The valley of Shangri-La is in lockdown - a deadly virus called SARS-CoV-3 spreading across the world is threatening the future of the valley. Fortunately, a new Rapid Swab Home Test Kit (RSHT) is developed, which can give the test results straight away in a few minutes without laboratory involvement. Shangri-La government plans to conduct mass testing and track down every case of the virus by distributing the home test kits to every household.
Your task is to develop a web application called MyCoVTest Hub to help collect the test results and to provide an accurate picture of the local cases, including more detailed demographics, as well as a regional breakdown by postcode.
Requirements
In response to the pandemic, all residents in Shangri-La will receive a Home Test Kit by post. Each pack of the Home Test Kit delivered has a unique Test Tracking Number (TTN). Swab tests that can be easily done at home and anyone tested will get the test result within a few minutes as there is no need to return the test kit to a laboratory for analysis. Anyone completed the test at home will need to report the test result via MyCoVTest Hub platform.
To submit a test result via MyCoVTest Hub, you will need to provide some detail as follows:
• Full name
• Age
• Gender (M/F/Other)
• Address
• Postcode
• TTN Code
• Test result (Positive/Negative/Inconclusive)
In addition to SARS-CoV-3 home test result collection, MyCoVTest Hub platform also provides a password-protected Admin dashboard for viewing some real-time demographics statistics, including:
• Total number of positive/negative cases
• Positive cases distribution by postcode/age group*1 [number of positive cases per postcode/age group]
• Infection rate by postcode
• Infection rate by age group
(Admin login credentials are pre-defined in the system, see Appendix 1.2 for more information) MyCoVTest Hub should show corresponding messages when:
• TTN code does not match the record in the database.2
• Another person has already used the provided TTN code.
• The provided email is already associated with another (used) Home Test Kit
• Invalid username or password (for Admin).
Your tasks are to implement the following functions:
(1) Home Test Self-reporting page (including validation, TTN verification)
(2) Log-in/sign-out feature for Admin
(3) Demographics statistics for Admin Dashboard
(5) Error page(s) (or Ajax error messages)
• Use appropriate techniques to prevent SQL Injection vulnerabilities.
• Take all necessary measures to prevent unauthorised access to the Admin Dashboard
• Use Secure Hash Algorithm SHA256 to secure passwords
• Use cookies to remember the last admin User ID.
The SQL file Shangri-La.sql provided on Blackboard contains three tables. You are free to edit the provided schema, add extra columns or create new tables if necessary.
• Zip all files in a single zip file for submission:
o Your Web Project folder
o Your SQL schema and data
• Home Test reporting partially implemented (e.g. email/full name etc) without TTN code validation.
• Admin login authentication works to a certain extent; page redirection works but Admin Dashboard is not protected by sessions (e.g. guests can access the result page)
• Admin page exists, but with hard-coded statistical data
• Error messages are displayed, but the information provided is minimal.
• SQL injection vulnerabilities or security not addressed.
• Home Test reporting page works to a certain extent; server-side TTN code validation implemented.
• User authentication and redirection works, Admin dashboard pages are protected by sessions, although there are still issues with roles and permissions.
• Admin can view the statistics, despite some minor issues.
• Useful error messages
• Some measures are taken to reduce the risk of SQL injection
• Home Test reporting page works reasonably well.
• Client-sided validation for most fields; server-sided TTN code verification.
• Role/permission control in place despite some minor issues.
• Admin can view the statistics, most of the data are correct.
• Detailed error messages
• Some other measures are taken apart from prepared Statement
Meeting the criteria above in C,
• Robust control over roles and permissions.
• Use of Ajax for form validations and TTN code verification.
• Admin can view the statistics, and all data are displayed correctly.
• Very detailed error page and Ajax message box.
• Use Cookies to remember last login name in the Admin dashboard
• Use appropriate chart for presenting data.