THE UNIVERSITY OF BOTSWANA WEB-APPLICATION

Purpose
This document aims to provide an in-depth description of the University of Botswana's web-
based admission application. It specifies the purpose and functionalities of the system, its
interfaces, operational constraints, and responses to external inputs. The document is
designed to assist both developers and end users in understanding the functional and non-
functional requirements of the system.
Document Conventions
This Software Requirements Specification (SRS) adheres to the standards outlined by the
Institute of Electrical and Electronics Engineers (IEEE) for software and systems
engineering. Each system requirement is uniquely identified and assigned a priority level.
High-priority requirements serve as the foundation for detailed functional specifications.
Intended Audience and Reading Guidance
This document caters to individuals with various professional roles, each utilizing it
differently, as outlined below:
 Developers: Utilize technical specifications to translate requirements into system designs
during implementation.
 Testers: Conduct unit and integration testing to validate system functionalities.
 End Users: Include prospective students and administrative staff who will interact with
the application to submit and manage admission data.

References

 Finkelstein, A. (2014). User Interface Design for E-Learning Software. Retrieved from
https://www.researchgate.net/publication/259893577_User_Interface_Design_for_E-
Learning_Software
 Stoll, J. L., et al. (2012). Interface Design for Learning: Design Strategies for Effective
Teaching and Training. Boston, MA, USA: Pearson Education. Retrieved from
https://www.amazon.com/Interface-Design-Learning-Strategies-Experiences/dp/
0321903048
 Wathan, A., & Schoger, S. (2019). Refactoring UI: The Book. Retrieved from
https://refactoringui.com/book
 ResearchGate. (2023). A Comprehensive Review of Security Measures in Database
Systems. Retrieved from
https://www.researchgate.net/publication/372977065_A_Comprehensive_Review_of_Sec
urity_Measures_in_Database_Systems_Assessing_Authentication_Access_Control_and_
Beyond
 arXiv. (2019). LWeb: Information Flow Security for Multi-tier Web Applications.
Retrieved from https://arxiv.org/abs/1901.07665
 Cybersecurity, U. S. (2022). Web Application Security: Integration or Extinction.
Retrieved from https://www.uscybersecurity.net/csmag/web-application-security-
integration-or-extinction/
 ScienceDirect. (2021). Security Testing of Web Applications: A Systematic Mapping of the
Literature. Retrieved from
https://www.sciencedirect.com/science/article/pii/S131915782100269X

System Overview
The University of Botswana's web-based admission system is designed to streamline the
application process for prospective students. The system enables applicants to submit
admission forms, upload required documentation, and monitor their application status.
Administrative staff can efficiently manage applications and generate rankings to aid
selection processes.
Built using technologies such as (X)HTML, PHP, CSS, JavaScript, and MySQL, this system
ensures functionality, accessibility, and scalability.
System Features
1. Online Application Submission
 Allows prospective students to complete and submit online admission forms.
 Collects essential information, including personal details, academic qualifications, and
program preferences.

2. Document Upload Capability

 Supports uploading necessary documents such as academic certificates and identification
materials.

3. Academic Qualification Locking

 Restricts applicants from altering academic qualifications post-submission.
 Permits updates to non-academic details, such as contact information, following
submission.

4. Administrative Access
 Grants university staff secure access to manage and update application records.

5. Automated Ranking System

 Generates a ranked list of applicants based on BGCSE points in descending order.
 Assists with selection processes using Biological Sciences as a reference example.
System Constraints
 The platform must be compatible with modern web browsers.
 MySQL will serve as the database solution for storing student and application data.
 Server-side operations will be powered by PHP.
 JavaScript will enhance form validation and improve user interface interactions.
External Interface Requirements
1. User Interface (UI): A web-based UI designed for prospective students and
administrators.
 Design Principles: The UI should be designed with user engagement in mind, following
best practices to ensure accessibility and ease of use for both prospective students and
administrators. To achieve this, refer to "User Interface Design for E-Learning Software"
by Adam Finkelstein for strategies to enhance user interaction in educational contexts
(ResearchGate).
 Best Practices: The UI should integrate design strategies that foster creativity and
problem-solving. "Interface Design for Learning: Design Strategies for Effective
Teaching and Training" by Jennifer L. Stoll and colleagues offers insights into effective
UI practices for educational environments, ensuring that the interface is conducive to
learning and user satisfaction (Amazon).
 User Experience (UX): A well-crafted UI must be intuitive, ensuring smooth navigation.
"Refactoring UI" by Adam Wathan and Steve Schoger provides practical tips for creating
visually appealing and functional user interfaces, which enhance the user experience
(Practical UI).

2. Database Interface: The system will interact with a MySQL database to store and
retrieve application data.

 Security Measures: Secure database interactions are crucial for protecting sensitive data.
The article "A Comprehensive Review of Security Measures in Database Systems"
explores various security methods, including access control and authentication, which can
be applied to MySQL databases (ResearchGate).
 Integration Practices: To ensure secure and efficient interaction with the MySQL
database, the framework presented in "LWeb: Information Flow Security for Multi-tier
Web Applications" offers an approach to securing data flow in web applications, which
could be beneficial for maintaining integrity in database transactions (arXiv).
Security Requirements: Secure authentication for administrators and applicants.
 Authentication Protocols: Implement robust authentication mechanisms such as OAuth or
two-factor authentication to secure access for both administrators and applicants. The
article "Web Application Security: Integration or Extinction" emphasizes the need for
integrating security protocols to prevent unauthorized access and potential breaches in
web applications (US Cybersecurity).
 Security Testing: Regular security testing should be conducted to identify vulnerabilities
in the web application's authentication system. "Security Testing of Web Applications: A
Systematic Mapping of the Literature" provides an overview of testing methods that can
be employed to ensure the security of web-based applications (ScienceDirect).

OVERALL DESCRIPTION
Figure 1 – The University web-app System Environment
System Description
The University of Botswana’s admission web application consists of two primary user
groups: the prospective students (public users) and the administrative users (admin). All users
access the system through the Internet.
 Admin Users: Admins are responsible for managing the entire system, including user
management, processing applications, managing admissions data, and generating
rankings.
 Prospective Students (Public Users): These users can apply for admission, upload
required documents, and track the status of their application.

The system is designed to allow interoperability with other external systems, facilitating data
exchange. The University of Botswana admission web application will be integrated using
W3C Web Services standards (Web Services @ W3C, 20 May 2009), ensuring smooth data
exchange with educational authorities and student verification platforms.
Actors and Cooperating Systems
 Admin Dashboard: Admin users log into a secure dashboard to manage applications,
configure system settings, and generate student rankings based on criteria such as BGCSE
points.
 Prospective Students Portal: Prospective students access the open web portal to apply for
admission, upload documents, and manage their application status.
 External Systems: Data exchange APIs allow for seamless communication with other
systems for document verification and educational data validation.

Product Functions
The following are the key features of the University of Botswana’s admission web
application:
 User Login: Users, both admin and students, can log into the system with secure
authentication mechanisms.
 Application Submission: Prospective students can complete and submit applications for
admission.
 Document Upload: Students can upload required documents, such as certificates and
identity documents, during the application process.
 Track Application Status: Students can track the status of their submitted application.
 Student Ranking: The system automatically ranks students based on their BGCSE points,
assisting the admin in selecting candidates for admission.
 Admin Management: Admins can approve/reject student applications and configure the
system settings.
 Data Export/Import: The system shall allow admins and authorized users to export
student data to external systems via an API, and to import data when necessary.

User Classes and Characteristics

 Prospective Students (Public Users): These users will interact with the web portal to
apply for admission, upload documents, and track application status.
 Administrative Users (Admin): Admin users will manage the system, including
processing applications, reviewing documents, and generating rankings.
User Levels
 Level 0 (Submit): Prospective students at this level can submit their application forms and
upload documents for review.
 Level 1 (Review): Admins at this level review submitted applications, verify uploaded
documents, and approve or reject them.
 Level 2 (Rank): Admins can rank the students based on academic performance, such as
BGCSE points, and proceed to generate final lists for selection.
 Level 3 (Publish): The final decision-making level, where the selected applicants are
confirmed and admitted.
This system will enhance the admission process, ensuring efficiency, security, and an overall
streamlined experience for both prospective students and administrative staff.
Operating Environment
The University of Botswana Web Application is to be developed using PHP and JavaScript
programming languages with MySQL as the back-end database. The system will be hosted on
a Linux operating system running the Apache web server and shall be accessible from any
modern web browser. The system architecture will follow the MVC (Model View Controller)
pattern, leveraging the Laravel PHP development framework to ensure a clean, scalable
structure for development and maintenance.
EXTERNAL INTERFACE REQUIREMENTS
Software Interfaces
The University of Botswana Web Application shall interface with external systems to import
and export data related to student applications, academic records, and document verification
services. These interfaces will ensure smooth interaction with government databases, partner
institutions, and other relevant third-party services.
System Features
This section describes the major features and functional requirements of the University of
Botswana Web Application.

LOG IN
Description and Priority
The log-in feature will authenticate users i.e. students and administrative staff, based on valid
credentials. Upon successful authentication, users will gain access to their respective
dashboards (admin or student portal).
Priority Level: High
Stimulus/Response Sequences
 The user clicks on the login button.
 The system displays the login page.
 The user enters their username and password and clicks the “login” button.
 The system authenticates the credentials.
 The system redirects the user to the appropriate dashboard based on their role (student or
admin) upon successful authentication.

Functional Requirements
 REQ_01: Users must log in with valid University of Botswana Web Application
credentials. This applies to both students and administrative staff who require access to
the system.
 REQ_02: The system shall authenticate login credentials using secure hashed password
encryption, and all communication during authentication shall be encrypted via HTTPS
 (SSL/TLS) to protect sensitive data in transit. Firebase Authentication will be used for
secure handling and storage of credentials.
 REQ_01.1: Upon submitting login credentials, the system shall send an authentication
token to the user's registered email address. The user must input this token to confirm
their identity and complete the login process. This serves as an additional layer of
security.

SEARCH FACILITY
Description and Priority
This feature allows users to search for information related to their application, academic
records, or related student data by different parameters such as student name, program, or
application status.
Priority Level: High
Stimulus/Response Sequences
 The user clicks on the "Search" menu item.
 The system loads the data using an initial search query.
 The user selects parameters like the student’s name, program, or application status and
clicks on the search button.
 The system displays the search results based on the selected parameters.

Functional Requirements
 REQ_03: The system shall allow users to search by student name.
 REQ_04: The system shall allow users to search by program.
 REQ_05: The system shall allow users to filter search results by application status.
 REQ_06: The system shall display the search results dynamically based on the selected
search criteria.
 REQ_06.1: The system shall allow users to download the search results in CSV or Excel
format.
EXPORT STUDENT LIST
Description and Priority
The feature enables authorized users, such as administrative staff, to download a list of
students' details (e.g., personal information, application status, documents) in CSV or Excel
format.
Priority Level: High
Stimulus/Response Sequences
 The user clicks on the “Export” menu item.
 The system displays the file download page.
 The user selects the data to be exported and clicks the “Download” button.
 The system generates and prompts the user to download the requested file.

Functional Requirements
 REQ_07: The system shall generate downloadable CSV/Excel files based on the selected
criteria (e.g., program, status).
 REQ_08: The system shall ensure that data export complies with privacy and security
policies, ensuring that sensitive data is handled appropriately during export.

SELECTING A DEPARTMENT OR FACILITY (INTERACTIVE CLICKABLE

LINKS)
Stimulus/Response Sequences
 The user hovers over a department or facility link in the university's interactive menu.
 The system highlights the link and displays a brief tooltip with summary details.
 The user clicks on the department or facility link.
 The system loads a pop-up or detailed page with additional information about its location,
facilities, and available courses.
 The user can further click on a specific facility (e.g., library, laboratory) or course to
explore more details.

Functional Requirements

 REQ_09: The system shall allow a user to select a department or facility by clicking on
interactive links.
 REQ_10: The system shall allow a user to explore specific facilities (e.g., library,
dormitory) or courses via clickable links under each department.
 REQ_11: The system shall display detailed information about the selected department,
facility, or course, including its location, description, and related options.

DOCUMENT MANAGEMENT
Description and Priority
The document management feature allows students to upload necessary documents (e.g.,
academic records, identification, application forms) and ensures these documents are stored
securely.
Priority Level: High
Stimulus/Response Sequences
 The user logs in and navigates to the document upload section.
 The system allows the user to upload files (PDFs, Word documents, images).
 The system validates the document type and size before accepting the upload.
 The system securely stores the document and links it to the user's application.

Functional Requirements
 REQ_12: The system shall allow students to upload multiple documents.
 REQ_13: The system shall validate documents for file type and size before uploading.
 REQ_14: The system shall securely store documents in the database, ensuring compliance
with data protection regulations.

ADD NEW COURSE/FACILITY

This feature allows authorized users (administrators or academic staff) to add new courses or
university facilities.
Priority Level: High

Stimulus/Response Sequences
 The user logs into the admin dashboard.
 The system checks if the user has authorization to add new courses or facilities.
 The user clicks on the "Add New Facility" or "Add New Course" button.
 The system displays a form for entering the details of the new facility or course.
 The user fills in the necessary information and clicks on "Save."
 The system displays a confirmation message or an error, based on the validity of the
submitted data.

Functional Requirements
 REQ_15: The system shall authorize an authenticated user to add a new course or facility.
 REQ_16: The system shall allow a user to save the new course or facility details.
 REQ_17: The system shall allow the user to view the status of the newly added course or
facility (whether it’s approved or pending).

UPDATE EXISTING FACILITY/COURSE

This feature allows users to initiate updates to existing facilities or courses.
Priority Level: High
Stimulus/Response Sequences
 The user logs into the admin dashboard.
 The system checks if the user is authorized to update a facility or course.
 The user selects a facility or course to update and clicks the "Update" button.
 The system displays the current details of the selected item.
 The user makes the necessary changes and clicks "Save."
 The system transfers the updated details to an approval queue if required.

Functional Requirements
 REQ_18: The system shall allow an authorized user to initiate a request for updating a
facility or course.
 REQ_19: The system shall allow a user to view the status of their update request (e.g.,
approved, pending).

DELETE FACILITY/COURSE
This feature allows authorized users to initiate the deletion of a course or facility from the
system.
Priority Level: High
Stimulus/Response Sequences
 The user logs into the admin dashboard.
 The system checks if the user has authorization to delete a course or facility.
 The user selects the facility or course to be deleted and clicks the "Delete" button.
 The system displays a delete confirmation form with a summary of the selected item.
 The user provides a reason for deletion and confirms.
 The system displays a success or error message based on the outcome.

Functional Requirements
 REQ_17: The system shall allow an authorized user to initiate a delete request for a
course or facility.
 REQ_18: The system shall allow the user to view the status of their delete request (e.g.,
approved, pending).

APPROVE COURSE/FACILITY
This feature shall allow authorized users to execute approvals for requests to create, update,
and delete courses or facilities. The approval process consists of four levels.
Priority Level: High
Approval Levels
Approval Level 1 (Initiate)
 Users at this level can only initiate requests (i.e., requests to create, update, and delete a
course or facility). They do not have approval rights.
Approval Level 2 (Verify)
 Users at this level shall receive requests initiated at Level 1 for verification.
Functional Requirements:
 REQ_19: The system shall allow an approver to view details of a newly created
course/facility at Approval Level 1.
 REQ_20: The system shall allow an approver to view details of an updated course/facility
at Approval Level 1.
 REQ_21: The system shall allow an approver to view details of a delete request for a
course/facility initiated at Approval Level 1.
 REQ_22: The system shall allow an approver to approve/reject a Create, Update, or
Delete request from Approval Level 1.
Approval Level 3 (Validate)
Users at this level shall receive Create, Update, and Delete requests from Approval Level 2
for validation.
Functional Requirements:
 REQ_23: The system shall allow an approver to view details of a newly recorded
course/facility approved at Approval Level 2.
 REQ_24: The system shall allow an approver to view updated course/facility details
approved at Approval Level 2.
 REQ_25: The system shall allow an approver to view details of a delete request approved
at Approval Level 2.
 REQ_26: The system shall allow an approver to approve/reject a Create, Update, or
Delete request from Approval Level 2.
Approval Level 4 (Publish)
This is the final level where an approved course or facility gets published and made available
in the university portal.

Functional Requirements:

 REQ_27: The system shall allow an approver to view details of a newly recorded
course/facility approved at Approval Level 3.
 REQ_28: The system shall allow an approver to view updated course/facility details
approved at Approval Level 3.
 REQ_29: The system shall allow an approver to view details of a delete request approved
at Approval Level 3.
 REQ_30: The system shall allow an approver to approve/reject a Create, Update, or
Delete request from Approval Level 3.
 REQ_31: The system shall publish a new course/facility, making it available on the
university portal if approved at this level.
 REQ_32: The system shall update course/facility details in the portal if an update request
is approved.
 REQ_33: The system shall delete course/facility details from the university portal if a
delete request is approved.
 REQ_34: The system shall maintain a record of deleted courses/facilities in the history
database.

ADD USER

This feature shall allow an administrator to add new users (students, faculty, and other staff
members).
Priority Level: High

Stimulus/Response Sequences

 The administrator logs into the admin dashboard.

 The system verifies if the user has permission to manage users.
 The administrator clicks on the "User Management" menu.
 The system displays the user management dashboard.
 The administrator clicks on the "Add User" button.
 The administrator enters the user's details, assigns roles, and saves the changes.
 The system displays a success message.

Functional Requirements

 REQ_35: The system shall check if authenticated users have permission to access the user
management module.
 REQ_36: The system shall allow authorized users to add new users.
 REQ_37: The system shall allow authorized users to view existing users and their
assigned roles.

LOG OUT
This feature enables users to securely log out of the system.
Priority Level: High
Stimulus/Response Sequences
 The user clicks the “Logout” button to terminate the session.
 The system invalidates the authentication session.
 The user is redirected to the login page.

Functional Requirements
 REQ_38: The system shall provide a mechanism for logged-in users to log out.
 REQ_39: The system shall invalidate any session data stored in cookies upon logout.
 REQ_40: The system shall remove all session data upon logout.
Nonfunctional Requirements
 REQ_41: The user shall be able to log out from any page of the university web
application.

USER MANAGEMENT
This feature allows admins to manage users within the system.
Priority Level: High
Stimulus/Response Sequences
 The administrator logs into the Admin Dashboard.
 The system verifies if the administrator has user management privileges.
 The administrator clicks on the User Management menu item.
 The system displays the User Management Dashboard.
 The administrator selects an action from the following options: Create User Role, Edit
User Role, Assign User Role.

Functional Requirements
 REQ_42: The system shall allow an authorized administrator to create a new user role.
 REQ_43: The system shall allow an authorized administrator to edit an existing user role.
 REQ_44: The system shall allow an authorized administrator to assign permissions to a
user role.
 REQ_45: The system shall allow an authorized administrator to assign a role to a user.
 REQ_46: The system shall allow an authorized administrator to remove a role from a
user.

Nonfunctional Requirements for the University Web Application

Performance Requirements
 REQ_47: The system should have fast response times, ensuring that user search queries
and page loads happen within two seconds under normal load.
 REQ_48: The system should be able to handle multiple concurrent users without
significant performance degradation.
 REQ_49: The application should efficiently manage system resources, optimizing
database queries and minimizing unnecessary server requests.
Security Requirements
 REQ_50: The system should encrypt all sensitive data, including authentication
credentials, user personal information, and financial records.
 REQ_51: The system shall destroy all session data upon logout to prevent unauthorized
access.
 REQ_52: The system shall use cookies sessions to prevent bot attacks and spam
submissions.
 REQ_53: The system shall enforce two-factor authentication (2FA) by sending a one-time
password (OTP) to the user’s email or phone number during login.
 REQ_54: The system shall have role-based access control (RBAC) to restrict access to
sensitive features based on user permissions.
 REQ_55: The system shall log and monitor all failed login attempts and suspicious
activities to detect potential security threats.
Scalability Requirements
 REQ_56: The system should support scaling horizontally and vertically to accommodate
increasing numbers of users and data.
 REQ_57: The database should be optimized to handle large datasets without performance
degradation.
 REQ_58: The application should support cloud deployment for increased scalability and
reliability.

Software Quality Attributes

Availability & Reliability:
 REQ_59: The system should be available 99.9% of the time, with minimal downtime.
 REQ_60: The system should include automated backups to prevent data loss.
 REQ_61: The system should have a disaster recovery plan to restore services in case of
failures.
Interoperability:
 REQ_62: The system should support integration with third-party applications such as
learning management systems (LMS), student information systems (SIS), and financial
platforms.
 REQ_63: The system should allow data exchange via APIs to ensure compatibility with
external services.
Maintainability:
 REQ_64: The system should be modular and easy to update, allowing for quick bug fixes
and feature enhancements.
 REQ_65: The application code should follow industry best practices, including proper
documentation and version control.
 REQ_66: System logs and error tracking should be implemented to help developers
troubleshoot issues efficiently.
Usability & Accessibility:
 REQ_67: The application should have a user-friendly interface, ensuring easy navigation
for students, faculty, and administrators.
 REQ_68: The system should comply with web accessibility standards (WCAG 2.1) to
support users with disabilities.
 REQ_69: The platform should be responsive and optimized for different devices,
including desktops, tablets, and mobile phones.
Correctness & Data Integrity:
 REQ_70: The system should validate all user inputs to prevent incorrect data entry.
 REQ_71: System-generated reports and statistics should undergo data accuracy
verification before being displayed.
 REQ_72: The system should have automated checks to detect and correct data
inconsistencies.