Online Student Registration

Online Student Registration Author Tam An Nguyen

Abstract: Web based technologies has proven to be cost-effective and efficient for students to have access to academic records in a high school level environment. Students can view credits, check schedule, register for class without the hassle of meeting with their counselors. The web based technologies architecture ensures security, efficiency, robustness while maintaining a user friendly interface.

I. Introduction:

With a student population of more than 3 thousand students at Abraham Lincoln

High School, it is very difficult for counselors and administrators to assure quality services to individual students in terms of academic advisement. It was especially difficult for counselors and administrators when it comes to class registration. At

Abraham Lincoln High School, class registrations are processed by students filling out a registration form and submitting the form to the counselors. Often students and counselors find themselves struggling and overwhelm with all the paper work. In addition, students seldom fill out the registration form correctly. In addition, students are appointed to see a counselor for further processing.

The Los Angeles Unified School District’s (LAUSD) Information Technology program introduced a program called SiS in an effort to promote academic productivities.

However, there is a problem with the program- It is fifteen years old. The SiS system is a

DOS based program. It is written in the COBOL programming language, and is intended for administrator use only. Thus with the restriction to student’s access, many students do not have academic information regarding their credits toward graduation. In some cases, seniors have to attend summer school because they have 1 unit short in a Physical

Education (PE) course. The SiS system has been proven to be ineffective toward student’s academic productivities. In this paper, a new online system is proposed to solve the problems faced by the counselors, administrators, and students. The online student registration system is a web services that enable students and counselors alike to perform academic transactions with the assurance of stabilities, efficiencies, and flexibilities. On the counselor’s perspective, the new system will allowed counselors to add students’ records, search students’ records, and add classes offered. Hence, the students will be able to check for their credits online and register for their classes without having to meet a counselor in person. With the new system, parents will play vital roles in the student’s academic success. Parents will now be able to access the web service in check for their son/daughter academic records from their home, workplace, or even when they are on vocation.

II. Technological Background:

The online system utilizes the following web technologies in development products:

1. Java Server Pages (JSP) and JavaBean.

2. MySQL database server.

3. JDBC (Java Database Connectivity) Driver.

4. Jakarta Tomcat Application Server

5. RedHat Linux OS

The technologies implemented on the new web system assumed the developers have

J2SE 1.4.2 SDK installed on their *nix Operating System along with MySQL database backend, and Jakarta Tomcat server. JSP technology is used on the online system because it is a fast and efficient web technology that allows developers to improvise available libraries to produce robust and scalable web applications. The advantages of using JSP for web technologies are summarize in the following according to Sun:

Write Once, Run Everywhere

Any java program can run on any Java virtual machine without platform-specific modification. Because java virtual machines are available on almost every platform, it is the closest to being the universal programming environment.

Empowering page author

Other methods for creating dynamic content require web developers with programming expertise to embed the fixed page design and content into a script or a program (such as

CGI program. Average, HTML-literate page authors cannot easily edit and manipulate the content of the page without being familiar with the scripting language used. With JSP technology pages, the logic itself is embedded in a standard page. Page authors can use familiar tools to crate and edits pages, and embed calls to the necessary application components where needed. All they need to know is how to invoke the logic-a programmer can be responsible for building and maintaining the logic components.

In addition, JavaBean provide flexible solutions because it allows developers to reuse the same bean for multiple functionality on the web application In terms of reducing costs effective solution, the above technologies are open source, which means 2 things- It is free; and there are many developers in the open source community that provide technical support resources, thus reducing the cost of technical support from commercial vendors. III. System Architecture:

The online system architecture presents authentication and authorization process when the users requested services from the system. Authentication will verify user’s username and password and authorize users based on user’s roles- students or counselors.

Authorization is implemented by accessing database server to check if the requested users are part of the students or counselors group. This schema will restrict student from accessing counselor’s page. However counselors have full privilege, that is, he/she can access any page without the system’s restriction on the pages they can view.

Figure 1.0: System Architecture design and implementation.

When the students are authenticated to the system, the system will present to the students menus that will allow he/she to register for class, view schedule, and view academic credits records. Student registration process will be query using keywords which allows students to search by class name or teacher name. In addition to keywords searching method, it is mandatory for student to indicate the department that they want to register.

Prerequisite checks for all classes are implemented as part of the system architecture. Student’s who have not met the required prerequisite classes will not be allowed to register for the particular class. Students will have the freedom to add/remove classes before submitting the class records to the official schedule, where they can not change the content of their schedule. Requested prompted by the students are checked by the system database. For example, individual student are associated with a unique session ID, which the system utilize to check the database server to see if the given session ID matches that of the student’s records.

Counselors will be authenticated and authorize by the system when the service is requested. Counselors will be forwarded to a different template, different from that of the students. In this counselor template, counselors will be able to search for student’s academic record based on their student ID. In this architecture, counselors will be able to remove the classes on the student’s official schedule.

IV. Design and Implementation Details:

The login page consists of login.jsp which accessed the Javabean to query username and password in the database backend. Figure 1.1 and Figure 1.2 illustrates that the system will record a log file identifying the user IP address, time, and the number of unsuccessful login attempts when the users fail to login more 5 times. The security features of the system are the ability to avoid SQL injection attacks. The login page avoids SQL injection by filtering user input before it makes a connection to the database server for query or update. In the below screenshots, figure 1.3 shows that students will view their academic units in a detail matter, that is, how many credits they need toward graduation and they specific credits that they have earned throughout the different course categories. In addition, the information will be vital for students and counselors because it can be used to determine if a student is eligible to apply to a 4-year university system.

Because of the nature of the registration framework, students are not given the privilege to remove class once a class has been submitted to the official schedule, figure 2.0 illustrated that students can be able to remove/add classes before submitting the class to the official schedule. For those students who have accidentally register for a class that they do not want, this page gives them the privilege to remove the class from the list.

The sun.jsp, secure page, can only be view by authenticated user with a valid session ID.

Unrestricted users and/or unauthenticated users are not allowed to view secure page directly. For example, the user cannot use the URL to access or request the restricted page without having to login.

e.g: By typing, http://www.saigonhope.com:9000/sun.jsp into the URL without logging in will not be able to view the secure page. The system login page implements the authentication, authorization mechanism. Authentication is the method of identifying to the database that the users are who he/she claims to be. Authorization attempts to fetch the user role based on the authenticated users.

Prerequisite is implemented when the students register for a class. When the student makes a request to add a class, the database server backend is established. If the student wishes to register for Calculus but have not taken Geometry, the system will display an error message because prerequisite have not been met. In this prerequisite check, it is assumed that student can take classes concurrently. This means that they can register for Geometry and Calculus, together. There are 2 tables in a database that will check for student’s prerequisite. One table will have all of the class schedules and academic records for all students associated with a unique primary key (StudentID). The second table contains all the prerequisite class associated with a class. In addition, when the class Calculus is requested to be added, the system will access the two database table and will match to see if student A has the class ID (12345, Geometry) and his/her record.

If student A’s records does not contain 12345, the system will immediately assume that student A did not take Geometry. Otherwise, if the class ID (12345) is included in student A’s record, he/she will not have a problem registering for Calculus.

V. Performance Evaluation:

The web system experimental setup includes these scenarios:

1. Evaluate session behavior with different browser.

 Mozilla Firefox.

 Internet Explorer.

2. Security Optimization.

 SQL injection for user input.  Check session ID associated with current logon user.

3. Controlling user’s navigation using the back button.

After the above experimental setup to assure that the system is working properly under the above cases, which can be summarized with the following results:

1. Session object are created after successful login and invalidated after the users logout. Under Mozilla Firefox, the user can still be able to access the previous page

(secure page) by clicking the back button. However, when using Internet Explorer (IE), user will get an error message because they have log out.

2. The system that is vulnerable to SQL injection attacks will give important database server message to unknown users. Some of these messages might include, database table name, field name, database server vendor, etc. The web system implements SQL injection validation. For every input parameter that will be concatenated with the database query string, a filtering of the form input is required.

Users are tempted to manipulate the query string on the URL to indirectly request pages that are outside of the permission scope. The system prevents URL manipulation by checking for valid session ID associated with the user who is logon. Therefore, this user can not request to see other students record, assuming that he/she has that student’s

3. Users will now be able to click the back button as many times as they want without affecting the content. Previously, clicking the back button means reading from a cache and re-posts the data. The problem is that, clicking the back button will cause the unwanted data being posts. For example, when a student removes a class, and he/she clicks the back button, the deleted data will be retrieved in a cache causing the system to disregard the remove request. However, this system allows users to have back button navigation abilities.

VI. Conclusion and Future Works:

The Los Angeles Unified School District (LAUSD) Information Technology department got the money’s worth when they bought the SiS system from IBM. The system has lasted for more than fifteen years. However, there are disadvantages to the SiS system, it is user unfriendly and students are not allowed to have accessed to the system for academic records. Academic advising and records had to be resolve with an appointment to the counselor’s office. With the growth of web technologies, high school administrators and counselors have realized that there is a need for a system that can be utilized for both students and counselors. The web based system is implemented with features not as powerful as SiS but provides user-friendly, accessibility, data-driven, scalability that will allowed students to check for their academic credits and to register for class. This reduces both time and costs of having to have counselors talk to individual students about what class they want to register.

Since the program is a milestone development, the future works that will be available to enhance the system will be listed as follows:

1. ePermit: Counselors can now be able to assigned permit so that qualify

students will be able to register for a class even thought they have not

completed the prerequisite.

2. Administrative Evaluation Modules: This module will give administrator a

pictorial implication of the success/failure of a class. VII. Reference:

1. www.laamp.org/ddsr/ sis .pdf

2. http://java.sun.com/products/jsp/

3. www.securiteam.com/securityreviews/5DP0N1P76E.html

Appendix A: Database Schemes.

Database Name: test.

Tables included:

1. username.

| UserID | int(11) | Primary key

| loginname | varchar(20)

| Passwd | varchar(20)

| group | varchar(10)

2. ThemeCredits.

| UserID | int(11)

| English | int(11)

| CollegePrepMath | int(11)

| CollegePrepBio | int(11)

| CollegePrepPhys | int(11)

| SocialScience | int(11)

| VPArts | int(11)

| PE | int(11)

| Health | int(11)

| AppliedTech | int(11)

| LifeSkills | int(11) | Electives | int(11)

3. preClass.

|preID | int(11) | primary key|

| preClassID | int(11)

| preClassname | varchar(100)

| preA | int(11) | YES

| preB | int(11) | YES

| preC | int(11) | YES

4. StudentRegistration.

+------+------+------+-----+------+------+

+------+------+------+-----+------+------+

| UserID | int(11) | | MUL | 0 | |

| Period | int(11) | | | 0 | |

| stID | int(11) | | | 0 | |

+------+------+------+-----+------+------+

5. StudentSchedule.

+------+------+------+-----+------+------+

| UserID | int(11) | | | 0 | |

| StID | int(11) | | | 0 | |

+------+------+------+-----+------+------+

6. stCredits.

+------+------+------+-----+------+------+

+------+------+------+-----+------+------+

| UserID | int(11) | | | 0 | |

| ComplCredits | int(11) | | | 0 | |

| IPCredits | int(11) | | | 0 | |

| FCredits | int(11) | | | 0 | |

| GradCredits | int(11) | | | 0 | |

+------+------+------+-----+------+------+

Appendix B: User Manual.

README: The Online Registration System is cross platform that works in Jakarta Tomcat v.4.0.*. The system is configured to listen on port 9000, default is 8080. On a Linux system, the Javabean class is located at /usr/tomcat/webapps/ROOT/WEB-INF/classes/lausd. In this class, the package is lausd; therefore the checkLogin.jsp should have the following: where class= “replace with your package name.your bean class name”.