done ma nually, such as choice form and registration (student have to download form from website, pay the course fees to MMU finance, and submit the official receipt to the instructor).The website that being used now is using ASP.NET as programming language, but there is no online registration capabilities. The website is used for content management system only. All the registrant will be input manually by the instructor.3.1.2.2. Data CollectionTo ensure that we understand the flow of the current system, we need to identify the stakeholder of the system, such asTable 3.1 StakeholderNoStakeholder NameStakeholder typeRoles1InstructorInstructor of CoursesProvide Course material, provide place/lab for the course exercises , manage registration for user2MMU Finance divisionRegistration Payment SubmissionReceive Payment from Costumer, Issue Official Receipt for registration3StudentUser/CostumerRegister for the course, submit receipt for registration, participate in course as scheduled, take cert ification examFrom the stakeholder above, we already identify that the most influence entity are the User and Instructor of the course. We will then identify the problem on the current website.Function of Microsoft IT Academy WebsiteAs main website for student for Check latest/available course offered by MSITA team.Check schedule for the courseCheck registration procedure (Download Registration Form)Download notes/material for the course (only for registered user)Technical Detail of Microsoft IT Academy WebsiteTechnology utilise ASP.NETOther Items consideredCourse material is given trough the classRegistration of the course still done manually (student have to download form from website, pay the course fees to MMU finance, and submit the official receipt to the instructor).The reason why the registration still done manually Sometimes there are changes in registration procedure (e.g. minimum requirement for the number of the student to open the courses, some courses is added/remove d).Need the proof of payment to confirm student registration.Figure 3.3 MSITA website details3.1.2.3 User RequirementAs the main concern of the development in MSITA website, we need to make the registration process and also maintenance of the website online these are the requirement of the proposed solutionTable 3.2 User requirementUser SideAdministrator SideUser can register in the MSITA website as website member as option before they register to the courseAdministrator panelStudent registered as website member need to fill course to take in future/next trimester in order to keep track the estimated number of course offered.Add/Remove courseStudent can fill the registration form trough MSITA website.Automatic Email to all student registeredStudent can upload scanned proof of payment trough registration formRegistration module for administratorStudent can fill option to take exam after course registration in order to get exam voucher financial Report of the year3.1.3 DesignDesign Ph ase required us to determine the logical and physical design of the system. We need to determine the system features and all other necessary requirement for the system. Later on in the next phase of the project we will transform the logical design into fully workings system.3.1.4 ImplementationThe fourth phase is implementation. In this phase the physical design of the system will be programmed into a working system (Hoffer, et al., 2005). In implementation coding, testing, and installation will be included. In coding, the system will be programmed to a working system. After it programmed the system will be tested to nonplus errors and bugs in the system. Lastly, during installation the system will be installed and ready to use.In the phase 1 of the project implementation of the system is not going to be built. The implementation phase will be held during the second phase of the p