cad report
TRANSCRIPT
OVERVIEW
E-commerce has been touching the customer’s desire to easy shop on a click. This consistently drawing gap between traditional markets and online markets. However, customers are insist for a secure website to buy products without getting their accounts compromised. Thus, skyline offers the essential essence of security. Skyline is an e-commerce based web application which enumerates some effective features as follows:
1. A secured web-based application against SQL injection attacks.
2. Exclusive controls for the administrator including adding categories, products etc.
3. Restricted controls for the user such as feedback, add products to cart, enquiry regarding product etc.
4. An enhanced user-friendly interface using JavaScript and AJAX technologies.
5. A SQL database to store all the important credentials, login info, categories and products.
Skyline is developed using .NET framework in Visual Studio 2013 and uses a SQL database to store information. The following section briefs about the application and technologies used to develop the project.
REQUIREMENTS AND SPECIFICATION
Visual Studio 2013
Visual Studio 2013 is an IDE which is integrated with important features and is beneficial in developing our e-commerce based web-application skyline from scratch. The capability of designing MVC controller, web forms, style sheets, User Interfaces etc. has helped us a lot in building our web application securely. C# language has been used to build our application and the feature of one-click publishing of website on Windows Azure and using other web deployment methods has motivated to choose Visual Studio 2013 over other IDE’s.
IIS
Internet Information Services (IIS) is a requirement for Visual Studio 2013 to launch a server locally on the browser by establishing a network between the two. Also IIS improves the performance and provides a stable framework for the website skyline to work. IIS is integrated with latest operating systems like Windows 7, 8, and 8.1.
SQL Server Management Studio
SQL server management studio with its integrated environment for managing databases is helpful in building a database for skyline. With just a few queries, a database is created and tables are generated effortlessly. For our project, tools provided by management studio and object explorer are used to create tables for registration, login, adding product and categories.
ADO.NET
ADO.NET is necessary for establishing secure connection between a SQL database and a .NET application through connection string. It is used to read and fetch data from the database for displaying. Moreover, other query like update, delete and insert can be used to update the database
ASP .NET
ASP.NET is a programming framework for building webpages and websites with CSS, JavaScript, HTML and server side scripting. It has our basic requirement for constructing skyline.
JavaScript
Skyline uses JavaScript in most of the pages. A few alerts, query confirmation and event handling using JavaScript has been used, for instance, prompting messages on successful entry in database.
AJAX
AJAX is used for client-side scripting in our project, for example it used for avoiding illegal characters in username and password field. It has also been used in password strength while registering a new user. Also, in rating of the product.
HTML/CSS
Cascading style Sheets (CSS) are used to enhance the User Interface of the application. They have been used in skyline for providing a common template for the website.
System Diagram
Feedback
AddToCart
Index Enquiry
Payment
Description
Client Invalid Login
Login
Database Add Product
Admi Update Product
View Enquiry
Customer Maintenance
Via Encrypted Credentials
MVC – Model View Controller
The project partially implements the MVC i.e. Model View Controller pattern as we create a few controller classes such as Save, Binddata, etc. to act as gateway to both, the model and the view. Further, the Save class is defined to insert, save and dispose the connection in turn, support ‘model’. Similarly, BindData class binds the data to data grid to help ‘view’ for generating report.
The project incorporates persistence layer for storing the valuable data, for instance, Client as well as Admin login credentials are stored. Moreover, the project pages such as AddProduct details, Add Category, Update Product, etc. are consistently dealing with database. To design database, the project uses ‘SQL Server Management Studio’ as a back-end tool which supports database creation, deletion, modification, etc.
VIEW
CONTROLLER
MODEL
Login View
View Product
View Clients
Save Class
BindData Class
SecureConnection
SaltedHash
AdminLogin
Enquiry
Product
UserRegistration
DB
Therefore, we created the ‘DataLayer.dll’ library to establish the connection once and reusing the same on other pages where we required.
Lastly, the view part presents the User Interface which retrieves the input from user and calls the controller for performing appropriate function, for example, a login page (View) asks for login credentials from end-user and pass the values, and further the Controller performs the business logic and compares with Database (Model) for successful login.
Main Class Diagrams
1. A BindData class consists of two methods, namely, ‘binddata ()’ and ‘Dispose ()’; two data fields: ‘cn’ and ‘disposed’.
2. A SaltedHash comprise three methods, ‘createSaltedPasswordHash()’, ‘Dispose ()’ and ‘ValidatePassword ()’; as well as one data field disposed.
3. A SecureConnection class contains only one data field i.e. disposed and two methods ‘Dispose ()’ and ‘GetCnxString ()’.
4. A save class contains five methods, as follows:a. Adminlogin ()b. Dispose ()c. Insert ()
Gems/Libraries
In .Net, we replace gems with DLL (dynamic link library). It is a kind of library that contains inbuilt methods and data to reuse in more than one application at the same time. This promotes reusability and efficient memory storage. Three DLL are included in this project.
1. Hashed.dll
Under namespace “Hashed” a class is defined of the same name where a static method Encrypt is defined which takes string as an input. Few arrays are allocated to save the text string and sub string. Object of crypto Stream class will encrypt the text string and write it in the memory before flushing through FlushFinalBlock() .
2. SystemSolution.Erp.Exception.dll
This DLL contains a class ClsCustomizeException which inherit Exception class of system namespace. It handles all the exception generated during running code and allows the developer to display friendly error messages to user.
3. SystemSolution.Erp.DataLayer.dll
Datahandling.cs: Connection object are created using connection string and properties are created for each field declared in class DataHandling. A generateid() method is used for allocating new user IDs.
DbConnection.cs: This is internal class containing static method GetDbConnection() which extracts and save the connection string from Configuration Manager class . Further, this string is stored in SqlConnection object. A static CloseConnection()method checks whether state of connection is closed or not ; if not else code will close it . Another static OpenConnection() method will check state of connection object is open or not ; if not connection will open through open() method .
4. SaltedHash.cs: This gem contain a class called SaltedHash under Encryption namespace which declare a method ValidatePassword which accepts password and SaltedHash strings as input and returns a Boolean value. Our main aim is to protect user’s password because user’s account databases are hacked very frequently so the best way to protect password is to store data in “salted hashing” manner.
5. SecureConnection.cs: The purpose of creating this gem is to fetch the unique encrypted Config key and to decrypt it using method called GetCnxString declared in SecureConnection Class. This method accepts Config key as parameter value and returns string value which contains actual key after decryption.
6. BindData.cs: Class BindData implements IDisposable method which can free unallocated object. This class defines a method BindData which will attach the data fetched from database through SQL query to Drop down list object.
7. Save.cs: This class inherits IDisposable interface and creates a SQL connection string. Dispose () method call the Suppress Finalize function of GC class to request the system to not call the finalizer of this class. Virtual dispose method will free any unmanaged objects. Save () method will fetch required rows from database and save them into SqlDataReader object. Another AdminLogin method will pass SQL query and connection object as parameter while invoking object for Sqlcommand class. SqlDataReader object will contain the first row of table fetched after executing query. If first and second element of array matches with the username and password then user will be logged in as admin.
Implementation
ADMIN: In this, an Admin has a few provisions like adding category which requests product name, product description, product price, image, etc. for any product. Also, it facilitates add product, default, customer maintenance, edit product for updating the product, master page acting as base template for other pages, product booking order and view enquiry pages. Following points discusses the Admin aspects:
Add Category: The class ‘admin_default2’ defines a method button1_click which builds a dynamic INSERT query for ‘category’ table in database ‘onlinecarshopping’ and notifies the admin if data is saved successfully.
Add Product: This option first checks whether the page is rendered for the first time or not. If not then products will be inserted into collection called items. Therefore, on clicking the submit button, product’s image along with product details like product name , product description, product price, number of product,
an image and a category name are passed into insert query to add a new entry to the database. Button2_Click will insert into ‘categoryname’ column of ‘categorymaster’ table, moreover, same category name value will be added to dropdown list for next time reference.
Edit Product: This allows the admin to change the details of products entered earlier like product name, product ID, description, and price.
Product Booking Order: This preference displays the name, email, contact no., city and address of customer who willing to order the product. Although further work need to be done which would requests the purchasing details.
View Enquiry: The class presents the name, e-mail address and contact no. of client who enquired about the particular product via product ID along with message communicating desire to Admin.
USER: An end-user which acts as client to e-commerce, desiring to purchase any product or exploring the site for pricing details of products. Skyline facilitates the following utilities:
Book Now: A SQL connection string to database allows the user to add required product to his/her cart and forms a table of products which contains columns like product ID, name, and quantity. This booking requests user to enter the credentials like payment mode, name, email, address, contact no , city, select user’s bank and pin number.
Feedback: On click of the button btnSubmit_click on the feedback form, object xmldoc of Xmldocument class will load the path for sample XML. New elements like comments, name, location, email and description are wrapped and saved to sample XML.
Index: The page will list the products that user can add to its cart and can buy via a click of button ‘proceed to pay’. Each column is provided with functionality such as enquiry for product, description and quantity. A new table will appear on the page which contains all the details of the product that user added to the cart.
Payment: The page binds the data extracted from product database to a new table for client. This will exhibit each and every item added to cart by the user along with its price and quantity.
Search Display: In this, the page load method binds the data to the grid view. A SQL query will be executed when user specify the category name of the product in the search label. This query will retrieve all the rows of the table whose category name matches with search field text.
View Booked Article: This page allows users to view all the product item names along with their product ID and description. Moreover, the user can rate the product and can add comments for review.
Other Pages (Testing)
Login: This is an actual index page of project in which we may login by choosing either privilege accounts i.e. an admin or a client from dropdown list. SQL query will be created dynamically passing username and password and confirming the credentials.
Registration: A new user can register on the application by specifying name, contact no, email and password which is further saved into database. Technically, on clicking sign-up button, an insert SQL query will execute and add new record into user registration table.
Secure Login: It is the secured login which prevents any SQL injection attacks or others. Password of an admin and a client are stored in database by hashing them using ‘encrypt’ method.
Web Config: This contains important details like connection string to establish connection with database and other configurations required in project.
Testing
1. A test on class BindData.cs, especially testing a method which actually confirms if number of data columns to be band with data are exactly the same or not.
2. To check whether the user id inserted into database is the same as expected while testing a class Save.cs.
3. Testing a class SecureConnection to test the connection string is released after establishing and executing sql query.
4. In order to check whether data can be retrieved from sql server by executing query via method defined in RFactory class.
Design Pattern
Design patterns solve problems created by software design in real world application development. Patterns are reusable design and interactions of object.
Patterns implemented in this project are:
Factory Pattern
Registration
Composite Pattern
Component
Composite Leaf
Factory Pattern
Conclusion
Everyday people from all around the world demand a secure way for online shopping. SQL injection is a common widespread attack on all e-commerce web applications. SkyLine is a secure e-commerce web application which secures from SQL injection attacks. Being a Business-to-Consumer (B2C) web application to sell products online directly from company to the consumers, it is highly secured.
Skyline involves features for both user and admin. The admin is able to add category of products and update them as well to the database. The admin can also read any enquiries/demands made by a customer. There is also a feature of customer maintenance where the admin can list the customers registered on the website.
Whereas, the home page of the user shows the available products listed on the website. The table shows all the products, their price. The user can select the quantity of the product selected and add to cart. In addition, the user can also provide feedback for the website.
But unfortunately we were not able wrap up features like search, secure search and packaging order as we were experiencing issues in implementing them. Other than that the application is running successfully without any issues.
Collectively, it is clear that the application SkyLine will be efficient in providing customer satisfaction and increase productivity of the e-commerce giants. Skyline incorporates with security elements, a friendly user-interface and a database which makes it a complete website for a company or a consumer to choose over other e-commerce web applications.