WEB-BASED ONLINE INFORMATION SYSTEM FOR MUDAY

COLLEGE

By

GROUP

(ET/03/02/00404)

A PROJECT SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE, FACULTY OF SCIENCE IN

PARTIAL FULFILMENT OF REQUIREMENTS FOR THE AWARD OF BACHELOR OF SCIENCE (B.SC.)
DEGREE IN COMPUTER SCIENCE, MUDAY COLLEGE, ETHIOPIA, AMHARA INJIBARA.

Thursday, January 25, 2024

 CERTIFICATION

This is to certify that this project has been read and approved as meeting the requirements of the Department of
Computer Science and muday college, Ethiopia, amhara, injibara for the Award of Bachelor of Science degree in
Computer Science.

(Supervisor) Date

(Head of Department) Date

(External Examiner) Date

DEDICATION

This work is dedicated to my late grandfather Mr._______________, for his last words of encouragement to me, may
your beloved soul never cease to rest in perfect peace.
ACKNOWLEDGEMENT

Persian poet Sadie instructed “Have patience, all things are difficult before they become easy”; All glory and honor to
the only wise God, our shalom, our sabots, our provider, our everything for the strength and grace he bestowed on we.

Never will we fail to express my profound appreciation to our project supervisor Mr. Edward Philemon for his
valuable and constructive contribution during the entire process of my undergraduate degree and completion of my
project. His willingness to give his time has been of a great motivation to our, also we would like to express my
gratitude to ___________.the Head, Computer Science Department, and the efforts of our unflagging lecturers in
computer science are highly appreciated. The success of everything is measure by the nature of its output, our family
has been the fuel behind my engine, even when no one believed in our I still remember the sweet warm voice of Mr.
and Mrs. Kalkidan T. thanks for parenting our in this 21st century in love with the fear of the lord, our glad our
achievement as given you a reason to smile and to our lovely siblings tigst fantu, fetlewrki gebeyehu, and fantu kinde
thanks for your support and prayers.
ABSTRACT

The reliability and success of any organization such as academic institution rely on its ability to provide secure,
accurate and timely data about its operations, i.e. managing staff and students’ information Est. While managing
student information in academic institution was done through paper-based information system, where academic
records are documented in several files that are kept in shelves. Several problems are associated with paper-based
information system. Managing information through the manual approach require physical exertion to retrieve, alter,
and re-file the paper records. All this are no value added services results in data inconsistency and redundancy.
Currently several institutions have migrated to the automated web-based student information management system
without considering the security architecture of the web portal.

This project seeks to ameliorates and secure how information is being managed in muday college, Ethiopia, amhara,
injibara through the development of a secured web-based student information management system, which has a
friendly user interface that provides an easy and secure way to manage academic information such as students’
information, staff information, course registration, course materials and results. This project was developed using
Laravel 5.5 PHP Framework to provide a robust secure web-based student information system that is not vulnerable to
2020 OWASP TOP 10 web vulnerabilities.
Table of Contents

I. Title page (See its format)

II. Approval sheet

III. Dedication (optional)

IV. Acknowledgements

V. Table of contents

VI. List of figures

VII. List of Tables

VIII. Abstract

IX. Abbreviations

X. Patents Information (optional)

Chapter One: Introduction

1. Introduction

1.1 Background of the Organization

1.2 Background of the project

1.3 Statement of the problem

1.4 Objective of the project

1.4.1. General Objective

1.4.2. Specific objective

1.5 Feasibility Analysis

1.5.1 Operational feasibility

1.5.2 Technical feasibility

1.5.3 Economic feasibility

 Cost Benefit Analysis

 Cost of the project

1.5.4 Behavioral/Political feasibility

1.5.5 Schedule feasibility

1.6 Scope and significance of the project

1.7 Methodology for the project

1.8. Communication Plan

1.9. Team composition

Chapter Two: Description of the Existing System and Requirement Gathering

2.1 Introduction of Existing System

2.2 Players in the existing system

2.3 Major functions/activities in the existing system like inputs, processes &outputs

2.4 Business rules

2.5 Report generated in the existing system

2.6 Bottlenecks of the existing system (using for example PIECES frame Work).

2.6.1 Performance (Response time)

2.6.2 Input (Inaccurate/redundant/flexible) and Output (Inaccurate)

2.6.3 Security and Controls

2.6.4 Efficiency

2.7 Proposed solution for the new system

2.8. Requirements of the Proposed System

2.8.1 Functional requirements

  Performance requirements
 Process requirements
 Input related requirements
 Output related requirements
 Storage related requirements

2.8.2 Nonfunctional requirements

 Performance
 User Interface
 Security and Access permissions
 Backup and Recovery

2.9 Modeling the existing systems

2.9.1. Essential Use Case Modeling

2.9.2. Essential User Interface Prototyping

2.9.3. Essential User Interface Prototyping flow diagrams

2.9.4. Domain modeling with class responsibility collaborator (CRC)

Chapter Three: System Analysis (Modeling the Proposed System)

3.1 Introduction

3.2 Modeling proposed systems

3.2.1 System use case diagrams

3.2.2 Use case documentation (for each use case identified)

3.2.3 Sequence diagram

3.2.4 Activity Diagram

3.2.5 Analysis level class diagram (conceptual modeling)

3.2.6 User Interface Prototyping

Chapter Four: System Design

4.1 Introduction

4.2 Class type architecture

  User interface layer
 Controller/process layer
 Business/Domain layer
 Persistence layer
 System layer

4.3 Class modeling

4.4 State chart modeling

4.5 Collaboration Modeling

4.6 Component Modeling

4.7 Deployment modeling

4.8 Persistence modeling

4.9 User Interface design

Chapter Five: Implementation and Testing

5.1 Introduction

5.2 Final Testing of the system

5.3 Hardware software acquisitions

5.4 User manual preparation

5.5 Training

5.6 Installation Process

5.7 Start-up strategy

Chapter Six: Conclusions and Recommendation

6.1 Conclusions

6.2 Recommendations

 Appendix
 References
LIST OF FIGURES
LIST OF TABLE
 CHAPTER ONE

1. Introduction

This chapter discuss the critical study of the existing system stating how information have been kept overtime,
juxtaposed with the flaws in the system and provide a solution through the development of a web-based online
information system for muday college.
1.1. Background of the organization (Muday collage)

1.1.1. Background of the study

The Muday College relied heavily on paper-based information system for managing students and their staffs
information usually carried out manually and kept in several files and shelves. This method of data management is
obsolete and has many drawbacks. Firstly, paper-based information system is difficult to manage and track. The time
required to retrieve, alter, and re-file the paper records are all non-value added activities. Moreover, keeping paper
records consumes physical space, which leads to data inconsistency (different records of the same student
appearing in different department/unit in the muday college at the same time), and data redundancy (having the same
records in different locations). Secondly, information is disseminated to students via notice boards, and such
information would require more time frames and to reach the intended students sometimes the college would be used
social media networks for announcements and promotions like telegram, Facebook and others (organizers, 2014).
Consequently, this project work seeks to design and implement a web-based information management system of the
college that will provide an efficient alternative to the current paper-based approach to record keeping. The system
utilizes PHP Framework that provides various mechanisms to secure a website such as: Encryption, Storing Password,
Authenticating Users, Cross-site request forgery (CSRF), and Avoiding SQL injection, Protecting Routes, HTTP Basic
Authentication which makes it a robust framework for secure information system development (Saleamlak, 2020/21).
 1.2. Statement of the Problem
The web-based student information management system can be deployed to maintain the records of students and staff
easily. Achieving this objective is difficult using the paper- based information system approach as presently obtained
in the Muday College; also this approach makes it tedious to manage and track desired records. Moreover, it suffers
from data redundancy and other anomalies, which makes it costlier to maintain and unreliable. This project aim to
design and implement a web-based online information system for muday college that is secure and robust, which
provides an efficient alternative to the current paper-based information system.

1.3. General and specific objectives

1.3.1. Aim and Objectives
The aim of this project is to develop a web-based online information system for Muday College that is secure and
robust, which provides an efficient alternative to the current paper-based information system.
1.3.2. The specific Objectives are to:
 Design and implement a web-based online information system for Muday College.
 Secure the web application using Laravel PHP Framework.
 Create a Student Portal using Laravel PHP Framework.
 Design an interface for lecturers to upload results and course materials.
 1.4. Project Methodology
In other to achieve our stated objectives:

Related literature will be review in the domain of web application and information security.
Develop a Web Application using the Full-Stack Web Development paradigm which is sub-divided into

 Front-end: The Front-end Framework utilized include Laravel Blade Template Engine, HTML 5, Bootstrap
Framework v4.0.0-alpha.6 built on Cascading Style Sheet (CSS), Vue-Js Framework built on JavaScript and
npm package manager for installation of other Front-end libraries.
 Back-end: The Back-End Framework utilized includes Laravel 5.5 Framework built on PHP v7.1.7.
 Database: - Database back ends that support using raw SQL, the fluent query builder, and the Eloquent ORM
(Object Relational Mapping) approach. Currently, Laravel supports four databases.
o MYSQL
o SQLITE
o PostgreSQL
o SQL Server
 MySQL Database was selected for the database management of this system. The Software Development
Methodology adopted in this project is the Object oriented analysis and design (OOAD) OOAD approach
modules a system as a group of interacting objects.

This methodology involves two stages; Object Oriented Analysis, and Object Oriented Design. Unified Modeling
language (UML) notation is the design tool used for modeling in this project. The UML used in this project includes:
Use case diagram, Activity diagram and Class Diagram.

The implementation of this project was tested on this system configuration

1. Operating System: Windows 10 Pro.
2. RAM: 4GB.
3. Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
4. System type: 64 bit Operating System, x64 based processor.
1.4.1. Other Tools utilized in this Web application development includes:
Laragon: For better performance optimization, “Laragon is the best and fastest local server by far” Sniffle Valve.
Laragon v.3.1.6 local host webserver was utilized for this project which consist of Apache/2.4.27 (Win64)
OpenSSL/1.0.2l /PHP version: 7.1.7 and phpMyAdmin running Maria DB was used for the SQL database
Management Interface (Valve, 2018).
Visual Studio Code: This is a lightweight but powerful source code editor which runs on Windows, macOsx and
Linux It comes with built- in support for JavaScript, Typescript and Node.js and has a rich ecosystem of
extensions for other languages (such as C++, C#, Java, Python, PHP, Go) and runtimes (such as .NET and
Unity)(Studio2018).
 1.5. Significances of the study
Over the years, the academy has been bedeviled with the problem of maintaining student’s
record, and access to relevant student information is usually cumbersome. This proposed system
will provide a reliable and efficient way for managing student and staff details. Here are some
significant achievements the proposed system is expected to provide. The system can assist the
students have quick access to all courses that is to be taken throughout his/her undergraduate
program, enable a faster access to their academic result and download of relevant course
materials. Reduce the time needed to access any information about a student or staff, render
faster and more convenient services to students, academic staff and non-academic staff. All the
students’ details will be process and send to a secure database, eliminating the previous paper-
based information system.

1.6. Scope and limitations of the study

This is a non-generic web application developed for the Nigeria Police Academy, Wudil Kano
(POLAC) suitable for managing Student and Staff Information. This system includes all faculties
with their respective departments and keeps track of all information about academic staff, non-
academic staff and students. It can handle a series of task performed by the academic and non-
academic staff hereby reducing staff workload. The system keeps track of all students and staff
records. It includes a faster means of record lookup which provides asynchronous query
functionality using AJAX.
The system was unable to achieve the following
1. Provide an API that can be used by other developers to communicate with the website i.e.
using Ionic-Cordova to build an Android/IOS APP that will be compatible with the
system.
2. Automate the paper-based information system used in the Police wing of the academy.
3. Provide chat room functionality for real time communication among users.
 1.6.1. Project Outline
This project is structured into Sixes (6) chapters,
 Chapter Two: Description of the Existing System and Requirement Gathering
 Chapter Three: System Analysis (Modeling the Proposed System)
 Chapter Four: System Design
 Chapter Five: Implementation and Testing
 Introduction
 Final Testing of the system
 Hardware software acquisitions
 User manual preparation
 Training
 Installation Process
 Start-up strategy
 Chapter Six: Conclusions and Recommendation
 Conclusions
 Recommendations
o Appendix
o References

Definition of terms
 Information Security (InfoSec):- This is a set of strategies for managing the processes, tools
and policies necessary to prevent, detect, document and counter threats to digital and non-
digital information. (Security, 2016).
 Paper-based Information System: - This is used to describe a system that keeps information
on paper rather than on a computer (Cambridge, 2019).
 Larval:- This a free, open-source PHP web framework, created by Taylor Orwell and
intended for the development of web applications following the model-view-controller
(MVC) architectural pattern based on Symphony. (Orwell, 2019).
 CHATER TWO
Part one:
Description of the Existing System and Requirement Gathering
Introduction of Existing System
Players in the existing system
Major functions/activities in the existing system like inputs, processes &outputs
Business rules
Report generated in the existing system
Bottlenecks of the existing system (using for example PIECES frame Work).
Performance (Response time)
Input (Inaccurate/redundant/flexible) and Output (Inaccurate)
Security and Controls
Efficiency
Proposed solution for the new system
Requirements of the Proposed System
Functional requirements
 Performance requirements
 Process requirements
 Input related requirements
 Output related requirements
 Storage related requirements
Nonfunctional requirements
 Performance
 User Interface
 Security and Access permissions
 Backup and Recovery
Modeling the existing systems
Essential Use Case Modeling
Essential User Interface Prototyping
Essential User Interface Prototyping flow diagrams
Domain modeling with class responsibility collaborator (CRC)
 Part two:
LITERATURE REVIEW
2. Introduction
This chapter discusses the history and state of the art of the web, web applications and web
application vulnerabilities, also relevant literatures were review under the domain of information
system security and web application security.
2.1. Web Based
According to (Berners-Lee, 2004), the World-Wide Web is a tangle of information that, through
the implementation of hyperlinks, allows a browser to navigate usually quite randomly from one
website to another. The meaning, context and applicability of the content of each Web page
needs to be interpreted by the human reader. Report from (Murdock, 2018) shows the current
version of the web is Web 2.0, Tim Berners-Lee, director of World Wide Consortium and
inventor of the World Wide Web in 1989. His notion of the “read-write” web is often used to
describe Web 2.0 which as the ability to contribute content and interact with other web users.
Advancement in technology will someday lead us to Web 3.0 or Semantic Web. Berners-Lee’s
goal is for the web to have agents, computer programs that have been written to collect web
content from sources and communicate with other programs, in order to deliver the requested
information to the user (Tim, Handler, & Lassalle, 2001).
2.1.1. Web Based Application
A Web application is a computer program that uses web browsers and web technology to
perform a variety of operations over the internet. Web application use a combination of server-
side scripts (PHP, Python and ASP) to handle the storage and retrieval of the information, and
client-side scripts (JavaScript and HTML) to present information to users. This allows users to
interact with the company using online forms, content management systems, shopping carts and
more. In addition, the applications allow employees to create documents, share information,
collaborate on projects and work on common documents regardless of communication (Hazel,
2018). Figure 2.1 depicts how a client accesses the web.
Figure 2.1: Web application diagram

2.1.2. How Web Based Application Works

Web applications are usually coded in browser-supported language such as JavaScript and
HTML as these languages rely on the browser to render the program executable. Some of the
applications are dynamic, requiring server-side processing. Others are completely static with no
processing required at the server. The web application requires a web server to manage requests
from the client, an application server to perform the tasks requested, and, sometimes, a database
to store the information. Application server technology ranges from ASP.NET, PHP and
ColdFusion, to Python and JSP.
Here’s what a typical web application flow looks like:
o User triggers a request to the web server over the Internet, either through a web browser
or the application’s user interface.
o Web server forwards this request to the appropriate web application server.
o Web application server performs the requested task – such as querying the database or
processing the data – then generates the results of the requested data.
o Web application server sends results to the web server with the requested information or
processed data. Web server responds back to the client with the requested information
that then appears on the user’s display. (Hazel, 2018)
2.2. Web Application Vulnerabilities
The rapid growth in web application deployment has created more complex, distributed IT
infrastructures that are harder to secure. For more than a decade, organizations have been
dependent upon security measures at the perimeter of the network, such as firewalls, in order to
protect IT infrastructures. However, now that more and more attacks are targeting security flaws
in the design of web applications, such as injection flaws, traditional network security protection
may not be sufficient to safeguard applications from such threats. Web vulnerability is a
weakness or misconfiguration in a website or web application code that enables an attacker
(Hacker) to gain some level of control of the site and possibly the hosting server. According to
Open Web Application Security Project OWASP (Smithies, Stock, Gigler, & Glas, 2017) top 10
Application security risks as of 2017 are listed below.

I. Broken Authentication: Application functions related to authentication and session

management are often implemented incorrectly, allowing attackers to compromise
passwords, keys, or session tokens, or to exploit other implementation flaws to
assume other users’ identities (temporarily or permanently).
II. Sensitive Data Exposure: Many web applications and APIs do not properly protect
sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such
weakly protected data to conduct credit card fraud, identity theft, or other crimes.
Sensitive data deserves extra protection such as encryption at rest or in transit, as well as
special precautions when exchanged with the browser.
III. XML External Entity (XXE): Many older or poorly configured XML processors evaluate
external entity references within XML documents. External entities can be used to
disclose internal files using the file URI handler, internal SMB file shares on unpatched
Windows servers, internal port scanning, remote code execution, and denial of service
attacks, such as the Billion Laughs attack.
IV. Cross-Site Scripting (XSS): XSS flaws occur whenever an application includes untrusted
data in a new web page without proper validation or escaping, or updates an existing web
page with user supplied data using a browser API that can create JavaScript. XSS allows
attackers to execute scripts in the victim’s browser which can hijack user sessions, deface
web sites, or redirect the user to malicious sites.
V. Insecure Deserialization: Insecure deserialization flaws occur when an application
receives hostile serialized objects. Insecure deserialization leads to remote code
execution. Even if deserialization flaws do not result in remote code execution, serialized
objects can be replayed, tampered or deleted to spoof users, conduct injection attacks, and
elevate privileges.
VI. Using Components with Known Vulnerabilities: Components, such as libraries,
frameworks, and other software modules, run with the same privileges as the application.
If a vulnerable component is exploited, such an attack can facilitate serious data loss or
server takeover. Applications and APIs using components with known vulnerabilities
may undermine application defenses and enable various attacks and impacts.
 2.3. Web Application Security
Web application security has been a major threat in information technology since the evolvement
of dynamic web application. (Yredo, 2014) suggested that some threats originate from non-
trusted client access points, session-less protocols, the general complexity of web
technologies, and network-layer insecurity. With web applications, client software usually
cannot always be controlled by the application owner. Therefore, input from a client running the
software cannot be completely trusted and processed directly. An attacker can forge an identity
to look like a legitimate client, duplicate a user’s identity, or create fraudulent messages and
cookies. In addition, HTTP is a session-less protocol, and is therefore susceptible to replay and
injection attacks. Hypertext Transport Protocol messages can easily be modified, spoofed and
sniffed.
2.4. Information System
An Information System (IS) can be any organized combination of people, hardware, software,
communications networks, data resources, policies and procedures that stores, retrieves,
transforms and disseminates information in an organization (O’Brien & Marakas, 2011).

2.4.1. Information System Security

There is a close link between Information and Security and it is clearly established by the fact
that the information of the company is as reliable as the strength of the security system designed
to protect the information. If the security system is not effective in protecting the information,
then there would be a sense of mistrust and uncertainty about the information emerging from that
system and that would definitely not have a positive impact on the business. On the opposite if
the company has a strong security system the information is termed reliable and it would benefit
business from both outside and inside (Alghazzawi, Hassan, & Trig, 2014) . One of the most
important asset of an organization in today’s world of increasing dependence on
technology and the application of IT in almost all the spheres of business, is Information. It is
impertinent that an organization manages its information with utmost care and diligence. The
criticality of information can be compared with that of work or capital and at times even more
as with the advent of technology modern startups are completely based on information and
it is the core product of the business. In reality, the number of organizations getting dependent
greatly on IS (Information System) is ever increasing over the past few years (Mellado,
Fernandez-Medina, & Piattini, 2007). The role of Information Systems in the world today is
widely being accepted and they are at the center of almost all the technology infrastructures
related to critical functions and the same is recognized by the researchers in the field of security
and technology (Mellado, Blanco, Sanchez, & Fernandez-Medina, 2010).

2.4.2. Information System Vulnerabilities

We are aware that the online based information management is the targets of cyber-attacks from
a variety of malicious cyber actors ranging from hackers, to cyber terrorists, to viruses on the
internet, to insider threat from employees of the company or even phishing through socially
engineered attacks (Coho, Smith, & McCaskey, 2007).
The requirements of security in technology have been on the rise ever since the 70s century and
this has led to the development of a vast Security Protocols, Models and Techniques.
Development of the security tools has also made the international community pay attention to
developing of international certifications standards. In fact, it is so noticeable, as highlighted in
(ITU, 2019) ICT Security Standards Roadmap International Telecommunication Union that we
can today find a number of international organizations that have laid down complex arrangement
of standards and benchmarks related to the field of information security and even these standards
are constantly updated & changed as required. However, with the serious threat of unauthorized
users on the internet, Information System Security (ISS) is facing unprecedented challenges and
effective Information System Security Management (ISSM) is one of the major concerns (Hone
& Elf, 2002). Criminals, terrorists, disgruntled employees, technical problems and many other
issues can threaten the security and integrity of information systems (Nissenbaum, 2005). Given
the importance of information stored in these systems, it is reasonable to believe that information
systems security should be an important managerial concern, as much of the literature suggests
(Silone, 2005). ISS is perceived as a way of fighting and preventing criminal activities (EC,
2007). Hacking, malware and viruses constitute problems that security needs to check (Turner &
Bruce, 2003). However, this connects ISS with law enforcement and in particular with digital
forensics (Sitar man & Venkatesan, 2006). There are many challenges in maintaining security in
higher learning institutions (Doherty & Fluor, 2006) which deteriorates the use of information
system in universities.
2.5. Application of Information System in Collages
In view of (Kobo & Ochiche, 2014), Information security challenge in higher education is
limited budgets especially in today’s economy. Another occurring challenge is the cultural
adaptation to academic information security management. Higher education environments
typically have several departments that utilize information technology in separate facilities; from
faculty to students; deans to VCs of academic affairs; each has the challenge with balancing
information security and an end-user happiness. It’s practically impossible given all the
pressure. Universities are relying in information systems to carry out their day to day operations.
More specifically is the use of Academic Management Systems (AMS) by numerous
universities for their business operations including teaching, student administration,
Research and development Information security application to university’s ISs is strategically
important to maintaining overall business continuity. The ever emerging threats that are
experienced with preservation of information through databases are made more exquisite and
different with each threat being as complicated as one can think of securing (Adam 2005). To
effectively manage information in a higher learning institution’s context involves the process of
applying information security to ensure risks, finances and efforts are balanced while at the same
time continuous learning and Improvements are cultured (Geffen, 2004). Security should be the
concern of everyone in the organization and it should be a way of life within the institution’s
fraternity. Universities have adopted information systems and the related technologies so as to
gain a competitive edge. In this era effective control of operations and strong strategies are
associated with management of quality information. The aspect of readily available information
means that universities are affected by their dependence on information and technology
resources, systems and the underlying structures that form the basis for this technologies and
systems. In universities, reliance on information systems is evident on activities related to
creating, using and sharing of information in teaching, learning, research and development and
when marketing the university through its websites. It’s evident that the amount of intellectual
property generated by universities and importance of university information is extensive. The
demand for effective information security management is ultimately a combination of various
related factors. These factors comprise of reliance of information, increase in the threats that
hinder the information that is relied upon heavily and the need for the controls to reduce this ever
emerging new risks. Currently there is limited published academic literature that emphasizes on
information security management in higher learning. Most of the literature analyzed so far
focuses on information security management in organizations and not universities.
 2.5.1. Securing Information System
It is expedient to secure our student information management system to improve the security of
web applications, an open and freely-accessible community called the Open Web Application
Security Project (OWASP) has been established to coordinate worldwide efforts aimed at
reducing the risks associated with web application software the major area of this project is to
develop a Secure Web-based Student Information Management System that can resist some web
application vulnerabilities for managing Student Information in Nigeria Police Academy Wudil,
Kano.
The fastest growing PHP Framework in 2018 called LARAVEL was used to developed the web
application, as at the time of developing this project the stable version of Laravel is 5.5,
all security functionality of Laravel were utilized to ensure the security of the Student and any
collage Information Management System.
2.6. Review of related works
Several work have been done in the area of Student Information Management System
(SIMS)
 (Gunathilake, Indrathilake, & Wedagedera, 2009) proposed an open source web based
MIS for the University of Rihanna, Sri Lanka. This they were able to implement with the
LAMP/WAMP technologies. They were able to categorize their users based on
administrator, super admin, top admin, general, lecturer and student. The pilot version
was targeted at their Faculty of Science and they achieved a password encryption with the
primary DES algorithm.
 (Marisa , 2010) in his solution University Study-Oriented System (USOS) in Poland
stated that the main functional parts are the admin, web, admission/registration of
students, database of results, course and diploma catalog, statistics etc. According to him,
this solution is used by 27 higher education Polish institutions. In such a system, before
transferring any module for production use it has to pass through sample database and
university test. Documentation comprising system specification and implementation
were updated regularly. Such solutions enhance communication between students and
lecturers, proper security measures to prevent against Cross-site request forgery.
 (Bharaagoudar, Gaeta, & Total, 2013) developed a web-based Student Information
Management System in India which could send emails to students to validate their
 mailbox on registration. They were able to achieve this using technology such as
HTML, CSS, JavaScript, PHP and SQL. According to their description, it is a paperless
work that assists in automating existing manual methods and can be remotely monitored
and controlled on a server based network, the SIMS developed had no built-in security
measures to prevent SQL injection.
 (Hymn & Wu, 2014) proposed a system in China that can provide students ‘general and
educational information. According to them, the Students Information Management
System (SIMS) can be used to create, read and update the details of a student and also
generate reports about his/her skills and experience. Such systems save time of
retrieval and prevent data loss. In a publication by (Charlotte, 2004) at North Illinois
University USA, he noted a lawsuit filed against Microsoft by a lady in Los Angeles over
security holes in the company’s. Software. The plaintiff was a film maker, Marcy
Hamilton who charged that because of shoddy workmanship by Microsoft, she had
become a victim of identity theft. According to her, her Social Security Number (SSN)
and bank information was stolen online. Hence, in this project, we have greatly
considered issues of security breaches and have recently incorporated biceps hashing
algorithm to secure all sensitive information and enable access control list (ACL) to
manage the permission of every user, limiting the information available to each designate
member. This will make the system more credible and enable the management to control
information based on their assigned roles. Several information systems accessed through
the internet, this information system is developed as web application that can be access
remotely ranging from the use of personal computer (PC) to smart phones.

CHAPTER THREE
 DESIGN OF STUDENT INFORMATION MANAGEMENT SYSTEM
3. Introduction
This chapter critically examines the project methodology which entails all the stages of Software
Development Life Cycle (SDLC). Also the interaction between the different component is been
depicted in several Unified Modeling Language (UML) tools such as the class diagram, activity
diagram.
3.1. System Design
Methodology can be defined as consisting of phases which will guide systems developers in their
choice of techniques at each stage of a project, to help in the planning, management, control and
evaluation of the system or project. With respect to information systems, it is a collection of
procedures, techniques, tools and documentation aid which will help the systems developers in
their efforts to implement a new information system. Meanwhile, due to the nature of this
project, the specific methodology used is this project is the Object- Oriented analysis and design
(OOAD).
3.2. Architectural Design
The Software Development Methodology adopted in this project is the Object-oriented analysis
and design (OOAD) OOAD approach modules a system as a group of interacting object. This
methodology involves two stages; Object Oriented Analysis and Object Oriented Design. Object
Modeling is somewhat similar to the traditional approach of system designing, in that it also
follows sequential process of system designing but with different approach. The basic steps of
system designing using Object Modeling may involve:
i. System Analysis.
ii. System Design.
iii. Object Design.
iv. Implementation.
Unified Modeling language (UML) notation is the design tool used for Object modeling in this
project. The UML used in this project includes: use case diagrams, class diagrams, sequence diagrams,
state transition diagrams, and activity diagrams.

3.3. System Analysis Phase

This is a phase with the purpose of analyzing current system. In other words, it is process of
gathering and interpreting facts about the current system in order to understand it. Diagnosing its
difficulties and using those facts to improve the system through better procedures and methods.
In any system development, this phase plays a vital role in the realization of the system. The
investigations are necessary as they provide the system design phase with an overview of the
kind of data that would serve as the input or Output and the processing done on the data in the
new system to be developed. The systems analysis phase includes the four main activities
shown in Figure 3.1: requirements modeling, data and process modeling, object modeling, and
consideration of development strategies.

Figure3. 1: The systems analysis phase

2.3.1. Requirements Modeling

This stage involves fact-finding to describe the current system and identification of the
requirements for the new system, such as outputs, inputs, processes, performance, and security.
 Fact Finding About the Current System
A thorough investigation of the current system was carried out in order to obtain detailed
information about the application area to be designed. In the course of my findings, several
effective methods of information gathering or data collection were employed which
include: interviewing the examination officers; discussion with pertinent stakeholders of the
system such as the HODs and lecturers; evaluation and inspection of relevant documents
such as course registration form, bio-data form, and staff bio-data form.
 Overview of the Current System
The system starts with registration of new staff and students manually using a paper based
approach to obtain information. Student is provided with their required courses for each semester
which is also done through a paper based approach. Courses are to be allocated to the lecturers
by the Head of the Department. Lecturers enter corresponding subject’s attendance and marks of
a student will be entered in the Excel sheets and validations are to be done by the user itself. A
number of risk is involved, moreover a lot of work needs to be done and the user must be
conscious when entering the details into Ms. Excel.
 Problems in the Current System
Paper-based information system is difficult to manage and track. The physical exertion required
to retrieve, alter, and re-file the paper records are all non-value added activities. Moreover,
keeping paper records consumes physical space, which leads to data inconsistency (different
records of the same student appearing in different department/ unit in the Academy at the same
time), and data redundancy (having the same record in different locations). Whenever
information is disseminated to students via notice boards, such information may take longer time
to reach the intended recipients.
2.3.2. Requirement for the New System
Requirement determination involves the study of the current system to find out how it works and
where improvements should be made. A requirement therefore is any feature that must be
included in the new system to improve the present situation that may include the way of
capturing or processing data. Producing information and so on. The success of the new system
however depends on the correctness of the requirement obtain. The combination of interview
was used to provide information about the system.
2.4. Object Modeling
Object-oriented analysis (O-O) combines data and the processes that act on the data into things
called objects. These objects represent actual people, things, transactions, and events that affect
the system (Shelly & Rosenblatt, 2009). During the system development process, analysts often
use both modeling methods to gain as much information as possible. The Objects in this project
includes:
1. Staff.
2. Students/ candidates
3. Admin.
4. Course
2.4.1. Unified Modeling Language
UML is a widely used method of visualizing documenting and to develop object models of an
information system. The objective of the Unified Modeling Language is to provide a common
vocabulary of object-based terms and diagramming techniques that is rich enough to model any
systems development project from analysis to design. The current version of UML, version 2.0,
was accepted by the Object Management Group (OMG) in 2003. The UML used in this project
includes: - use case diagrams, class diagrams and activity diagrams.
2.4.1.1. Use Case Diagram
A use case diagram illustrates in a very simple way the main functions of the system and the
different kinds of users who will interact with it. The Use Case is the foundation of UML, and
the Use Case Diagram contains the use cases.