Reservation security

Reservation

Presentation

Distributed

Database

Foreword

Reservation uses a custom security.

User ID, passwords, addresses, coordinates and info are stored in the users and resources_info tables.

For more information about the database model, visit resa-db.html.

To use Offer.aspx a user must be an employee.

To use Book.aspx and Search.aspx a user must be a customer.

If the user is not identified or if it is not in the correct role, she or he is redirected to the login form.

Once she or he has provided correct ID and password, she or he is redirected to the form where the invalid authentication was first detected.

Then the ID is kept in the session object and the user remains authenticated for the duration of the session.

Login.aspx

Login form: you must set your ID and password. You can change the password. Then you must enter the new password twice. The page has links to register (get an ID and password), retrieve your ID and password from your mail address, update your account information, book, search other Reservation instances in the constellation and check the online help

The login form is the same for customers and employees. The user must enter her or his ID and password. She or he can also change the password. In that case she or he needs to enter the new password twice for verification.

Register.aspx

If a customer doesn’t yet have an account she or he can either call an employee to ask her or him to create a proxied account or use the registration form, Register.aspx.

Registration form. You must enter your name, mail address, address and if you know it your GPS coordinates. The page has links to retrieve your ID and password from your mail address and to check the online help

The user must enter her or his name, email address, address. She or he can also enter her or his GPS coordinates in the format

For the latitude N(orth) | S(outh):dd:mm.mmm
For the longitude W(est) | E(ast):dd:mm.mmm

where dd is the number of degrees and mm.mmm is the number of thousands of minutes.

The email address must be valid: when the user clicks on the register button, the account is created and the account information is mailed to this email address.

The mail subject is Registration Information for PageBox Reservation.

The mail body is in text format and contains something like:

Hi fromUSA,
Here is your login information for the Reservation application on
localhost/PageBox/Reservation
Email address: grandemange.alexis@libertysurf.fr
ID: u1
Password: p1

Retrieve.aspx

If the user has forgotten her or his user ID or password, she or he can use Retrieve.aspx to retrieve her or his account information.

Retrieve form. Enter your mail address to get mailed your ID and password. The page has links to register (get an ID and password) and on online help

The user must enter her or his email address. This address must be valid and match an existing account.

When the user clicks on Retrieve and if the account exists a mail is sent.

The mail subject is Account Information for PageBox Reservation.

The mail body is in text format and contains something like:

Hi fromUSA,
Here is your login information for the Reservation application on
localhost/PageBox/Reservation
Email address: grandemange.alexis@libertysurf.fr
ID: u1
Password: p1

Update.aspx

The user can also update her or his account information with Update.aspx.

Update form. You can change your account information (name, eMail address, address and GPS coordinates)

The user can change her or his name, email address, address. She or he can also enter her or his GPS coordinates.

Users.aspx

Users.aspx allows creating and updating employee and proxied accounts.

To use Users.aspx, the user must be logged with an employee account.

Because the database is empty at the beginning, the user can also login with the bootstrap account defined in the configuration file, reservation.xml.

For more information about the configuration file, visit resa-install.html.

Users form. The top part is the list of the current users. For each user are displayed her/his ID, type, name, mail address. You can delete or select a user account. Below the list is displayed information about the selected user.

Users.aspx is made of two parts:

The account list with their type (employee, proxy or customer)
A form allowing creating or updating accounts

A proxied account has the same role as a customer account. A customer account is created by a customer using Register.aspx whereas a proxied account is created and maintained by an employee on behalf of a customer.

The user can delete an account using the Del button.

The user can also select an account. In that case the form is populated from the account data.

If the account is a customer account, the user cannot update it.

Otherwise the Proxy and ID fields are disabled.

In some cases, the user can need to use an account as a template to create new accounts. In that case she or he can click on the Refresh button to enable all fields.

When the account ID doesn’t exist the account is created.

The form fields are fundamentally the same as on Register.aspx:

The user must enter a name and address. She or he can also enter an email address and the account GPS coordinates in the format

For the latitude N(orth) | S(outh):dd:mm.mmm
For the longitude W(est) | E(ast):dd:mm.mmm

where dd is the number of degrees and mm.mmm is the number of thousands of minutes.

The user must also check the proxy checkbox for a proxied account and should set the Info field for an employee account. Info contains whatever you want up to 255 characters.